Protecting yourself from it
It’s a sad day when even genealogists are affected by hackers.
The Legal Genealogist opened her email accounts this morning and there at the top of the inbox was an email from a genealogist friend.
“Incoming Google drive document awaiting you,” it read. “Just click here…”
It was signed with the friend’s genealogy sign-off information, including — irony of ironies here — the statement that “As a member of the Association of Professional Genealogists …, I support and adhere to the APG’s Code of Ethics …”
And, of course, the email wasn’t from my genealogist friend at all.
Her email account had been hacked, and it appeared that the Google Drive account of a charitable organization had also been hacked, both by some unknown group trying to distribute what is almost undoubtedly malware: software that will do very bad things to a computer if anyone clicks on the link and downloads the file.
So…
How do we protect ourselves from hackers — and even us lowly why-would-anybody-hack-us genealogists need to protect ourselves from hackers!
Some suggestions:
1. Don’t, don’t, don’t, do not ever click on a link in an email if it isn’t abundantly clear that the link is a good one and safe one. In other words, unless you’ve got good reason to believe the link is completely safe (you’ve been expecting it, the person talks to you about it in advance, etc.), don’t even think about clicking on it.
2. Read up about the security options your email provider offers — and use them. At a minimum, make sure you’ve set up options to recover your account if it does get hacked.
3. Use a strong password — a combination upper and lower case letters and numbers and some punctuation character ending up with something that’s at least 10 characters long and that isn’t a word in your language.
4. Change your password every so often. Some experts say every six months.
5. Don’t use the same password for every account you have. All that does is give the hackers access to everything if they get access to anything.
6. If your system calls for a challenge question (such as “what’s your mother’s maiden name?”), for heaven’s sake don’t use one like “what’s your mother’s maiden name?” Use something nobody else will know and something nobody else can find out by, say, Googling your family tree on the internet! If you have to use “what’s your mother’s maiden name?” as a question, then you’re better off making something up as the answer.
7. Make sure you have up-to-date security programs running on your computer: anti-virus, anti-spyware and firewall programs at a minimum.
A couple of resources for prevention:
• Robert Siciliano, “11 Ways to Prevent Your Email From Getting Hacked,” Huffington Post blog, posted 20 December 2013.
• “How to Protect Your Email Account from Hackers,” wikiHow.com.
And a couple of resources for cure:
• Adam Levin, “9 Things You Need to Do When Your Email is Hacked,” ABC News, posted 21 July 2013.
• Sharon Profis, “What to do if your email gets hacked (and how to prevent it),” c|net, posted 25 June 2014.
Sigh… a royal PITA to be sure… but an unfortunate fact of modern life.
Great post, thanks for the links!
Hope this helps some folks — and serves as a reminder to us all to check our security settings!!
I opened it because I trust this “genealogist” – but, that’s how the hackers get you. I have an upcoming class in five months with the “genealogist” and I thought I was getting homework already. I changed my password and good to go… I hope!
Good for you, Paul: Just don’t click on any links without thinking!!
All suggestions are very good advice. Unfortunately, most people will continue to use the same password and/or insufficient passwords for their accounts until it is too late. I believe it’s the “can’t happen to me” syndrome. I always like to recommend to people to check just how secure their passwords are at https://blog.kaspersky.com/password-check/ and I highly recommend a password program to create and store your passwords. I like 1password. Not only does it have an excellent password creation feature but will synchronize your passwords between devices.
Then again we do have to be concerned about the security of programs that create and store passwords… they too can be hacked.
I would echo that and would recommend RoboForm. There is a free version as well as paid version – which for a bunch of devices runs about $10 right now. One of my favorite features is the “Form Fill” which, if you are using a public WIFI system or at an internet cafe using their computer with your own USB drive (RoboForm2Go), it can fill in things like credit card info, and passwords, which won’t be picked up by a hacker trying to record keystrokes.
My go to solution for most of these slimeballs: the second public execution will take care of 99% of ’em. Yes?
That’s a little extreme… 🙂
Hi Judy, I realise that everyone on the internet thinks they’re an expert at something, but please can I ask you to also recommend “Where possible use 2-Factor authentication on websites that support it”.
Two-factor authentication (commonly abbreviated as 2FA and sometimes referred to as Two-factor verification) is a methodology used to verify who you are to a website using two different factors (duh!). Typically these factors are something you know (e.g. a password) and something you have (e.g. a cell phone or the Google Authenticator app). This extra layer of security is typically used when you do something important on a website (e.g. do a password reset on your online banking account). Should your email ever get hacked 2FA should stop the hackers using your email to further infiltrate your internet life.
References:
1. Wikipedia – https://en.wikipedia.org/wiki/Two-factor_authentication
2. A list of websites supporting 2FA – https://twofactorauth.org/
3. A old how to from the EFF – https://www.eff.org/deeplinks/2013/05/howto-two-factor-authentication-twitter-and-around-web
I certainly recognize that two-factor authentication provides a greater layer of protection — but it’s also a pain if the email provider requires it for every day access, and some do.
Sounds like you’ve been phished. For the people that’s not familiar with the term, please Google “phishing”. I’m not entering an hyperlink for some strange reason–lol.
This wasn’t just a phish, Chuck: the hackers gained total control of the email accounts for a while. What they did with the email account was try to phish (get others to click on a link that would give them control of the others’ accounts) — but the original attack has to be described as a hack.
Judy,
Thank you for the great information. Also, if the email has no subject, I delete it even if it is from one our children. I’ll call them to see if it was legit. I fell into that trap once,their email had been hacked! It is such a shame– there are people in the world that do not care and enjoy causing others heart aches and misery. They have to much time on their hands and need to get a real honest job!!!
Have a great day!
Glad you’re being careful! These days, we all can’t be too careful.