15 Tips to Stop Facebook & Email Hackers Ruining Your Life

93 Intelligent Opinions, Leave Yours.

Best Warrior
Photo: The National Guard

Its true. When your Facebook, blog, email or bank accounts get hacked your life can be ruined. Some of us spend our entire existences online and such a breach can have terrible effects. You can have money stolen, personal details hijacked and, as happened to me, spam emails sent out to hundreds of high profile clients.

Just a month ago my Facebook and secondary email accounts were hacked while I was on holiday in India. It was my fault.

In this article I am going to give you some simple ways that you can boost your Facebook and email security and stop hackers from ruining your life. Please share this post around as this event was seriously traumatic, I’d like to help people prevent it.

What happened to me

Let’s start with my story. I had always heard the horror tales of people having their accounts hacked. I always thought it was one of those things that happened to old grannies who didn’t know the difference between a real Paypal email and one of those ones that asks for all your bank details. But, I’m probably what you would call “moderate to very experienced” on the internet and it still happened to me.

I was in Delhi sending some emails in a horrid little joint in the main Bazaar. I think that is where it happened but I didn’t find out til a week later when I was up in the Himalayas. I tried to log into Facebook and it gave me a warning that my account had been accessed from Bangalore – a hackers mecca and a location I was no where near.

Panic mode.

I checked my email account (not my main one) and found that it had been sending mass emails to my contacts advertising some spam rubbish. Several of the contacts had emailed me to find out what was going on. Someone was definitely in there. It seemed as though I had been phished.

I’m still not sure how it happened but I think someone had got into my Facebook account and then the email linked to that Facebook account. Luckily for me they hadn’t changed the passwords so I was able to get back in and fix the problem. Unluckily for me, it happened when I was in a remote mountain village and had less than 56k internet and constant power drop outs.

What did I do wrong?

Roda
Creative Commons License photo credit: Wiros

Why was this my fault? How did I bring this on myself? A few things actually:

  • Same passwords
    I had the same passwords across many accounts. This is a massive error. If you are like me you will sign up for things everyday and who knows what some of these shady affiliate/software companies are doing with your details.
  • Complacent internet habits
    I got really complacent about how I use the internet, which sites I visited and so on. If you use the computer 12 hours a day like me you will probably be doing the same thing.
  • Out of date security and browser versions
    The computers I was using over there had out of date browsers and anti-virus software. My home computer is like Fort Knox now.
  • Incorrect Facebook window settings
    I was visiting Facebook on an insecure page. I didn’t know it either. I’ll show you what I did wrong down below.

So I really do blame myself. I could have possibly avoided this whole mess if I was just a bit more educated and vigilant. Hopefully my experience can serve as a catalyst for you guys to fix up your own security lameness.

Facebook and Email Security tips to stop hackers

www.Army.mil
Creative Commons License photo credit: The U.S. Army

Here are some of the very minimum things you should do if you want to stop hackers from ruining your life. The sad thing? You can probably do all of these things perfectly and still get hacked.

