There are some clues to look for, and I’ll review a few of those, but ultimately, there’s no way for the average computer user to know with any certainty that a hacker is not in the process of weaseling in or that they haven’t done so already.
Perhaps now you’ll understand why I talk so much about prevention.
As I write this, there’s been a breach (referred to as the “Collection #1 breach“) that apparently contains something like three-quarters of a billion email addresses and plain-text passwords. It’s newsworthy because it’s huge and contains passwords for anyone to see.
It’s also quite frustrating, for reasons I’ll outline in a moment.
Naturally, the question I’m getting most is simply this: what should you and I do?
The same thing we do every breach, my friend; the same thing we do every breach.
My account has been hacked into several times. If I’m able to recover it, it just gets hacked again. Sometimes I can’t recover it, and I have to start all over with a new account. What can I do to stop this all from happening?
I don’t get this question a lot. But I really, really wish I did. What I get instead, repeatedly, is “I’ve been hacked, please recover my account/password for me!” (Which, for the record, I cannot do, no matter how often, or how nicely, or not so nicely, I’m asked.)
The only salvation is in prevention, and this applies to email, social media, and pretty much any password-protected account you might have.
What can you do to make sure your account doesn’t get hacked in the first place?
Not a day goes by that I don’t hear from someone who’s in the middle of some kind of account recovery process that isn’t working.
While I try to help out to the degree that I can — usually with instructions that are often no more than the service provider’s instructions translated into clearer English — it’s also not at all uncommon for those accounts to never be recovered.
And, to be super blunt about it, most of the time, it’s the account owner’s own fault.
In general, can a PC with no remote software be hacked if it is powered off? The power supply and the internet cable are still connected to the PC. In my discussions with others, 50% say yes, 50% say no. An internet search was also divided in response with no agreement.
It’s a very unlikely scenario that could allow a turned-off computer to be hacked. I’ll describe it and show you how to prevent it.
I understand that my password, especially if it’s not very strong, can likely be figured out by a computer driven program using trial and error. For example, all permutations, combinations of numbers, letters and special characters. What I don’t understand is this – wouldn’t a hacker, be it a person or a machine, have to actually try each and every one of these computer derived guesses on the sign-in screen of the website that they are trying to access to see if they get lucky? My experience tells me that after just a few failed attempts at entering a password, the website will not allow any more tries. So how in the heck are they able to try out all of the thousands of possible passwords that he comes up with?
What you’ve described is called a “brute force attack”, and you’re quite right; it’s a rare system that allows such an attack to proceed past the first few errors.
As you might expect, I get many questions from computer users concerned about their security. With regular news of identity theft, credit card fraud, and database hacking, many people are understandably concerned about the security of their own information online, particularly when it comes to online shopping …
… so much so, that some actively avoid online shopping for fear of having their payment information stolen.
In my opinion, they should be more concerned about the security of their information off-line.
I can see how an individual might let their guard down and get hacked but how in the world can a huge company like AOL let this happen?
How can this happen? Because security is hard.
In fact, it’s way harder than you or I can even imagine. And to be clear, I’m not trying to make excuses for AOL or any other service. I just want you to understand that security is really, really hard.
Let me review some of what I’ll call the fundamental principles that are at play in a situation like this.
I was told that there are many apps on the market today which allow people to gain access to any email or text message you may be sending without your knowledge. For example, a suspicious spouse. If such is the case is there a way to block or disable them?
Sure there’s software like that. It’s called malware and it’s been around for years.
What is the current status of a company that wants to offer security protection for your credit card purchase and your identity? Is it “Target” initiated?
Target, a retail chain in the United States, is the company whose security was breached recently in a fairly massive theft of account information from their customers. Unfortunately, this gets really complicated really quickly. Compromised companies like Target try to do the right thing for their customers, but of course there’s always somebody who wants to come along and take further advantage of the situation.
Hi, Leo. If I’m sure that a hacker is controlling my computer and I was online in my Skype account, in a video call to a friend. Could hackers then see and save a video message during the recording? In other words, can a hacker see my screen and record my video call with my friends and show our faces at the same time?
While this does seem like a very specific scenario and a very specific concern, I want to address it because it’s a fine example of what a lot of people just don’t seem to realize, something that’s very important about the nature of hacking, malware, and compromised machines.
To directly answer your question, yes, absolutely. If your machine has been hacked into or is compromised in some way, then a hacker could certainly record your Skype video calls.
But the problem here is that it’s much, much worse than that.
