My phone rang incessantly. Text messages from friends poured in. My office line was crammed with patient concerns. Everyone wants to know that I was okay and that nothing bad has happened. I then was told that I sent an email to all friends, family and patients that I was in a far-flung place in London, stranded and is in dire need of financial help.
How frustrating and embarrassing. Someone has compromised my email account and sent this false message to all my contacts.
First, let me thank all of you for your concern and willingness to help out if this would have been a real occurrence.
I currently do not have access to the gmail account that was used and hopefully access will be granted from google in about a day two. Dealing with google in these type of situations can be more frustrating than the actual incident. There is no live person you can talk to and they require you to fill-out a form where questions are asked that can be challenging to remember. These are not “what’s your mother’s maiden name” types of questions. Is more like, when did you create your email account? Who were the last 5 people you emailed? – how the heck should I know!
They did respond on the 24th hour exactly – to suggest I fill-out the same form and answer more questions as accurately as possible – ARHHH!!
In any event, I do not know exactly what I did to make my account so easily hacked but I am now following some precautionary steps to avoid it from ever happening again. I think you should do the same.
Remember, hackers usually access our emails when we “open the door” for them.
How hacking works
To the best of my understanding, and I am far from a tech junky – first, here is how hacking works: Most email accounts are hacked by â€œphishing.â€ Phishing is when you receive an email from what appears to be a legitimate site and it asks you to click on links or enter personal/private information. NEVER do this, because if you do, you have just given the hacker the personal info they need to access’ your accounts, like banking or credit card details.
These hackers can be very clever and they work hard to make the ‘phishing site’ appear like the legitimate website. If you receive an email from your bank and it asks you to click on a link within the email…don’t do it. If it asks for account info…don’t do it. If you know the website address of your bank, type it in your browser. Then login and you will see if there are any messages for you. Any legitimate bank will never ask you for personal account details in an email. Alternately, you can call your bank, using the phone number on your bank statements or in the phone book. Never use the one on the email.
Here is how to keep the â€œdoorâ€ closed according to what I have learned from asking tech savvy friends and my own research in the last 36 hours:
1. Never give personal or account information in an email â€“ I never did.
2. Never store password in any browser â€“ I did.
3. Use an Internet browser that has ‘phishing filters’. A phishing filter is a software program that works to identify fraudulent websites which attempt to represent the legitimate sites. Firefox and Windows 7 are just two of the browsers that incorporate phishing filters â€“ I use Firefox.
4. Check for filters in your email account. If for example you use Gmail, you can login and go to your settings and then check your filters. See if you recognize them as ones you set up. If not, get rid of it. I checked for filters
5. Never click on links within an email unless you know the page it is taking you to â€“ I do not remember doing this.
6. Create creative passwords and password retrieval questions :
Apart from not using personal information as your password or answers to retrieve your password, make sure that you use a password that combines letters, numbers and symbols. It is also a good idea to incorporate capital and small letters instead of merely using all caps or all small letters. This increases the number of combinations that a hacker would need to decipher, lowering his or her chances to access your account. With regards to your password retrieval, do not use actual information. Instead, provide information that you would be able to remember yet something that is unrelated to you since the first few tries of a hacker will be to use accurate and actual information regarding you to retrieve your password â€“ my password were NOT that difficult.
7. Invest in a good anti-virus program similar to Zonealarm Free anti virus, unless you own a Mac. Macâ€™s seem to be safe for now from spyware, malware and virusâ€™. But it is still best to stay protected from any threats. Norton Anti-Virus or McAfee Anti-Virus are leaders in virus and spyware protection and are popular. Consumer reports rated Trend micro and Sunbelt software top 2 on their rating list â€“ about $30 to $40. Microsoft defender seems to also be a good one and it is free â€“ I use a Mac 95% if times. My desktop at home is a PC and probably not up to date with its antispyware program. This might be the culprit.
8. Obvious point but most important step… If you have done all this, and yet your password is hacked, it means only one thing. That you have told your password to anyone, or written it somewhere and it has been read. Don’t share your passwords, or write them down! â€“ I do not share my password or written them down.
My deepest apologies for the inconvenience and thank you all for your concern.
My new email is: firstname.lastname@example.org