In my last post, I gave you some of those “we all know, we don’t all do” kind of reminders. Use long, illogical passwords with capital letters, numbers and special characters. Change passwords regularly. Don’t use the same password on all your accounts. Obvious though they may be, these reminders are not heeded often enough! I likely could’ve spared myself major drama had I done the obvious.
Today’s post digs into some more tips, some less obvious things I learned as a result of the hack attack. These are really practical, helpful and important. If you use a service like Yahoo!, Gmail or Hotmail for any email account, read these tips for comprehension and treat them like explicit instructions, because there will be a test!
– Open a back-up email through another service.
When hackers hijacked my Yahoo! accounts (I have four paid and one free Yahoo! email address), I lost access to my accounts through normal means. I couldn’t even go through the “I lost my password” gyrations because of the account resets the hackers had done.
Once I got a Yahoo! customer service rep on the phone, she asked for an alternative email address where she could send a temporary password. I was able to give her a Gmail address I’ve rarely used, and she quickly sent the temporary password. That side account was the key to my regaining control of my regular email addresses.
I recommend you open your own side account rather than rely on the email of a family member or friend because you need fast access in the moment if you’ve been hacked. Dramatic as this may sound, moments really do matter.
– Find the phone numbers before a crisis strikes.
I contend it was only divine intervention that allowed me to find a functional Yahoo! phone number within minutes during my hack attack. I googled some phrases in my blurred frenzy and miraculously happened upon a number that got me through to someone who could help. (And thank goodness it was still within their business hours; there’s no emergency 24/7 phone help for these email providers.) If I’d had that phone number already on hand, that would’ve save me even more precious minutes.
Mind you, I have paid Yahoo! accounts, so I had a slight advantage in finding help more readily by phone. The phone number(s) I found for my Yahoo! incident proved unhelpful to my friend who was hacked days after me because he uses the ‘free’ Yahoo!. Yet even if you rely on the free version of your email provider’s accounts, there are phone numbers to call…if you dig to find them.
Digging for the phone number in crisis doesn’t go so well; find them NOW.
-Log out of your account every time you’re done or step away from the computer.
Identity Theft Expert John Sileo earned his title the hard way; he had his identity stolen by a business partner who would casually hop on his computer anytime he stepped away from his desk. John had the computer set to shut down after 15 minutes of inactivity—plenty of time for the bad guy to shimmy on over to his work station and wreak havoc while John headed to lunch.
I work from home in a contained environment. But most of you likely access your personal emails even while at work, amongst other humans. Make it a course of habit to log out every time you finish a session—even if you don’t get up from your desk. Better safe than sorry.
– Don’t log in to any accounts over free WiFi connections; tether your cell phone to your laptop instead.
Free WiFi is a hacker’s stocked pond. It’s really easy for them to phish where there’s no layer of security for passwords or information. If you log on to accounts over free wireless connections, you are potentially revealing all to the bad guys. I’ll admit, I’ve done it many-many-many times over the years, and never once did I at least go in and change my password later. Tsk, tsk on me!
John Sileo recommends that people who’re often on the go yet must stay connected should tether their mobile phones to their laptops, using the phone as a modem for Internet access. Cell phone service providers will charge extra for this capability, but it’s much more secure than trusting free WiFi hot spots or even using services like Boingo. And it’s a small price to pay for avoiding the upheaval and potential cost of a hacking or identity theft incident.
– Associate a non-primary email with your Facebook account.
Hackers almost simultaneously hijacked my Facebook account with my email. I will never know how thoroughly they’d plotted this invasion, but they knew what they were doing for sure. My primary email might’ve helped them find me on Facebook, as that’s the one associated with the account. If you really want to secure the Facebook front, use an obscure email address that nobody really knows; that will make you quite unfindable through email searches. Of course, any account alerts will direct to that email.
– Check your Facebook Account Settings, Account Security & Account Activity. NOW.
Go…do this right now! Even just today, I noted unauthorized activity on my Facebook account, and I’m on red alert just a week and a half after my attack. See this graphic to guide you where to go. Set your system to alert you when unauthorized activity occurs on your account!
Also—go to Privacy Setting and set your email so ONLY YOU can see it. The above measures will not be completely effective until you set your email to be completely private. Rest assured, your real friends will have other ways to access your real email address!!!
– Check your credit reports yearly…and immediately if you’ve been hacked.
After the hack attack, I checked my bank account, my credit reports and any other online financial account I hold. I put an alert on my file with all three credit reporting entities. While my email didn’t house any direct account number information and the passwords that were compromised varied from those associated with my finances, I felt vulnerable and exposed on all fronts…because I very well could have been.
– Encrypt or password-protect sensitive documents sent via email.
This is a great tip from John Sileo, one I wished I’d put into practice years ago: encrypt or password protect sensitive documents before sending via email. As an independent contractor, I often email clients necessary information in order to get paid, etc. Every time I’ve hit ‘send’ on such emails, I’ve put way more than my email password at risk.
It’s really easy to add this measure of safety. In Microsoft Word, follow the trail from “File” to “Save As” to “Tools” to “Security Options” to “Password to Open.” In iWorks Pages, go to “Export” to “PDF” to “Security Options” to create a password to open. You can also set security options within the Adobe PDF program.
Once a document’s encrypted, just call the receiving party with the password. Without that password, the document is gibberish.
– Back up your email contact list on your computer.
Hackers will use, export then delete your email contact list. My email list was 9.5-years in the making, and in a few clicks, the hackers erased it all. They did this so that I couldn’t easily get back in and follow up with everyone to alert them to the hacking. If I’d had that list handy on my hard drive, it surely would’ve made my life easier.
– Be vigilant and know that it really could happen to you!
“Man, I’m glad that’s not me.” C’mon…you know you were thinking it as you observed my breathless post-hack status updates. Hacking is on the long list of things we think won’t really ever happen to us—until it does.
Check out John Sileo’s ThinkLikeASpy.com for more personal identity tips. I think his online Toolkit is full of really useful information; click here to read and learn. It’s all great, eye-opening information. And check out his book, Privacy Means Profit. I really appreciate the wisdom he shared; it was helpful for me as I was still reeling from my incident.
Please…share your own experiences over on the Facebook page! We can all learn from one another.
THANKS for reading!