If you have not heard, Google has reported that several prominent Gmail accounts have been compromised. Some well known sites are reporting the accounts as “hacked”, but when you read further into their articles, they clarify that the method of obtaining access to the accounts was through a phishing scheme. The term “hacking” gives me images of cracked security protocols and compromised networks. If someone reports that a Google account has been hacked, it should mean that a hacker (or group of hackers) has broken through code and/or security measures to gain access to the accounts. It indicates that Google failed to protect its data from malicious attack. However, that is not the case here. No one cracked into Google’s systems. What they did was trick people into giving out their account information and then use that information to access the accounts. Usually you can avoid compromises like this by not giving your account information to anything other than the source site (i.e. Google.com), but it is not always that easy. Some phishing schemes involve mimicking the source sites so that the average user is not even aware of anything being askew. This is a growing problem nowadays. The good news here is that more and more companies are taking steps to combat phishing attempts by further securing the authentication process between the user and their account. Google has just enabled an optional two-step verification process for Google accounts and I recommend you look into it if you have a one. Here is the video that they released to explain two-step verification.
There are several other suggestions to make with regards to securing your account access and you can find lots of articles online providing suggestions. Here are some password suggestions:
- Passwords should have at least eight characters and include numerals and symbols and both capital and lower case letters.
- Don't use common words. Hacker tools include programs that try every word in the dictionary.
- Don't use birthdates, pet, children or spouse names, your login name, or adjacent keys on the keyboard as passwords.
- Change your password regularly.
- Don't use the same password from all of your accounts.
- Don't login to accounts on public computers. This includes internet cafes, libraries and schools to name but a few.
- Sensitive information should be protected with very strong passwords. Banks and online trading accounts should be as difficult to crack as possible.
And here are some general practices to follow with regards to system security, web browsing and email:
- Keep your operating system up to date. Automatic updates are usually enabled by default on Windows XP, Vista and 7.
- Keep your browser up to date. Last year, my brother wrote a great article about web browsing security. If you have not read it yet, it is worth looking through.
- Install anti-virus and anti-malware programs. The key here is to regularly update them as well. Otherwise, they quickly become ineffective. Here is an article that I wrote last year about this topic.
- Use a firewall (either a program containing one or a router that has one built in). Most prominent Anti Virus packages will contain firewall software these days. Make sure to check though.
- Never click on pop-ups while browsing. And remember that lots of popups will attempt to look legit by claiming to be virus or malware scanners. DO NOT click on them. If you are concerned after seeing a message, close your browser and just open your AV or malware software choosing to run the scan from within that program.
- Never respond to Spam emails. Never. Ever. Period.
- Never open email attachments from people you don't know. If things seem off, email the sender and ask them to verify the legitimacy. You can also search the web for it too.
- Never click on links in your email. Instead, copy/paste the URL into your web browser to ensure that the link is not redirecting you unexpectedly.
- Avoid using your email address for random registrations. It is highly advisable to create a throwaway email for programs/sites that require registration. I use an old Hotmail account for general registrations. If it gets compromised, it does not have an address list in it and cannot be linked to any important accounts of mine.
The more you know about how vulnerable you are out on the Internet, the better prepared you can be. Don’t let yourself fall victim to avoidable schemes and attacks.
RSS
I just do the old CONTROL, ALT, DELETE followed by unplugging then proceed to a public stoning. If that fails have the dog piss on it and run it over with your lawnmower. Lets see you hack that bisnatch!
THANK YOU! I've had to tell several people today that Google wasn't actually compromised. The amount of poor reporting on this is infuriating. <br /><br />Great advice, and to second the suggestion, if you have a Google Account you should totally use two factor auth. It's very easy to setup and work with.