Hints and Tips
Sometimes I write up some tips or hints. I've collected some here for your amusement.
- About Wyze Cameras
- Clean up your own PC
- Your friend got Cloned
- Using Evernote to save Facebook Info
- Sharing Google Calendars
- Check Your Phone
- Your ISP Sells Your Information
- Bypassing Page Counters
- Password Managers
- The Case for Strong Passwords
- A Phishing Email
- How did this guy get my password?
- Safe Buying and Selling
- Choosing Security Cameras
- Sending EBooks to Kindle
- What are Short URLs?
- How about Surge Suppressors?
- Prevent Tag-Jacking
Scroll up for the full list of hints
How did this guy get my password?
Suddenly, all my friends are getting emails from me asking for money or advertising dodgy websites. How could this happen? How did somebody in Russia "Hack" into my account. The answer is simple. You gave him your password. Here's what probably happened.
You got an email from someone. Maybe it was Facebook. Maybe it was Yahoo. Perhaps it was even Paypal. This email started out with Dear Customer (they evidently forgot your name) and warned of dire problems if you didn't log in immediately and "Fix" something. They helpful guys even provided a link. You never even noticed the misspellings and grammar errors. "You muft be fixing of this now right" just looked OK. You were more concerned that you had a problem.
The right thing to do would be to go to your browser and type "www.Facebook.com" or "www.paypal.com". However the link was right there so...
When you arrived at the page, which looked exactly as you'd expect, you forgot to look up in the location bar. You know. Up top. Where it tells you what site you're on. If you glanced up, it probably looked right. http://www.yahoo.com. Good. However, keep reading. Instead of ending yahoo.com/, it had more. http://www.yahoo.com.bigbeast.co.uk maybe. It's not Yahoo. It's a virtual domain set up at the British domain bigbeast.co.uk.
So, you enter your password. Suddenly you've been "Hacked". Maybe they put up a realistic screen to look like you fixed the awful problem. Maybe they redirect you to disney.com. At any rate, they are now free to use your email or FB account or bank account as they see fit.
Perhaps you heard about a certain Campaign Manager who was "Hacked" by Russians. A few bazillions of his emails were sent from Russia to WikiLeaks who dribbled them out, much to the delight of one party.
I'm sure many think these guys in Russia in a cave somewhere did that thing they do on TV. Type Type Type... We're IN! Nope. Not at all. They sent him an email. In the email there was a Google logo. The email said his account needed attention and provided a handy link. He clicked it, got the Google logon screen and entered his password.
What he didn't notice was his location (URL) at the top of his browser. Instead of google.com/, he would have seen google.com.somethingelse.ru. This was a website in Russia. Probably, after he entered his information, they routed him to the real Google.
So, these "Hackers" just logged in every day as him and downloaded his email as text files. They could then make any "adjustments" they wanted and pass them on.
So, what did we learn?
If you get an email from someone and it requests any action, read it carefully. Very carefully. It's almost always a fake. Paypal, for instance, will never ever say "Dear Customer". They'll use your name. Mouse over any links. Look to see where a link is taking you. If the link says "facebook.com" and you hover your mouse over it and see "bigbeast.co.uk", don't click it.
The safest way to handle this is, if you get an email from "Yahoo", open your browser and type www.yahoo.com. You'll know you're actually going there.
As a final note, remember to not open any attachments. If you get an email from the US Post Office saying mail couldn't be delivered and to open this attachment, ask youself one thing. How the heck did the US Post Office get my email address?
Be paranoid my friends.