  1. Different passwords
    Every single account should have a different password. Never ever have the same password for an insecure site like Facebook and something important like your online banking.
  2. Complex passwords
    If your password is less than ten characters long, a mixture of upper and lower case letters, numbers and symbols then it is not strong enough. It must never be a name, birthday or information about someone or something around you. An example of a strong password is something like “ca#T_on+M
  3. Complex usernames
    I bet 95% of you have your email address or name as your username? Bad move rookie. You should make your usernames as complex as your passwords. Many WordPress blogs are set up with the default username of “admin” so hackers are already 50% of the way there. Change your usernames to something complex and unrelated.
  4. Updated anti-virus and anti-malware software
    You need to have an updated version (or two) of the latest anti-virus and anti-spyware programs. There are free ones like AVG or paid ones like Norton. I also use Malwarebytes (affiliate) to scan for things that anti-virus programs miss. Get one and update it automatically.
  5. Latest Chrome, Firefox, Internet Explorer, Safari versions
    Don’t just ignore that update request from your browser, do it right away. Some of those updates are security ones. In fact, keep up to date as to which is the most secure browser and just use that. Hello Chrome?
  6. Use Facebook and email securely with the right URL
    Go log in to Facebook. Go on, do it. Now, does the URL say “http://” or “https://”? If it is the former then you are not in a secure session. Go in to your settings and make sure it always uses https:// and whenever you log into any website make sure you type the “s” if you are logging in.
  7. Don’t use public free Wi-Fi
    You know when you go to a cafe and log on to the free network? Well, take a look at how easy it is for people to steal your Facebook and email passwords using a simple Firefox plugin. Its really sad that this type of stuff exists. I just don’t use Wi-Fi anymore.
  8. Don’t send passwords or store important information online OR offline
    Don’t send secure information over the net at all. Especially through chat or email. If someone has got into your account without you noticing they might be monitoring what you are doing. If you need to send passwords to workers, family, etc. then call them on the phone. You should also avoid saving passwords on your hard drive as that too is really easy to access.
  9. Make your security questions tough
    You know those security questions like “what is your mother’s maiden name?” Well, make them complex answers. For example, in one of mine I selected first pet’s name and then made the answer a complex password. If you ever get hacked you need this information to re-gain access to the account. You don’t want a hacker to change this.
  10. Back up everything
    You should constantly be backing up your hard drive, emails and blog contents to an external hard drive. If the worst happens and someone deletes your blog content you can get it back up without too much trouble. Imagine if you were relying on a website for your income and it all got deleted?
  11. Don’t use your PC Administrator account
    Most people use the Administrator account because it gives you freedom to add programs, etc. But, did you know that by using a non-Administrator account you can slow down the spread of a virus attack?
  12. Monitor your logged on locations
    If you go down to the bottom of your Gmail account you will see a little line of text that says “Last account activity”. This shows you where your account has been accessed from so if you suspect something is not right you should keep an eye on this and record unfamiliar IPs.
  13. Use a phishing filter
    This can help you identify if anyone is trying to run a phishing scam on you by showing you what is safe.
  14. Don’t click links in emails
    As a general rule, most banks and financial institutions don’t send you emails with links. Don’t ever click any such email you get. If you genuinely think it is from your bank ring them up instead.
  15. Research and read up
    Make sure you are up to date with the latest in internet security. You can create alerts in your news reader or follow blogs that update you on such concerns.

If I have missed anything out please leave a comment and let me know. Hopefully we can turn this article in to a nice resource for people to use in order to prevent these types of hacks and phishing scams happening to them.

What to do if you still get hacked

If you still get hacked there are some important steps that you should take from a business, personal and security point of view.

  • Don’t panic
    I panicked and it made everything so much worse. In the end it turned out to be okay. Even if the worse happens and you lose all your money (which is rare) you can still get back on your feet and fight another day. Most often the bank can investigate such losses and get your money back anyway.
  • Change everything else
    While you are investigating the breach go and change all your other passwords including the security questions on all your other accounts. Make sure you are doing this from a safe PC and a secure network.
  • Email your contacts
    Email your contact list and let them know what has happened and that you are trying to fix it. Apologize for the inconvenience.

I sincerely hope that none of you have to ever go through this. While its not the worst thing that can go wrong, it sure isn’t fun.

Has this happened to you?

Is there anyone out there who has had something similar happen? What did you do? Please leave a comment and let me know if you have any other tips, ideas or stories that might help someone out there avoid the same fate.



Ramsay WROTE THIS

Did you enjoy this post? Why not subscribe for future stuff

LEARN MORE

93 Comments... Leave yours.

  • Graham Lutz

    I’ve had my gmail hacked and sent viagra spam to everyone I’ve ever emailed with that account. Even the 63 year old research supervisor I report to – talk about one embarrassing conversation.

    I think it takes a situation like this in order for people to actually change their online habits. Hopefully this post will open some eyes!


    1. the Blog Tyrant

      I hope so too!


      1. Gregory C.

        Well, if nothing else, you at least scared one guy into changing all of his duplicate passwords into unique ones!

        I would add to anyone doubting the importance of this: if you are looking into making your works online turn into something serious, you should treat these things as you would treat a brick and mortar venture.