When I click on a search program or email site, I see “infospace” first before the site. It slowed my computer down somewhat. I’ve had it removed but it always comes back. How can I get rid of it forever?
Infospace is actually a search engine that’s got a pretty good reputation. I suspect what you’re seeing here is some kind of intrusive adware that’s associated with that same name.
There are several possible things that could be going on here. I want to walk you through some of the possibilities and what you should be looking at.
I just happened to check my emails and noticed that I had an email telling me that I had asked for my Live.com account password to be reset. I had not done this so I followed the link that confirmed that this was not me. About two minutes later, I received an email from Facebook stating that I had attempted to change my password and was this me? I immediately clicked on the link to report that it wasn’t the case. What I’m wondering is if there’s any way of finding out how this happened, the location of who and what was behind this? I checked my session data in Facebook and there were no strange locations there but then they have failed to login so I suppose there wouldn’t be. Is anything else of mine at risk? I’ve checked my bank statement tonight and I am a little worried.
To answer your question, no. If no one has actually logged into your account, you can’t get the information that you’re looking for; at least not without a warrant. But I do want to talk about what may have happened in order for you to get that password reset email, and what I would have you do differently in the future.
If someone hacks into my router, will their activity show up on my personal computer and phones? We have activity as far as websites visited but we swear that the router must have been hacked. Is it possible for activity to be on the computer and phone if they weren’t actually used?
Hacking a router is possible, but fairly uncommon.
Most router hacks happen from the computers in your local network. That means you may have malware on one or more of your machines and it’s accessing the router. This can show up in several different ways on your computer.
I’m not so sure about the phones.
But since you asked, let’s talk a little about this scenario.
I thought that my computer was hacked a few weeks ago. I called the tech who worked on my machine. His final answer was that my security had held, but this person had gotten a copy of my address book. Can a hacker get away with just your contacts or address book?
Yes, a hacker may walk away with just an address book. The more frightening question is… what else could the hacker access?
I’m online sometimes late night into the morning. Being an IT student, I’ve read about hackers using the night to scan for active IP addresses and hack it using back doors for fun. Can you recommend any free software that can help prevent back door attacks and work alongside my anti-virus and my Windows firewall? Also, should I change from Windows firewall?
To be honest, I’ve never, ever heard of this so-called nighttime scanning. I wouldn’t believe it if I did. It’s always nighttime somewhere and the internet is global.
My servers are located somewhere in Michigan, but hackers from China try to hack into them at all hours of the day. It happens constantly. The reality is that any computer connected to the internet is being attacked in one form or another pretty much all the time.
It’s one of the reasons why tech people like me speak so religiously about anti-malware tools and firewalls. But there are a couple of different ways to discourage hackers from choosing you.
I just want to tell you that someone has hacked one of my email IDs and he sent email from my ID to someone else. Now, please tell me how I can find out from which computer and from which place this email has been sent. In other words, how do I find who hacked my email? You cooperation will be highly appreciated.
Unfortunately, what you and I can do is actually very limited.
I get this question a lot. When people get their accounts hacked, they really want to be able to trace back and figure out who the heck did this to them. Where did it happen? What computer were they on?
You’re not going to like this, but the short answer is, you don’t. The fact is, unless this involves laws being broken, there’s almost nothing you as an individual can do.
I’m using Windows 7 and I have no anti-virus software. For the last one month, I started having virus problems. My action center, Windows Defender, Windows Update and Windows Firewall have all stopped working. What should I do now?
For starters, you need to start running anti-malware software… NOW!
Anti-virus and anti-malware tools are there for a reason – they’re necessary. When it comes to viruses and malware, the issue is not if you are attacked or infected, but when. That’s why anti-virus and anti-malware software is available – it protects your computer from attempts to attack when they happen. When you’re not protected, there’s nothing to stop viruses malware from infecting your machine.
Now that you know, you may wonder what you can do to get your machine fixed.
I use Windows Vista and my browser is IE9. I have an annoying window that pops up whenever I search for a website. It briefly comes up as (and there’s a domain name here) and then morphs into a window that seems to correspond with a website I searched for and selected. It’s typically advice that I’ve won a prize of some sort. I’ve tried many ways to remove this issue: malware removal, pop-up blocker, and full virus scan. The full virus scan got rid of it briefly but it returned very quickly. How can I get rid of this problem?
The fact that the virus scan fixed this problem at least for a little while tells me a lot. This sounds like a browser hijack.