As many of you who are on my email contacts list are more than aware, my email was hacked this week. I apologise profusely to you all.
The thing is, how could I have prevented this from happening?
According to the lowlifes down at Hacker9 (don't look them up, I wouldn't want to give them the publicity), it is because I am "noob or [have] very poor knowledge of internet". At least I know that nouns need articles.
One other nugget of grammatically infantile information I managed to unearth from the little toads at Hacker9 is that email hacking can be done in three different ways. The first two I almost certainly did not fall victim to. The third, however, is rather more sinister, and could affect anybody. I'm going to run over all three and how you can prevent them from happening to you.
The first is password guessing. This is something that nobody should fall victim to. If a hacker is a close friend (unlikely), or just a manipulative internet acquaintance, they can have up to a 20 per cent chance of working out your password- by simply guessing. A lot of people use memorable names, dates and places as passwords. What's more, the majority of us use the same password for pretty much everything.
So then, give up on nostalgic passwords for high-importance accounts such as emails. Use a combination of random letters and numbers, preferably more than 8 characters in length. If the website allows it, also use punctuation. The official line for multiple accounts is to use different passwords for each, but this is not always reasonable. My advice, which is in no way endorsed by anyone, is to vary your passwords on a theme. For example, if you have numbers in your passwords (you ought to), increase them by 1 for each new account you open. Or, write the same password backwards. Or half backwards and the rest forwards. The combinations are only as limited as your imagination.
Now, I'm pretty over-the-top when it comes to keeping my password private. I most certainly practice what I preach. If an email comes to me from Paypal, Yahoo or anybody else, saying for security reasons I need to reply to the email with my password, I don't suddenly decide I'm a moron and offer them my bank account details and the keys to my house as well. So I can say with 99.9 per cent certainty that it wasn't this that caught me out.
The second method used by weed-smoking maleducates and opportunist sociopaths alike is Phishing. This is a common beast, and typically wanders round shouting, "I'm really obviously trying to steal from you." Phishing works by asking you politely for your bank account details, email password or similar by promising a lovely juicy worm in return. This worm is usually in the form of a free iPod.
You can avoid the Phishermen (or women) by thinking twice before entering your details online. Do you trust the site? Remember, it is very easy to lie on the internet, because nobody can see your face.
Though I must admit to being a little too trusting sometimes, I almost certainly haven't entered my password into any kind of popup, or badly constructed website offering freebies. So that leaves just one more option, one I hadn't fully realised even existed.
Yes, ladies and gentlemen, boys and girls, welcome to the murky world of keystroke capturing. If you want to avoid this one completely, seal yourself in a box and have your nearest and dearest feed you through a straw for the rest of your life.
It works in one of two sinister ways. The first is by using an actual hardware keylogger, which plugs into the back of the victim's computer and records every single keystroke they make. With an experienced eye, the important passwords are identified and the email accounts accessed. Though this approach seems to target just one person, and be of more interest to private investigators than spammers and scammers, how's this for a thought: what if it was stuck into a public computer? Say, in a library. Or a university.
Here it seems we may have stumbled across our culprit. There is of course, the second, even darker form of keylogging- using a software keylogger. This takes the innocent form of a video of a kitten falling off a chair sent to you by one of your closest friends. Only it's not actually from them, and it's not actually a video of a kitten falling off a chair. No, once you stop watching that kitten, he gets to work.
He makes a note of every keystroke you make, and beams that straight to the internet. On the internet, another kitten (kitten here being a metaphor for piece of software) calculates which of those keystrokes is likely to represent an email password. A third kitten then tries each of these possible combinations until bingo! She cracks it, and suddenly all your friends, family, old work colleagues and former schoolteachers are being offered Viagra.
Or worse. Another little scam running around the interweb presently is the idea that person A is being held hostage, and person B needs to send lots and lots of money to person C to free them. Of course, because the email was sent from Person A's account, Person B thinks it actually is Person A, and sends the dosh. That is, providing Person A typically writes in lowercase Courier New.
Luckily, none of my contacts got this message. They could have done though, and that makes me feel quite apologetic. I must do better. Though I am not noob, and have actually relatively snappy knowledge of internet, the second I let my guard down was the second a criminal tried his luck.
I will no longer write or check emails from public computers. It is terrible to have been reduced to this, but the internet is swarming with armies of kittens working for a plethora of the most diabolical faces you'll never see.
Be careful out there.