        You wouldn’t make the lock on your store safe “1-2-3-4″ would you? Just because it is something online doesn’t mean you shouldn’t make it safe and secure.


  • Allison @ House of Hepworths

    Holy crap, that is really scary! I’m going to change all my passwords now and start working my way through your list. Thanks for posting this! Wow, I’m still freaking out.


    1. the Blog Tyrant

      Hey Allison.

      Yeah, its pretty common. I’ve had two friends email me this week with similar experiences.

      Thankfully I think most are done by bots which seem to be easier to handle.

      I hope this post helps some people avoid it.


  • Bella Q

    I will be re-reading this several times, and then a few times more. I know of so many bloggers who’ve been hacked, and knock-on-wood haven’t exprerienced this. Thanks to your tips, hopefully won’t have to deal with this stress. Thank you for this post.


    1. the Blog Tyrant

      And this is just for FB and email. There is a whole other book to be written on blog security.


  • Ralph

    Never happend to me but I am like you with my internet / laptop and iphone.

    It sometimes has to be surgically removed from my body just to get away.

    I’ve got different passwords for different items but might check into some password vault programs..

    Thanks!


    1. the Blog Tyrant

      Let us know if you come up with anything Ralph.


      1. Ralph

        1) http://www.roboform.com/
        2) http://www.passpack.com/en/home/
        3) http://passwordsafe.sourceforge.net/
        4) http://keepass.info/

        Just to name a few. I’ve used roboform Myself but didn’t like it. Perhaps I was confident enough I was secure enough :)


  • Jen Whitten @ The Positive Piper

    My email seems to get hacked every so often…maybe once every year or two. Unfortunately, it’s our checking account that gets hit the most often. Sad thing, it’s not the online account that’s hacked, it’s always someone stealing hubby’s debit card number and ghosting the card. Sucks.

    The only thing I’d add to your list is to change your passwords every 45-75 days. You can’t always stop people from getting at your passwords, but you can make them moving targets.


    1. TJ

      Oh I like the concept of the “moving target.” Maybe the trick is to come up with something you remember and then each time change it progressively.

      Like pass: A12b17

      Next month becomes: B13c18

      Or some such nonsense? That’s not exactly super sleuth material though. I imagine if a person can HACK then I’m sure they could crack my amazingly complicated concept! LOL…


      1. Jen Whitten @ The Positive Piper

        That’s exactly what I did when I worked at the bank. We had a password to our workstation, the account opening system and the client management system. (There was another one for the teller system, but thankfully, I didn’t need access to that by the time I was managing a book of clients.) None of the passwords could be the same and they all expired every 35 days. (But never on the same day so there was a new password for something every week.) Since we got in trouble if our passwords were ever found written down anywhere (same with our vault/door codes), I had to go to words I could remember with goofy numbers and characters throughout the word and would literally change only one character each time.

        Granted, the system totally fell apart every time I came back from vaca and had to call the security help desk to get them to reset my passwords.


    2. the Blog Tyrant

      Checking account? What the heck?! How?


      1. Jen Whitten @ The Positive Piper

        It’s kind of a big problem in my part of Texas. People have gotten good at stealing card numbers, either when the server takes your card at a restaurant or by fitting a scanning device in the ATM machines. Some can also stand around the corner from where you’re using your card to get gas and use a remote scanner to get the card number. Once they have the number, they imprint it on their credit card stock and go on a spending spree.

        Most recently, it was someone trying to spend $800 (which the fraud department stopped) at a pharmacy. We assume they were buying meth-making supplies. Another time, they were spending $500 at a toy store. My old bank was crap about stopping them, but the tiny bank we’re with now is ON IT and we’ve never lost a dime. Did have to use my acct for a few days while the joint acct was frozen though.

        I always feel bad for hubby when it happens because he has to wait for a new card to come in the mail. He’s one of those people who has his debit card number, expiration date and security code memorized, so it’s more of a pain for him than it is for me.


      2. Jen Whitten @ The Positive Piper

        Oh, I should mention that I live in the identity theft/bank fraud capitol of Texas. As the banks get better at stopping them, the crooks get better at outsmarting them. Vicious circle, really.


        1. the Blog Tyrant

          Meth addicts buying PS3s. What else is new?


