Ever get the email about the Nigerian Prince who wants to send you money? Email Hackers really know their stuff and recently have been stepping up their game. You probably already know this or are the one in ten-thousand who have not received an email from someone you purportedly know and communicate with frequently that absolutely makes no sense? Or, have you been contacted by that same someone inquiring if you really are where your “email” claims? Perhaps your email service has been hacked?
Just Last Week
We were contacted by a customer who was steaming mad. Initially he believed our company’s server must have been hacked, because his clients were receiving obviously malicious emails with the sent-from information being his email address. And some of his clients were really annoyed. Our IT director jumped into action like a cat on a hot tin roof. No way did we want to allow a hacker to break through the firewalls of our dedicated secure servers without us catching it early on. After running diagnostics for hours trying to find some hidden Trojan horse, a computer worm, or some bit of code that cracked the encryption; nothing. We informed the customer accordingly, but were not sure they fully believed our statement of “it’s not us.”
The culprit turned out to be the “big name” nationally recognized cable-based internet service provider. Through a brute force attack, or client’s username and password had been compromised by a hacker. In these situations the hacker usually changes account information vital to resetting passwords and reply-to email addresses, just before they begin blasting our malicious emails to the contacts stored there. In these emails they usually ask plead emergency and ask for money, with the replies going to another address they control (see below). These emails may also include links that result in virus downloads, so they can infect and invade other systems. The last step- they delete all of the contacts and email records.
Instead of help@CheckYourISP.com the hacker will cleverly change the reply-to address so it looks familiar to the reader, but in fact goes to a totally different account, one they control, like help@ChsckYourISP.com in this example.
Has This Ever Happen to You?
David, a Zen Marketing team member, remembers two of these events as though they were yesterday. The first time was about 7 years back when he was a Hotmail account holder. He received a call from a friend (must have been a close one, because he had his phone number) asking him where he was at the moment. Imagine David scratching his head as he responded, “in my office.” To which his friend replied, “You’re never gonna guess what I just received……” The message stated that David was stranded in London and because of a mugging (David lived there at one time so it made sense to his friend) with no passport, cell phone, and a plane ticket that was also stolen, and no money. Would Steve wire him $2500 so “he” could settle the hotel bill, buy a plane ticket and get back to the USA?
When David heard the message particulars, he immediately went into a panic. Upon first checking his email account, he found that he couldn’t even access it; he kept getting an “invalid password” message. That’s when his heart started pounding so hard he thought he was having an attack.
Please note that David’s Hotmail contacts totaled more than 3500 names strong, and a very valuable asset. When he was denied entry, he contacted Microsoft support, but claims it got him nowhere. He had lost all of his contacts forever. If there were software programs for randomizing passwords back then, David certainly was unaware of them.
Same Thing Only Different
Fool me once, shame on you, fool me twice….. You know how the rest of it goes. In 2010, it happened again, only this time it happened to be a Yahoo email account. David began getting email messages from himself. At first he was merely confused, thinking that he must have clicked some toggle in the settings that provided an automatic copy; upon some investigation he determined that it wasn’t caused by the settings. Within a few days his email inbox was flooded with emails all generated from his own email address. It suddenly occurred to Davis that he had been bitten by the hackers once again.
How About the White House, How About Sony?
The most sophisticated firewalls, internet security and virus protection on the market, for the highest level of users, is anything but foolproof. The White House and Sony Corporation suspect their information systems were hacked by the North Korean government or some group they are funding. But email hacks are not unique to governments. Hackers utilize extremely sophisticated technology and advanced computer systems for trying to access online banking information, identity theft, and of course your usernames and passwords. It happens to business large and small, big governments and private citizens; everybody at one time or another is a target.
Some Solutions are Available
When the hacking events happened to David, he was oblivious to the software solutions available to randomize and manage passwords. As a point of fact, far too many people like David rely on a spreadsheet or a notepad file for recording the passwords to all of the online accounts they have opened or opted-in to. At the time they probably thought it would be a satisfactory way to keep track of all that important information, and especially in case someone had to erase their online life after they had departed this world. In hindsight, this is really… well, stupid! Doing so would make the list just as vulnerable as using the same password for all of their other online activities, including banking, social media, and business emails and so forth. David was much more thoughtful than those depicted in films, the ones where the protagonist uses her birthday or their maiden name as a password. David thought he had a sufficient plan for his security and password protection.
Because Zen Marketing’s clientele is exclusively small businesses, and we are known as a heavy technology user, we are often asked to lend our experience to solutions to tech-related issues like email hacks. We have researched some of the top password management software programs available, developed so that every small business need never have to remember passwords (save one) or worry about their accounts getting breached.
Some solutions can be found online and are free, although most are subscription based services. The top 10 password solutions are reviewed here for your consideration, in the event your sense of urgency has been heightened from reading the accounts contained in this article. Be forewarned that many such review sites are actually paid advertising sites and favor the software company willing to pay for a better review. But the head-to-head performance data points are usually good to read through.
Some of these programs are PC-based, and others oriented for mobile users. In the Zen Marketing office we use 1Password, which is PC-based but has an app (for an additional fee) for the iPad or iPhone. Most not only store the information, but also have super clever methods of generating very safe passwords using random letters, numbers and special characters, and in the length of your choosing.
In addition to performance and usage reviews, there is a wealth of information available from the Top Ten Reviews on the subject of online password security and possible password management solutions.
If you are not presently using such a password management application you should be. It’s become painfully obvious hosting your email or password information on a nationally recognized brand-name server or browser isn’t offering sufficient protection by itself.