9

Rick Roll’D and other scams

If you spend anytime on Facebook sooner or later you or a friend of yours is going to get hacked. Just last week a friend of mine, Carly Johnson, a REALTOR with Keller Williams Realty in Johnson City got hacked on her personal Facebook page. I found out because I received what seemed like a very odd message from Carly on Facebook. The note seemed so out of character for Carly that I immediately messaged her  asking if the note was really from her. Carly and two of our region’s finest I.T. gurus have provided me with this information in order to keep this from happening to you!

MarketingMel: Carly, tell us what happened.

Carly Johnson: Last Monday, I received a text from a friend asking if I had sent him a Facebook message regarding a picture he needed to look at. Almost instantly, I received a similar text from another friend, and then my iPhone began showing several Facebook notifications of friends sending messages saying they were unable to find the picture. I went into my account, only to find that it appeared as if I had sent this message to every single Facebook friend. “hey, go to album32 dot com and search for “name of friend” then click on the first photo. I bet you didn’t remember that, eh?” I knew I did not send the message, so I began responding as quickly as possible to every friend who messaged or texted me to make sure they did not try to go there. After sending about 20 messages, I decided to update my status to alert people that I did not send the message and that they should not do as requested. Thankfully, Marcus Ledbetter saw my post and posted that it was a phishing scheme designed to steal passwords.

MarketingMel: Carly, what have you learned from this?

Carly: I changed my passwords on as many different accounts as I could think of, and I updated my status again to alert others that they may need to change their passwords as well. I continued to send messages to friends who were responding throughout the evening, and some are still trickling in. The terrible part is that the message is authentic looking enough to make people think it is from the supposed sender. Unfortunately several of my friends attempted to view the picture and put their passwords in. I have been trying to determine exactly how my account was hacked, and I cannot even remember a time that I clicked on anything unusual. That just means that it is way too easy for them to get in.

MarketingMel: Carly, any takeaways for others?

Carly: I am on high alert now and am being overly selective with regards to my accounts. One lesson I definitely learned from this experience is not to have the same password for multiple accounts. If I had used the same password for my bank account, it would have been very easy for them to research my account to find out where I bank, and they would have known my password. Lastly, it saddens me that people who have the intelligence to make a scheme like this one work, would not have a desire to help others instead of stealing and making people’s lives difficult.”

MarketingMel: Marcus, what is your advice as an IT professional and Director of Operations at ITD Interactive?

Marcus Ledbetter: The key is – while your bank and other important accounts have good security measures in place to stop the brute force intrusions (brute force is where they basically have a program that just guesses as many passwords as it can in hopes that one of them gets in). Twitter does not.  Facebook pages get hacked all the time though – and folks that I’ve talked to that have gotten hacked often have simple passwords: names of their kids, pets, whatever. To make matters worse, people often use the same passwords, or variations of the same password, for all their online accounts. This is the big problem – while getting your Facebook page hacked can be annoying, and sometimes embarrassing, the real danger is if the password they used for Facebook also works for your email login. If they can get into your email account they can often get into bank accounts, credit card accounts, etc. They can request password resets and often get around security questions using info they learn sifting through your Facebook information. maiden names, past addresses, etc. It can snowball very quickly.

Then I sought the advice of my I.T. professional, Andy Mitchell of Holston IT.

MarketingMel: Andy, can you tell me what you tell your clients so they can protect their passwords on Facebook and elsewhere?

Andy Mitchell: The best advice I can give you about passwords would be a few simple rules.

  1. Your password should be over 12 characters in length.
  2. It should contain Upper & Lower case Letters, Numbers, and special characters such as ! @ # $ % ^ & *
  3. It should not contain words or phrases.
  4. NEVER USE THE SAME PASSWORD TWICE!  Each login needs its own password.
  5. Do not save your passwords when prompted. Always type them in.
  6. Change your passwords OFTEN.  Every 30-90 days depending on how important they are to you.

 

Another school of thought is to use several common words that have nothing to do with each other to create a really long password.

IE:  pinkhorsesummersnowflaketennessee

MarketingMel: How do you avoid phishing attempts?

Andy:

  1. Never click on a link in an email.  If you hover your mouse pointer over the link it will either pop up and show you the hidden URL or it will show in your browser at the bottom left.
  2. Copy Past the link if you must.  This will copy the text you see and not the hidden hyperlink. Only do this if you are sure the link is safe.
  3. Manually typing it into your browser is another alternative. Again only if you know the link is safe.

Here is an example of what I describe above.

http://www.holstonit.com

If you copy past it you’ll get my website.  Click on it and well…..

  • Generally I only click a link in an email when I requested a password reset, or need to activate a new account.  Otherwise I go to the website and log in the normal way rather than taking the shortcut presented in the email.
  • Keep Adobe Flash and Java updated.  Check them at least every 30 days even if they are set to update automatically.  Java exploits are one of the top sources of computer viruses.
  • Finally, Install Firefox and the Adblock-plus Add-On.  This will strip most advertisements from webpages and online videos.  This goes a long way to help you avoid confusion.  Not to mention it is nice browsing without those annoying commercials.

Many thanks to Carly for sharing a story that could happen to any of us and to Marcus and Andy for providing solutions that we hope will help keep all of us a bit safer! Please share your stories here with us along with any tips you have for preventing these things from happening! 

photo credit: DavidDMuir via photopin cc

Follow me on twitter @MarketingMel.

Option 1: Comment Using Facebook

comments

Option 2: Comment Using WordPress

9 Responses to “Password Protection and How to Prevent Phishing Scams”

  1. Great advice, Mel. Thank you for such a well-written post. You never can be too careful on the Internet. Guard your passwords just as much as you would your wallet or purse.

  2. Kristen Pierce says:

    This is a serious eye opener! I just re-set all of my passwords. Thanks for the tips everyone!

  3. I admit I hate to change passwords around, but I sure will do more of it now. Thanks for the solid tips, Mel, and for jumping on your friend’s experience in a way that we can all benefit.

  4. It’s amazing how cleve these folks are. Rolling over the sender’s email or the return link is a good way to see if they are authentic. Thanks for the info.

Trackbacks/Pingbacks

  1. Password & Security Tips and Guidelines - Holston IT- Holston IT - October 22, 2012

    […] http://www.marketingmel.com/2012/10/22/password-protection-and-how-to-prevent-phishing-scams/ […]

Leave a Reply