  • Vidya Sury, Freelance Writer and Professional Blogger for hire

    Sounds like every Internet user’s nightmare! It is housekeeping time for me in a hurry, I guess. And I am going to tweet this generous post till kingdom come. Brrrr! Reading it was scary!

    Thank you very much, BT


    1. the Blog Tyrant

      Ha ha. Good luck Vidya.


  • Shivam Vaid

    @BT sad to hear your experience. I think you have been fortunate that the passwords were not changed – otherwise it could have been a painful effort to get everything back. I think keeping same passwords across multiple account is a huge huge risk/error you made. Anyway, All is well that ends well – looking at the +ves – we would not have got this informative post had that not happened!


    1. the Blog Tyrant

      Yes, I hope the bright side is worth it.


  • Lydia Marie

    This happened to me a few months ago, although a somewhat crazy ex-boyfriend was behind it. He sent me emails that looked like they were from facebook, but when I clicked the link and it had me enter my user and password. Silly me should have checked the url, but I didn’t and that’s how he got the password and username for all my other accounts, including my emails, twitter, blog, etc. The scary thing was that he wasn’t using all this info for spamming purposes, but to spy on what I was up to!

    I feel like I finally have everything under control now, but after changing everything to completely different (complex) passwords, user names, security questions, etc, and I definitely don’t click on links in emails now, and pay special attention to those urls!


    1. the Blog Tyrant

      Did you patch things up with him?


  • TJ

    I have an ulcer now.
    I’m tempted to bury money in the yard and go back to writing everything on paper.

    BT – I love the bad-ass soldier visuals throughout your post! So funny, I’ve written about my Flickr phobia and that I wanted cyber soldiers to flank my files. So this just cracked me right up. You are an artist dude. Good visuals!!

    Best wishes from germany, tj


    1. the Blog Tyrant

      I’m not a businessman I’m a business, man. – Jay Z.


  • Rachelle

    How do you even remember these fantastic passwords?

    Creating them isn’t the problem, everyone and their dog wants you to register for stuff online…if I used a different password for everyone I’d never remember how to get into into anything.

    I am currently locked out of one of my gmail accounts because of this. I understand that I am the problem :)


    1. TJ

      Rachelle, I totally hear you. I have weird notes in random locations throughout the house. My hubby opens a new photo account for me and I’m yelling to him from the kitchen what I want the password to be so I write it in the recipe book that happens to be open. *NIGHTMARE* I never want to throw out receipts scrawled with jibberish because I don’t remember if they “mean” something.

      The insanity has to stop soon. You can imagine the amount of time and energy I spend searching for stuff…


    2. the Blog Tyrant

      Rachelle I bet you can remember anything you want. Especially if its written on a piece of paper hidden in your underwear.


    3. Jen Whitten @ The Positive Piper

      My mother keeps a password book with all her stuff because she can’t remember anything. Seems to work…as long as she never puts it in a different spot. That’s when all hell breaks loose.

      Even though hackers probably aren’t going to break into your house or steal your purse for your password list, I would probably keep a password book in a locked file cabinet in my home office…


    4. Rebecca

      Keeping track of passwords can make it sooooo tempting to reuse passwords for multiple accounts – like, ahem, Blog Tyrant did :)

      I just recently wrote about all this on the Wild Apricot Blog, in fact, in response to a reader question. Won’t linkdrop here (that would just be tacky) but you can google “How to Keep Track of Your Passwords (and Keep Them Safe)” if you’re interested. It’s a pretty long post, but here’s the short version: Pick unique and strong passwords, change passwords often, and get yourself a good password management tool so you can balance convenience with security.


  • Tho Huynh

    Sometimes we will allow suspicious Facebook apps to access our informations without noticing that they’re collectiong your personal information. My advice is to check your privacy settings on Facebook again


    1. the Blog Tyrant

      Yeah, the more and more I find out about Facebook the less I trust it. Too much of it is OPT OUT as opposed to opt in. That is frightening.


  • Cristina

    Hi,

    Great article. It deserves to be retweeted. More than once to spread the word, definitely.
    I still miss a post about blog security.

