Wednesday, December 23, 2009
Wednesday, December 16, 2009
Wednesday morning, December 9th, I was sitting in my office with a tenacious salesman. He wouldn't let go let me tell you! Jenn, one of the staff members at the church, interrupted saying I had an emergency phone call from Dave Edwards. I went on missions trip wiht Dave when I was 13! What kind of emergency could he be needing me for?
Turns out he wanted to let me know someone had hacked into my Facebook account and was posing as me asking my friends for money. Good news is the salesman left (Mr Salesman if you are reading this sorry in advance)! I tried to get onto my Facebook account but my hacker friend had changed my password. So I tried to sign onto my email to see if the new password could have been mailed there, and he had also changed my password to my yahoo account. So all that day, off and on, I nervously got into all my other accounts and changed the passwords there and slowly got my facebook account shut down. A day later I was able to reclaim my yahoo account and send emails out to everyone apologizing for the annoying behavior of my evil twin.
Sooooo - I did pick up a few security lessons learned so if you are interested I am sharing them here for you:
1. Secret questions should be really hard. I think this was my hackers first entry portal. He creeped my FB account, got a few pertinent details about me, and was able to change my yahoo password by answering two secret questions correctly. These questions were way to easy. Anyone can find out what high school you went to so your high school mascot is a worthless question. Same with your favorite sports team if you have ever blogged or twittered or updated your FB status talking about your team. Most sites let you choose your own secret question, so develop one like "Where were you on December 14th, 2004? or something obscure like that.
2. Do not use the same password for your many accounts. No one wants to hear this. I have accounts with Facebook, two banks, Yahoo, ebay, Google, Paypal, Blogger, Amazon, Kidology, Blackberry, Chase Visa, my work email, and lots of other sites. The ones where damage can be down to your bank account or your reputation are the most important to protect. My Facebook and Yahoo were the exact same password and many of the others were a derivative of that password. Not anymore, they are all very different. I have had to work out a system to help me memorize these passwords. UUUGH!
3. Hide your information on Facebook. Set security so only your friends can see your information. I would still leave my name and picture there for old friend seekers but nothing else. Do not even use the "friends of friends can see" your info option.
4. Remember your secret question answers. It took me a whole day to get my yahoo back because one my secret questions was my youngest son's nickname. Now I have five sons who have multiple nicknames and I couldn't remember when I answered this secret question. It took me a day to get it right. I possibly could have saved my facebook account and not requested for it to be shut off IF I could have gotten on to my yahoo address and had a new password sent there. It was taking too long and I didn't want the hacker out there psoing as me any longer though.
5. When possible with your Facebook and bank accounts and other online accounts have two or even three emails linked to them. that way if one email gets hacked into and then gets used to request access to a site and change a password, this request gets emailed to all your accounts. If I would have had another email address linked to the Facebook account I could have had a request to change the password back to something I knew and sent to another of my email accounts and the hacker would have been cut off.
So five lessons I learned. I have always been Mr. Slacker when it came to security, but I have learned my lesson! I am just thankful most criminals are stupid and for those of you who got the requests for money you knew right away it wasn't us!