Posted by Mitch Mitchell on Jan 19, 2015
Last year, while flying down to where I was consulting at the time, I found that my business email account had been shut down. I figured that I would find out soon enough what was going on so I didn’t fret all that much about it. Actually, I pretty much was betting I knew what the issue was and my only question was why it took so long.
On the previous Sunday I noticed that an inordinate amount of spam was coming back on me via bad email addresses, way more than I’d normally seen. At some point last year I figured that my business email account had been spoofed, which is what they call it when your email address has been somehow taken from your website. I thought it was via some script.
When my email was shut down, it turns out someone had actually hacked my email account, which was set up at my host, and all this time they’d been sending these spam emails through that account. I was slightly stunned because I thought my hosts site was more secure than that, especially since no spam goes out through any of my other email addresses created there, and yet I’d wondered why it was still so strong after more than a year of my removing a script that had caused the original problem for me back in 2006.
I accept the fault for two reasons. One, my belief that my host wouldn’t be hacked for my email when it had been hacked months earlier through two of my blogs. Two, the password I had on that email account wasn’t particularly strong, as I’d set it up almost 9 years ago, and I just never thought about it all that much; idiocy. lol
There are these things we do and don’t do that threaten our online security, and we all need to be smarter about it. We don’t create passwords that are at least a little bit more difficult for a spambot to crack easily. We don’t update our software or our blogs when we’re notified of an update. We don’t check on some of the things we’ve attached ourselves to all that often, thus don’t know what’s being said or what’s going out in our names.
The thing is it’s really easy to protect yourself. For blogs, just update the software when the updates are available. For passwords in general, even if you have problems remembering them longer is better, and having at least one capital letter somewhere in there is even better than just going longer. For instance, you could have the word “invincible” but make the C capital, which suddenly makes it a strong password. Many sites require at least one number; do that as well.
On social media, don’t make all of your usernames and passwords the same on every site. If someone figures out one they’ll have access to everything. Some people will recommend that you change your passwords at least once a year but if you can make it pretty difficult up front, you might not have to do that as often.
One final thing. For any site that has anything to do with your money never save your username and password via the browser. All of us at some point inadvertently end up on a site with malware that’s looking to steal those things, and if you don’t have pretty good software to stop it at least you’ll have protected your most important information.
Think security first online; there’s just too many people looking to hurt you.