    I don’t think my email or facebook have been hacked so far but, even worse, a virus hijacked my browser six months ago. It changed my homepage, blocked access to Facebook, hotmail, gmail, anti-virus websites, etc.

    That happened despite I am obsessed with security. My equipment is always up to date, never click on links, etc…

    Thanks for all the info.


    1. the Blog Tyrant

      Tricky isn’t it…


  • Marcus

    Ah, I can relate to those dodgy Internet cafes. It’s easier to get hacked while you’re traveling and not using your own computer.

    A couple of buddies and I were checking our e-mail in Laos. While we were uploading photos, a virus infected our memory cards and we lost a bunch of photos of our trip! I had a backup memory card and another friend was able to do a partial recovery at a photo shop. Still, we lost hundreds of pictures we’ll never get back.

    I’ve heard good things about “password managers” like LastPass. But even they got hacked: http://bit.ly/mjPl1f.

    There’s a Firefox add-on called “HTTPS Everywhere” that forces Facebook, Twitter and popular websites to use secure log-in pages. The downside is that it might disable some apps. I manually turned on “https” for my e-mail, Facebook, and Twitter through their settings. Most banks already use https by default.

    Another big step is to use a Linux-based operating system, like Ubuntu or Linux Mint. They’re far less likely to be hacked compared to Windows or even Mac OSX. Getting used to a new operating system can be inconvenient for many people, though.

    I’ve written more about going online safely while traveling here: http://bit.ly/gS4p1Y. Hope this info helps!


    1. the Blog Tyrant

      Good point about Linux. I had heard about that but didn’t know much about it.


      1. Marcus

        Yes, Linux is more popular on servers, rather than on desktop and laptop computers. It’s mostly running in the background in data centers, not on users’ screens.

        Three main reasons why it’s a great defense against hackers:

        1) Security architecture. This involves Linux having ports closed by default, users only having limited privileges instead of admin privileges, and a bunch of other technical things I couldn’t begin to explain.

        The best way a friend explained to me was: imagine if you’re a robot and there’s a virus outbreak. Humans will get infected, but not you, since you’re an entirely different life form.

        2) Obscurity. By being less well-known, Linux is less of a target. Hackers want to hit as many victims as possible, so it doesn’t make sense write malware for Linux users.

        3) Linux users. They have a reputation for being more geeky and computer-savvy. I saw this great thread on a Linux forum, “What Firefox add-ons do you use?” (http://bit.ly/jyxQgx)

        People were listing all kinds of add-ons, not just for security, but to disable cookies and tracking. Hard-core privacy tools. Hackers would rather pursue other prey than Linux users.

        Anyway, I’ve gone off-topic enough. I digress ;)


  • Chris Guthrie

    Yah sounds like you were on an insecure Internet connection and that’s how they got you. I have a story that I shared almost 3 years ago that will really scare you too and make you buy privacy on all your domain names:

    http://www.makemoneyontheinternet.com/how-i-almost-lost-it-all/

    Ever since this incident I take security much more seriously. I’ll glad pay a measly $59 a month to have mobile Internet while traveling to avoid ever using public wifi.

    Let me know what you think of that social hacker I dealt with…


    1. the Blog Tyrant

      I don’t know if I want to read it! :-)


    2. Cristina

      Chris,

      I just read your post.Great advice there. More than a social hacker he was a sociopath.

      Cristina


    3. Marcus

      I just read your post. Scary, but enlightening story. I’ve always paid for private registration on all my domains. Sometimes I wondered if it was an unnecessary expense. After reading your post, now I’m really glad I do it!


  • Pam McCormac

    Really useful article… thanks.

    I’m sending it to all my friends who are sick of me constantly banging on about online security. I think it’s so important – but I tend to get a bit ‘ranty’ about it – and that then has the opposite effect – and people stop listening. Grin… I know I should stop ranting!

    I can’t recommend 1Password enough (http://agilebits.com/products/1Password). It’s available for Mac, Windows, iPhone, iPad and Android. Fantastic software that help you stay safe whatever device you’re using.

    Thanks again
    Pam :-)


    1. the Blog Tyrant

      Love it. Thanks Pam.


