12 Steps to Keep from Getting Your Account Hacked

//
My account has been hacked into several times. If I’m able to recover it, it just gets hacked again. Sometimes I can’t recover it, and I have to start all over with a new account. What can I do to stop this all from happening?

I don’t get this question a lot. But I really, really wish I did. What I get instead, repeatedly, is “I’ve been hacked, please recover my account/password for me!” (Which, for the record, I cannot do, no matter how often, or how nicely, or not so nicely, I’m asked.)

The only salvation is in prevention, and this applies to email, social media, and pretty much any password-protected account you might have.

What can you do to make sure your account doesn’t get hacked in the first place?

Read more12 Steps to Keep from Getting Your Account Hacked

Footnotes & references

1: I often hear from folks who are concerned that providing a phone number is really just another way to track you. I don’t buy into that conspiracy theory. Providing a phone number is all about being able to prove you are the rightful account owner should you ever lose access to the account.

Why Is There so Much Spam?

//
Between bouts of frustration with my inbox, I’ve been reading your various articles on spam. I think I’m slowly getting a handle on it all, but it sure seems crazy. And it really got me to wondering… why is there so much spam in the first place?

I feel your pain.

Some time ago, I did some research and looked at all my email for an entire year. Not only do I get a lot of email, but my calculations show that 87% of it was junk. Wow.

Why is there so much spam?

It’s very simple, really.

Spam works.

Read moreWhy Is There so Much Spam?

Footnotes & references

2: A reference to the Nigerian Criminal Code.

Possible LastPass Phishing Vulnerability

News broke over the weekend about an approach to a phishing attack that could fool you into giving a hacker your LastPass credentials, even bypassing two-factor authentication. It’s not yet been seen in the wild, but code has been made available, so I’d expect it to start appearing.

Quick bottom line

If you get a message from LastPass that your session has timed out and you need to log in again, don’t. Instead, I recommend you close your browser, re-open your browser, and log in using the LastPass icon on the browser’s menu bar.

Read morePossible LastPass Phishing Vulnerability

Is my ISP calling me to clear up my problems with Windows?

//
Hi Leo,

You might be interested in this little anecdote.

Yesterday about noon, the telephone rang. It was an Indian woman, and here’s what she said …

What follows is an increasingly commonly-attempted scam. Fortunately, the person reporting it had the right instincts and was able to avoid getting taken.

Let’s look at the transcript provided, and I’ll identify all of the warning signs with [notes] as we go.

Read moreIs my ISP calling me to clear up my problems with Windows?

What is it about attachments?

This week, a report about the most common vectors for data breaches and related issues was released.

You and I are the weakest link.

For at least one large segment of malware attack, it’s our propensity to download and open email attachments that gets us into trouble.

A couple of scary numbers from that report: 1 in 10 people will download and open an attachment attached to phishing email or spam. The average time between a phishing email being sent and the first victim taking the bait is 22 seconds.

What the heck is it about email attachments that makes them so darned irresistible?

Read moreWhat is it about attachments?

Footnotes & references

3: If that phrase even makes sense.
4: I’m thinking of the old SimTel archives, for those who remember. I’m sure there were more.
5: Yes, there are anonymous upload sites. Don’t use them, and don’t train people to use them. They’re anonymous. Files shared on services like DropBox, OneDrive and others can always be traced back to their account owner.

Phishing: How to Know it When You See It

//
I’ve received an email from Microsoft asking for billing details and threatening the end of my Outlook.com account. Contacting Microsoft resulted in referral to a support alias, but no answer. Is this a problem, or a forgery?

Phishing is a word you hear a lot in the news these days, and this question brought it to mind.

You’re right to be suspicious: this definitely sounds like a phishing expedition.

Read morePhishing: How to Know it When You See It

Why Spammers Love ZIP Files and How You Need to Stay Safe

//
I suppose most folks will be getting unsolicited spam to try to get your details. I’m getting financial questions and attachments with a .zip extension. What is .zip?

The ZIP file is the spammer’s – or rather the phisher’s – best friend.

ZIP files are everywhere, and have a lot of very valid uses. Unfortunately with that ubiquity comes the potential for abuse.

And that’s exactly what spammers like to do.

Read moreWhy Spammers Love ZIP Files and How You Need to Stay Safe

Footnotes & references

6: Ref: Zip (file format) – Wikipedia

Should I take the security protection offered after the most recent security breach?

//
What is the current status of a company that wants to offer security protection for your credit card purchase and your identity? Is it “Target” initiated?

Target, a retail chain in the United States, is the company whose security was breached recently in a fairly massive theft of account information from their customers. Unfortunately, this gets really complicated really quickly. Compromised companies like Target try to do the right thing for their customers, but of course there’s always somebody who wants to come along and take further advantage of the situation.

Read moreShould I take the security protection offered after the most recent security breach?

Is the internet just full of scams?

//
All these PC online technicians say “your computer is infected; you need to pay at least $100 to have us fix it like new.” They told me that even if I go to factory settings it won’t help. Now, I’ve been running McAfee security and I do full scans and I have no virus. Is the internet just packed with tricksters?

The very direct answer to your question is yes.

Yes, there are a lot of scams and misleading advertisements out there.

That’s why there’s one skill I believe strongly that everyone needs to develop.

Read moreIs the internet just full of scams?

Why does this email message ask me to enable HTML when it already is enabled?

//
Using Hotmail, now Outlook.com, and my address is “something” @hotmail.com. In the past two days, I’ve received several messages from my bankcard company: the first, an alert that a payment is due soon, and the second, an acknowledgement that payment has been scheduled. Each includes “Please enable HTML in the message text.” I have not done anything to disable HTML. Principally, I don’t know how and secondarily, I’d be afraid to find out the consequences if I did. Previous account-related messages from this company included the link to the card users login page. The current message does not have this link. Thinking that something may have accidentally come unhooked in my Hotmail settings, I looked in options for anything indicating how to enable HTML. Finding nothing, I went on the net and searched “Enable HTML Hotmail” and found Ask Leo! I’ve read through the topics here and searched “Enable HTML Hotmail Outlook” and found no answer. Messages from other sources contains links, none contained a request to enable HTML. Please advise what I’ve done and how can I undo it so I can easily attend to this credit card.

I don’t think you’ve done anything and I don’t think there’s anything to undo.

There are several reasons why this kind of thing can be happening. Most of them boil down to an improperly constructed email message on the part of the sender. In other words, it’s not you, but the sender.

Read moreWhy does this email message ask me to enable HTML when it already is enabled?

Why Does Legitimate Email from PayPal Instruct Me to Click a Link?

//
As you stated and I’ve preached to my own family, you should never click a link in an email that purports to be from PayPal – never. If there’s something that needs to be checked out, go to the PayPal site yourself by typing paypal.com in your browser’s address bar or clicking on your bookmark – never click on an emailed link to PayPal – got that? And yet my monthly email statement from PayPal includes a link to login! Why is PayPal practicing business in this manner? We both know that they know that they’re not ignorant of the risky behavior fostered.

You are 100% correct. I agree with you – I wish PayPal didn’t do this.

Now, I can postulate a few reasons why PayPal might choose to behave this way … but I still can’t really justify it.

Let me throw out a few of my ideas.

Read moreWhy Does Legitimate Email from PayPal Instruct Me to Click a Link?