EMAIL HIJACKED

Recently, there have been more than a few eGroup postings that seemingly come from DOAI members, but the postings are either spam or are links to viruses or other malware. In most cases, the postings are not actually coming from the member's computer. (If they were really coming from the member's computer, the computer definitely has become infected.) However, upon close examination of the email header information, almost all of the spam emails are "spoofing" the member's email address - the email appears to come from the member, but it is really coming from someone else. Unfortunately, this spoofing also fools Yahoo into allowing the message be posted to the eGroup, since only messages from members are allowed.

So, how does this happen, and why is it usually Yahoo accounts that are affected? Notice that I said Yahoo accounts - some ISP's, such as SBCGlobal, use Yahoo email for their customers. This saves them the expense of running an email server, and the customer does not realize that his email is being powered by Yahoo. The bottom line here is that there are MANY Yahoo email accounts so many accounts that I could make up a Yahoo email address and the likelihood is that someone has that address. Or, maybe I already harvested a list of valid Yahoo email addresses, and now all I need to do is guess their password. There are several computer programs that can very quickly cycle through a zillion possible passwords to finally identify your password. This is known as the "brute force" method of determining passwords. Lesson One - don't use a dictionary word or a first and/or last name for your password. Ideally, it should be random letters and numbers. More on this later.

Another popular way to capture your login credentials is to trick you into giving them up. One way or another, you end up on a fake Yahoo log-in page where you type in your username and password. There are numerous ways to trick you to this page, but the bottom line is that you would have no way of knowing you are not on the real login page unless you very carefully checked your browser URL and knew what you were doing. BTW, this process of tricking you on a fake site is called Phishing. Read the next paragraph for a sure solution to this.

The really easy and best solution to protect yourself in the two scenarios above is to use a Password Manager. I really like LastPass because it is free and works on Windows, Apple and Linux computers and also Apple, Windows and Android smartphones. But, there are other alternatives such as KeePass, Roboform and 1Password, just to name a few. LastPass will either generate a gibberish password for you, or you can type in your own. And you will never forget your login or password when you visit that site again, and a string of 8 or more gibberish characters won't be hacked. But, there is another great advantage to a password manager. The password manager knows when you are being Phished (when you are not on the real site you think you are on), and it won't fill out the login/password, so the bad guys won't get your login credentials.

Which brings us to the third way that your login credentials are stolen - malware on your computer. This could be in the form of a key logger that captures your every keystroke, decides what is important, and then sends it on to the bad guys. Or, it could modify a file on your computer so that you are always directed to the Phishing page instead of the real page. There are many ways for malware to get on a Windows computer. Even the best antivirus software will only catch a small portion of new malware. Which is why I often recommend most users consider using an iPad tablet or a smartphone for email and most of their internet use.

If your email has been hacked, here is what I recommend you do. First, make a copy of your address book and then delete it. Then, assuming you still have access to your email account, change your password. Just to be safe, change the password (even better, also your login) on all your sensitive websites. The last step is to determine if your computer has been compromised - if the spam email came from your computer, then your computer definitely has malware on it. Find someone with the knowledge to determine if the spam email has come from your computer. Perhaps you knew your computer was turned off when this happened, so that would be a good indication the spam did not come from your computer. If your computer has been hacked, the only sure way to get rid of the malware is to reformat your hard drive and reinstall your OS, programs and data. Hopefully you have taken my advice earlier and have an image you can restore from and also data backups so that this is just a 20 minute process instead of a much more labor-intensive process. This time, make an image of your hard drive. Windows 7 and Vista have the ability, albeit a bit hidden and cryptic, to make an image. There are also several good free stand-alone programs to do this, in addition to several paid programs. Just be sure that your disk image is kept on an external hard drive and not your internal drive. This will protect against the failure of your internal hard drive.