  • Rahul Pandey

    BT, you forgot on screen keyboard. One should use on screen keyboards when using untrusted computers, especially in cyber cafes, they may have key loggers installed.


    1. the Blog Tyrant

      I’ve never heard of that Rahul. Please explain!


  • Danny @ Firepole Marketing

    This has happened to me, and it was a really frightening experience to be locked out of my Gmail account (Facebook too, but I don’t care so much about Facebook).

    I did exactly what you said – same passwords for everything – big mistake! Now I’ve got unique passwords for all critical or sensitive services, so that even if one goes down, they don’t all get toppled over like dominoes…

    It was a very frustrating experience that I hope never to repeat!


    1. the Blog Tyrant

      How did they get into your gmail account Danny?


  • Frank M

    Thank for article Email security is a very important issue due to the fact that 99% of our online presence depends on it. I have had friends who have lost very important email accounts to hacker. This is especially so for yahoo and hotmail accounts. I usually encourage people use gmail. and google apps. Google have developed a very strong authentication mechanism which can help you lock down your account. One of the best is the 2 step verification system. When you login, you verify your identity with both your password and a code sent to your phone. (Totally overkill, but awesome).

    I have found that the most common way people loss their accounts is when they are deceived into inputting their credentials into fake login forms. The other way is when hackers use network sniffers to “sniff” your passwords as they pass through their” man in the middle” equipment.
    Hence the reason why you should make sure that : a) you are login through the right URL and b) you are using ssl to avoid password sniffing.

    Personally I have categorized my email accounts; Mission critical accounts, Normal accounts, Other accounts. The mission critical accounts usually have stuff like banking info, website hosting data etc have 2 step verification and super strong passwords and I rarely login into them. Then I have a “normal” account. This is what I use every day. All other email accounts forward to this account and then I use the multiple inbox plugin plus tags to sort out the emails. I usually sign up for newsletters and less important website accounts using one accounts which has no personal information. The key here is isolation.
    If you want to kick security up a notch, I would suggested you ditch windows altogether. Its common knowledge that its one of the most insecure platforms out there. (I love linux and mac)
    And never login to a sensitive account form a public network or computer .


    1. Frank M

      Wow, Huge typo there. I meant to say thanks for the article :).


    2. the Blog Tyrant

      Great ideas there Frank. The Gmail authentication really is cool.


  • Tom

    Great article! I’ve had my personal email hacked a few times and it was always when I used wi-fi at a McDonalds or StarBucks. Most of these places don’t offer any extra security and it makes it easier for hackers and spammers to access your account to send out
    spam to your contacts.

    I’ve had to change my password since it wasn’t very hard. I actually use a stronger password for my work computer and should have done the same for my personal emails.


    1. the Blog Tyrant

      Did you recover everything alright?


  • George

    This is near and dear to my heart. Information Security is what I do for my “real job”. Some of these tools have already been mentioned, but I’ll chime in for what I like to use to keep my PC secure. All of these tools are free.

    1. KeePass – secure password storage (http://keepass.info/)
    2. HTTPS Everywhere – defaults to secure connections on a lot of popular websites. This is a Firefox connection (http://www.eff.org/https-everywhere)
    3. NoScript – another Firefox extension to control website scripts (http://noscript.net/)
    4. TrueCrypt – disk encryption (http://www.truecrypt.org/)
    5. Eraser – secure delete utility (http://www.heidi.ie/eraser/)
    6. Tor – anonymous browsing proxy tool (http://www.torproject.org/)
    7. Microsoft Baseline Security Analyzer – Checks your PC for common weaknesses (http://technet.microsoft.com/en-us/security/cc184923)
    8. Microsoft Security Essentials – free anti-malware tool from Microsoft (http://www.microsoft.com/security/pc-security/mse.aspx)


    1. the Blog Tyrant

      Fantastic George. I’m going to look into them right now.


  • chris

    I’ve had web sites hacked. :( I’d been relying on the automated nightly backups…problem was when you discover it AFTER a backup, all you get is a backup of the hacked account. :(

    I use Keepass on a flashdrive to store my password. Keepass itself uses an encrypted database. I use a 23 character sentence for the password. :)


    1. Cristina

      Hi Chris,

      That happens if you only keep the last backup. They say you should keep at least 3 backups. That way you can always restore your site to an older moment in time.

