We know that pirates are all around us. This is why we are particularly paranoid about our online accounts and passwords. In fact, hacking in today’s web environment is not a direct job for your Gmail or Facebook account. This is a controlled chain reaction involving all of your linked accounts. The hacker receives important security information from another service. then he “hacks” that account and so on.
We think big companies and technicians are safe from piracy, right? But is this really the case?
No one is safe
Wired Writer, Mat Honan’s account was hacked last year, and hackers (identified as Clan Vv3 and Phobia) took control of his Gmail account and terminated it.
From there, they took over his Twitter and Amazon accounts, then his Apple account, and finally deleted everything from his Apple iCloud service. The painful truth is that Mat Honan helped pave the way for this elaborate scam. For example, since the Twitter account of the technology blog Gizmodo was linked to that of Mat Honan, the hackers had access to it and were also released with the Twitter account.
In another story, Labnols Amit Agarwal was also the victim of a Facebook account hack, which was unsuccessful because the author immediately took action and blocked the account.
No one is immune to piracy. It can happen to anyone, and if it does, there’s no point in regretting it. You really need to know what kind of security you have for all of your web services and how you can better manage them.
How to help hackers
Here we see some obvious things you can do to protect yourself from hacking.
1. Facebook profiles
As the largest social network, the Facebook profile is the first thing you need to secure. Go watch it from the outside. Log out of Facebook, then search for your account from a stranger’s point of view.
If your Facebook profile contains too much information, you will probably be the victim of yourself. Check out this user’s public Facebook profile that was created specifically for this article (i.e. it’s not real. I just hid the email address because we need a real email address for that.)
This particular profile lists seemingly harmless information, such as instant messaging screen names in Google Talk, AOL (AIM), Yahoo, etc. The email address is. For example, email@example.com is an email address that belongs to that particular user. It is visible to everyone.
It’s good to share your email address with people you know. Otherwise, it’s best not to share it at all.
2. Facebook account recovery hack
Let’s do an experiment. Imagine you forgot your password, then go to Facebook. Facebook may ask you for your email address, user name, or mobile number. You can provide this information and you will receive an email with instructions on how to reset your password.
There was previously a method used by Facebook to reset the password and involving your trusted friends. Sounds easy, unless you accept a lot of Facebook friend requests. Imagine the following: you receive a friend request from certain people you don’t know. If you are the type, you will probably accept these four requests.
They do not know that these accounts can be managed by one or more hackers. You simply trigger a password reset request in your account and choose three of these four accounts as “trusted friends”. Facebook emails security codes to these trusted accounts, and the hacker takes over your Facebook account. If you have problems with this, you should check out my article for what to do.
Fortunately, Facebook no longer uses this method. It also does not depend on security issues. Currently, the only way to access a Facebook account is to secure access to the original email address.
Therefore, a hacker needs to access your email account to access your Facebook account.
3. Email security
Which messaging service do you use? Security differs depending on that. If it is Gmail, I strongly recommend that you use two-factor authentication.
Here are the steps:
1. Go to your Google Account settings (not Gmail settings) and the Security option.
2. You will see the two-step verification option. Activate the status.
3. Add your phone number. Select this option to receive codes by SMS or voice call.
4. Enter the code you received to confirm your account. Make sure to update the records if you change your phone number.
Another important part of Gmail is suspicious login notifications. You can opt for email and phone notifications when suspicious connections are detected in your Gmail account.
The Truth About Security Problems
Google has a security question that you need to set. Make sure it is set properly. While I was working with email security for AT&T, I have encountered elderly customers answering security questions very truthfully. Even though I took time in explaining to them what a security question is and why they needn’t submit the true answer all the time, most of them did not quite understand it.
Most people don’t realize the fact that a security question answer works exactly like a password, only less secure depending on how you through your information about. Talking about your pet Rover on Facebook a lot then setting it it as your Security question maybe risking it a little. Anybody can access your account, whether or not they know the password, just by making educated guess about your preferences, which would work if you are truthful with your security questions.
For more Gmail security tips, check out the 10 Ways To Tighten Up Your Gmail Security.
4. Website Owners, Beware!
If you get into the Whois database of my website, you will get to see an email address that I own. It is right there, publicly available in the open. It is an email address I still use. However, it is completely detached from my website or any other important service that I use. And there is a good reason why.
In effect, even if you know it, you will not be able to access my website, my Facebook page, or my Twitter account because none of them uses that particular email address.
You, as a website owner, should secure the information you share with the world. You can easily do this if you spend a little more money with your hosting provider to mask the website’s registration information. All hosting providers make it available to their customers at a small fee, but I didn’t do it simply because I cannot afford it.
Whois database gives a hacker not only an email address, but also a physical address, details of the hosting provider, name of the organization, a phone number, etc. An expert hacker looking through this database can easily get valuable info about your hosting account. If you have low security on the email address and website, you will easily subject yourself to attacks.
5. Customer Service
If you are using the customer service option to reset your password for your email, the customer service executive may ask you your security question. Within AT&T, we used to use security questions to verify customers, questions like “Who is your favorite hero?”, and answers like “Batman”.
Not only that, we were authorized to provide the first letter of the answer if the customer gets it wrong the first time. A hacker can easily fake it since the random operator cannot identify the voice of the caller, and is supposed to divulge a password if the caller gives the correct answer.
In other companies also, the customer service executives can easily give a hacker your password or other important information from your account (such as your birth date) based on a trivial verification process. The information obtained from this call, may be used to verify an account in another service, and the chain goes on. It is very important to know what services you are using and how you can successfully verify yourself with the customer care department of those services.
Today, we are using not a few but a huge number of online services to get things done. Social media and email may be somewhat unimportant to some of you but what about online banking? It goes without saying how important it is to secure your banking account. I know there are elderly people who have no idea what Phishing is or how to create a good password.
A painful truth is that the security experts working in the companies you trust with your information actually expect you to know a little more about security. A security expert barely stresses the importance of these things. They cannot explain how to make a good password to each and every customer while trying to come up with better and more powerful ways to keep your online accounts safe. It is hence the responsibility of each and every one of us to know more about security in today’s world and act intelligently.
Read Also :