Sign up for our free newsletter.
As many of my email correspondents are aware, my personal Gmail account was recently hacked. I still have no idea how this happened. I am not in the habit of clicking on email attachments or browsing strange websites, and I use an extremely strong, long and hard-to-crack password. Yet despite practicing an almost paranoid level of online personal security, my account was still hacked.
I felt sick to my stomach when I realized what had happened: My Gmail account had been used to send out a poisoned link email, not to just everyone in my contact list, but to everyone I had ever emailed (since Gmail remembers and keeps a list of these contacts, also). The hacker was smart enough to send in batches, so as not to trigger recipients’ spam filters, and also smart enough to send a link, rather than an attachment, to avoid antivirus detection.
Because I blog from my Gmail account, the poisoned link was also posted to my blog. And because my blog auto posts to my Twitter and LinkedIn accounts, status updates containing a link to the poisoned blog post were distributed to my social network contacts. It was a nightmare.
Luckily, I was made aware almost immediately. Unluckily, I was sitting in a taxi at the time, heading toward a four-hour train ride, followed by a two-hour car ride, and panicking that I couldn’t do much about it. Back to the luck side—the train had Internet access, so as soon as I settled in, I set out to minimize the damage and maximize the apologies. I think I did a pretty good job at both, but the embarrassment continues and my security paranoia has increased dramatically.
I’ve spent a lot of time thinking about how my account got hacked but haven’t come up with any answers. The bottom line is this: You can’t let your guard down online, no matter what. I was lucky my account wasn’t taken over completely—I could still log into it, change my password and ensure that none of my settings were changed. Other people haven’t been so lucky. But the stress level of being hacked was so high that I feel like a year was taken off my life.
I’ve changed a few of my habits since that day and have considerably beefed up my approach to password safety. In addition to basic password safety—sufficiently secure passwords, not shared with others or written down and stored in obvious places—here are some additional steps you can take to increase your online safety, too.
Because you can never have too much information or too many warnings, below are links to two stories that will stop you and make you think (and then make you update and strengthen your passwords). The first shows how easy it was for the Hollywood Hacker to take over celebrity email accounts. The second is a sobering account by journalist James Fallows about the hacking of his wife’s Gmail account, and the fallout.
And for a bit of fun and a lot more security, let Wolfram Alpha generate some random passwords for you (but first change the default 8 characters to 10 for extra security).
Vivian Manning is the IT Manager at Barriston Law LLP in Barrie, Bracebridge and Cookstown, Ontario. Prior to moving into IT, Vivian practiced law at Barriston LLP (formerly Burgar Rowe PC) primarily in the area of Municipal Land Development, with a total of 17 years in private practice before switching to the IT side of the law office. She currently indulges her love of teaching tech through her blog Small City Law Firm Tech, where she provides “tips of the day.”
Sign up for our free newsletter.
The "duty to Google" is a shorthand way of saying that when information is easily available, it simply cannot be ignored.February 21, 2019 0 1 0