      Cristina


      1. chris

        Yeah, at the time, there were two of us working on the site and each thought the other was saving a weekly backup to their pc. You see the flaw there… LOL. That was a long long time ago.


        1. the Blog Tyrant

          Ha ha. That’s a tiny little bit funny Chris. ;-)


  • John Hoff

    Hi Tyrant, sorry to hear that happened to you. I know the feeling.

    You know, this just so happens to be partly what I’m known for online, WordPress Security. I’ve spent a ton of time on this, written a book, created video courses, articles, even a specialized Newsletter about it.

    I might add a few links below, I hope you don’t mind but I do think they will help to further people’s education.

    Here’s some replies I have to a few of your comments:

    Re: Don’t send passwords or store important information online OR offline

    That is definitely a best practice, however in my experience sometimes the phone just doesn’t work. For example, I have employees in the Philippines who I can’t call. My suggestion here if you need to exchange this sort of information online is to make sure and use a SECURED FTP connection (SFTP, FTPS, or FTPES) to upload your information in a zipped file – it can even be password protected.

    Then make sure they have the same connection to download it. There are other ways, but that would take up too much here.

    Re: Don’t use public free Wi-Fi

    I’ve talked about this topic in detail and the dangers. I’ve attached to a web page a Newsletter article I sent out to people on my WordPress security list. This actually might be how the hacker hacked you.

    Free WiFi dangers article

    Re: Don’t save passwords on your hard drive.

    That’s a judgement call for me where I need to outweigh my security level vs. convenience. I have logins to so many sites I can’t even recall, and to log into each one in such a way would slow me down… I think.

    Roboform is a great product, but be careful of the Roboform Everywhere (which stores your info on their servers). Use the version which stores it on your computer. The passwords are encrypted by a master password which should be SUPER difficult and is only known by you. But it’s important to have a powerful Anti-Virus and Firewall on your computer, otherwise it’s not as safe.

    Alternatively, if you want to store this info off your computer, the best route to go then I would say is to use Roboform To Go. (Roboform is PC by the way, Mac use 1Password).


    1. the Blog Tyrant

      GREAT resources John. Thanks so much.


  • Scott Kindred | SafeHouse Web

    Amazing to see how something so easily had, like FireSheep, can potentially do so much damage; that really opened my eyes — along with knowing there are untold-scores of other tools that can scrape even deeper into our vital “private” information.

    Sharing your real-life experience with this horrid thing helps us all – thanks!

    You mentioned last week how us fans & followers were net reaching up to the performance bar on our social media involvement with blogtyrant.com…. So, here is part of my part!

    Today’s post on my Facebook page:
    http://www.facebook.com/SafeHouseWebsiteWorks

    And of course you’ve probably already seen my retweets of this fantastic article.

    p.s. I do not have my usual commentary on your choice of images to illustrate this post; they are definitely not of the same genre as your tiny Elvis and Walt Disney. But, then, this is a quite serious topic.


    1. the Blog Tyrant

      Thanks for the input Scott.

      Yeah, I had a bit of a brain fart when it came to today’s images. I guess that’s what you getting writing posts at 1am.

      Ideally, I would have had pictures of Nixon. ;-)


      1. scott kindred

        Perfect! :D

        No doubt, the opportunity to use the message of his image will come around again.


  • Monica Milas

    Any recommendations on how to store and keep track of all those complex passwords? I know there are software programs that “store” your passwords, but I’m reluctant to use them – not sure if they’re secure.


    1. the Blog Tyrant

      There’s a few suggestions floating around these comments. I’m yet to try one.


  • Kristi Hines

    I just went to a wired connection at home, and thanks to that Shoemoney article (I caught it when it was first posted) I switched over to https for Gmail and Facebook, and for anything else that I can’t use a secure connection for when out in public wi-fi, I just don’t. Great tips to keeping your stuff secure, and how not to lose it if you get hacked.


    1. the Blog Tyrant

      Thanks Kristi.


