Photo: The National Guard
Its true. When your Facebook, blog, email or bank accounts get hacked your life can be ruined. Some of us spend our entire existences online and such a breach can have terrible effects. You can have money stolen, personal details hijacked and, as happened to me, spam emails sent out to hundreds of high profile clients.
Just a month ago my Facebook and secondary email accounts were hacked while I was on holiday in India. It was my fault.
In this article I am going to give you some simple ways that you can boost your Facebook and email security and stop hackers from ruining your life. Please share this post around as this event was seriously traumatic, I’d like to help people prevent it.
What happened to me
Let’s start with my story. I had always heard the horror tales of people having their accounts hacked. I always thought it was one of those things that happened to old grannies who didn’t know the difference between a real Paypal email and one of those ones that asks for all your bank details. But, I’m probably what you would call “moderate to very experienced” on the internet and it still happened to me.
I was in Delhi sending some emails in a horrid little joint in the main Bazaar. I think that is where it happened but I didn’t find out til a week later when I was up in the Himalayas. I tried to log into Facebook and it gave me a warning that my account had been accessed from Bangalore – a hackers mecca and a location I was no where near.
I checked my email account (not my main one) and found that it had been sending mass emails to my contacts advertising some spam rubbish. Several of the contacts had emailed me to find out what was going on. Someone was definitely in there. It seemed as though I had been phished.
I’m still not sure how it happened but I think someone had got into my Facebook account and then the email linked to that Facebook account. Luckily for me they hadn’t changed the passwords so I was able to get back in and fix the problem. Unluckily for me, it happened when I was in a remote mountain village and had less than 56k internet and constant power drop outs.
What did I do wrong?
Photo credit: Wiros
Why was this my fault? How did I bring this on myself? A few things actually:
- Same passwords
I had the same passwords across many accounts. This is a massive error. If you are like me you will sign up for things everyday and who knows what some of these shady affiliate/software companies are doing with your details.
- Complacent internet habits
I got really complacent about how I use the internet, which sites I visited and so on. If you use the computer 12 hours a day like me you will probably be doing the same thing.
- Out of date security and browser versions
The computers I was using over there had out of date browsers and anti-virus software. My home computer is like Fort Knox now.
- Incorrect Facebook window settings
I was visiting Facebook on an insecure page. I didn’t know it either. I’ll show you what I did wrong down below.
So I really do blame myself. I could have possibly avoided this whole mess if I was just a bit more educated and vigilant. Hopefully my experience can serve as a catalyst for you guys to fix up your own security lameness.
Facebook and Email Security tips to stop hackers
Here are some of the very minimum things you should do if you want to stop hackers from ruining your life. The sad thing? You can probably do all of these things perfectly and still get hacked.
- Different passwords
Every single account should have a different password. Never ever have the same password for an insecure site like Facebook and something important like your online banking.
- Complex passwords
If your password is less than ten characters long, a mixture of upper and lower case letters, numbers and symbols then it is not strong enough. It must never be a name, birthday or information about someone or something around you. An example of a strong password is something like “ca#T_on+M
- Complex usernames
I bet 95% of you have your email address or name as your username? Bad move rookie. You should make your usernames as complex as your passwords. Many WordPress blogs are set up with the default username of “admin” so hackers are already 50% of the way there. Change your usernames to something complex and unrelated.
- Updated anti-virus and anti-malware software
You need to have an updated version (or two) of the latest anti-virus and anti-spyware programs. There are free ones like AVG or paid ones like Norton. I also use Malwarebytes (affiliate) to scan for things that anti-virus programs miss. Get one and update it automatically.
- Latest Chrome, Firefox, Internet Explorer, Safari versions
Don’t just ignore that update request from your browser, do it right away. Some of those updates are security ones. In fact, keep up to date as to which is the most secure browser and just use that. Hello Chrome?
- Use Facebook and email securely with the right URL
Go log in to Facebook. Go on, do it. Now, does the URL say “http://” or “https://”? If it is the former then you are not in a secure session. Go in to your settings and make sure it always uses https:// and whenever you log into any website make sure you type the “s” if you are logging in.
- Don’t use public free Wi-Fi
You know when you go to a cafe and log on to the free network? Well, take a look at how easy it is for people to steal your Facebook and email passwords using a simple Firefox plugin. Its really sad that this type of stuff exists. I just don’t use Wi-Fi anymore.
- Don’t send passwords or store important information online OR offline
Don’t send secure information over the net at all. Especially through chat or email. If someone has got into your account without you noticing they might be monitoring what you are doing. If you need to send passwords to workers, family, etc. then call them on the phone. You should also avoid saving passwords on your hard drive as that too is really easy to access.
- Make your security questions tough
You know those security questions like “what is your mother’s maiden name?” Well, make them complex answers. For example, in one of mine I selected first pet’s name and then made the answer a complex password. If you ever get hacked you need this information to re-gain access to the account. You don’t want a hacker to change this.
- Back up everything
You should constantly be backing up your hard drive, emails and blog contents to an external hard drive. If the worst happens and someone deletes your blog content you can get it back up without too much trouble. Imagine if you were relying on a website for your income and it all got deleted?
- Don’t use your PC Administrator account
Most people use the Administrator account because it gives you freedom to add programs, etc. But, did you know that by using a non-Administrator account you can slow down the spread of a virus attack?
- Monitor your logged on locations
If you go down to the bottom of your Gmail account you will see a little line of text that says “Last account activity”. This shows you where your account has been accessed from so if you suspect something is not right you should keep an eye on this and record unfamiliar IPs.
- Use a phishing filter
This can help you identify if anyone is trying to run a phishing scam on you by showing you what is safe.
- Don’t click links in emails
As a general rule, most banks and financial institutions don’t send you emails with links. Don’t ever click any such email you get. If you genuinely think it is from your bank ring them up instead.
- Research and read up
Make sure you are up to date with the latest in internet security. You can create alerts in your news reader or follow blogs that update you on such concerns.
- Complex usernames
If I have missed anything out please leave a comment and let me know. Hopefully we can turn this article in to a nice resource for people to use in order to prevent these types of hacks and phishing scams happening to them.
What to do if you still get hacked
If you still get hacked there are some important steps that you should take from a business, personal and security point of view.
- Don’t panic
I panicked and it made everything so much worse. In the end it turned out to be okay. Even if the worse happens and you lose all your money (which is rare) you can still get back on your feet and fight another day. Most often the bank can investigate such losses and get your money back anyway.
- Change everything else
While you are investigating the breach go and change all your other passwords including the security questions on all your other accounts. Make sure you are doing this from a safe PC and a secure network.
- Email your contacts
Email your contact list and let them know what has happened and that you are trying to fix it. Apologize for the inconvenience.
I sincerely hope that none of you have to ever go through this. While its not the worst thing that can go wrong, it sure isn’t fun.
Has this happened to you?
Is there anyone out there who has had something similar happen? What did you do? Please leave a comment and let me know if you have any other tips, ideas or stories that might help someone out there avoid the same fate.