Saturday, January 3, 2009

I'm stuck in London and I need some cash

Last week I received a call from my uncle stating that someone hacked his e-mail and informed all his contacts that he was stuck in London with a stolen wallet and in urgent need of cash. The rest contained details for making a Western Union money transfer. This scam has been making its rounds for quite a while, and my uncle was the third victim I came across in the past 6 months.

The scamsters compromised his account and e-mailed all contacts they could find. Although no one fell for the scam, his e-mail account is gone forever. How did they do it? As I have written before, all that stands between you and your e-mail is your password. And it can be obtained in many ways. In most cases, the password is simply guessed. Failing guesswork, a password can be reset by correctly answering some security questions, such as your birth date or address. Lastly, your password may be recovered through phishing, viruses or spyware.

For example, here's how they hacked Sarah Palin's Yahoo account

How do you protect your e-mail account? Here are four procedures to help increase your vigilance.

a) Avoid accessing e-mail from strange places. Most kiosks, cybercafes and other public access terminals are riddled with viruses and spyware, monitoring all your keystrokes and sending them to their masters. If you still had to use such services, change your password at the earliest from your home computer.

b) Disable all automatic login features. Sure it is convenient letting your browser remember the password and automatically logging you in, but you will pay a price for laziness sooner or later.

c) Choose strong passwords and change them often. This has been my most common advice!

d) Choose strong security questions. Most e-mail providers let you choose your security questions for resetting your password. Do not choose your birthday or city of residence or something as simple. Treat the answer as yet another password, which is hard to guess. After all, what is the point of a strong password if it can be reset with an easily guessed answer to the security question?

And lastly, learn to spot phishing scams. Take an online "Phishing IQ Test" at For the technically oriented reader, I highly recommend LifeHacker's Top 10 ways to lock down your data.