  • Juuso Palander

    Thanks a lot for this post BT. I’m just like you were before, a guy who uses computer a lot, and is getting more careless every minute.

    I switched on HTTPS settings in both Facebook and Gmail. It seems you don’t need THAT much effort to protect your Internet assets better.


    1. the Blog Tyrant

      Let’s hope so!


  • Tim

    Thanks for the post, mate!
    Just one Q… where in FB settings do you choose the https://?
    I just checked every possible thing and can’t find this.


    1. the Blog Tyrant

      Account > Account Settings > Settings > Account Security


  • ThisIsWhyImBroke

    Good tips.

    I’ve been using complex different passwords for years now because I’m overly paranoid. I still desire more security.

    Some of my passwords are so complex that I have them written down only on a secret USB thumb drive so I can copy and paste them lol


  • Rahul Pandey

    On screen keyboards or vitrual keyboards. On a windows computer go to -> start -> all programs -> acessories -> accessibility ->on screen keyboard. Dunno if its there in mac too.

    generally key loggers can not register what’s written by on-screen keyboard hence one should always use it when the computer is untrustworthy.

    third party on screen keyboards are also available, just google or bing it out.


    1. Vidya Sury, Freelance Writer and Professional Blogger for hire

      That’s a good option, Rahul – I’ve noticed that my anti-virus software gives me the option of an onscreen keyboard as an icon at the top of my browser. Banking websites always recommend using the onscreen keyboard on their log in page.

      BT – Your post + the comments are very educative. They always are – but you know what suckers we all are when it comes to security stuff.


  • Lesley

    I used to work in this area, and the thing that bugged me was that everyone thought they were ok if they kept a backup. As Chris said, one backup is never enough!
    For complex passwords the system I use is to use the initial letters of a phrase. It looks like gunge but you can remember it.
    However, I think what I need is one of those password storeage tools, so thanks for a useful post, (though I am sorry you had the painful experience) and for the extremely useful comments!


    1. the Blog Tyrant

      Hope it helps Lesley.


  • Glynis Jolly

    This hasn’t happened to me yet but I’m glad you posted what happened to you. It woke me up.


    1. the Blog Tyrant

      Great!


  • Rohi

    Hi BT, thanks a lot.
    I’m lucky I haven’t been hacked yet!
    I’ll change my passwords, usernames, etc. asap.


    1. the Blog Tyrant

      Hope it never happens to you Rohi.


  • Steve@Internet Lifestyle

    BT,

    Great info. I had my blog hacked a few months back (because of my own laxness with security) generally speaking it is something that most people will not let themselves go through twice.

    Dealing with it -after- is like shutting the proverbial barn door after the horses are out.

    I hope the people reading this take it seriously BEFORE they have a reason to take action.


    1. the Blog Tyrant

      Its a horrible experience isn’t it.


  • Jamie

    So I just got hacked two days ago as well, and I followed most of your suggestions. Boo. It was only my fb account, which WAS using the secure method of logging in (so it isn’t failproof) and it was caught immediately before much damage could be done, but how annoying!

    Sorry it was so wide-spread for you! Ugh!


    1. the Blog Tyrant

      How did they do it?


  • Ana @ list building tips

    I’m so sorry to hear what happened to you. Although you tell people that you were hacked, they lose a degree of trust and that’s sad. It is so easy to become complacent when you spend so much time online. We always think it won’t happen to us. At least you gained a ton of valuable insight and shared it here, where we can all learn from your unfortunate experience.


    1. the Blog Tyrant

      Hi Ana.

      Not sure I agree about the losing trust thing. What makes you say that?

      BT


  • chris

    BT, When are you coming back?


    1. the Blog Tyrant

      I’m back. Working on some stuff now.


  • webdancer

    Nice article.

    Password Card is a brilliant low-tech tool for keeping track of passwords. It’s free, too. https://www.passwordcard.org/en

    In spite of the company’s recent ethics-fail, I like RoboForm as an high-tech password tool. There is also a free version (up to 10 passcodes).


  • Heather @ Work At Home Market

    After a few of my friends were hacked on FB, I immediately changed my passwords. Enjoyed your other tips as well. Thanks for sharing!


As mentioned on...