Protecting your accounts online

Compromises continue to occur on social media and webmail accounts.

Just this week Simon Pegg’s Twitter account was used to socially engineer followers into installing what claimed to be a Windows screensaver but was really a virus.   Because he has a million followers, compromising his account gives ready access to many potential victims.  

But its not just famous people.   Your compromised account can be used to contact your friends, and business contacts from your mailbox.   One common scam is “help in london”.   In an example written about this week, the first email doesn’t ask for money.   It sets a hook by asking:

How are you ? Would you have time to spend by email on a peculiar situation about me ? I am in deep problems and couldn’t cope with your support.

Hoping to hear from you really soon.

Those who responded were asked to wire money.  It is an interesting story on trying to recover a Gmail account.  I.

You can avoid trouble through a number of steps.
1.   Don’t ignore error messages.   While you also need to not be socially engineered into taking action, legitimate warnings can allow you to prevent damage.  
2.  Don’t have easy to guess passwords.
3.   Dont have password reset questions/answers that are easily researched.  
4.  Take advantage of security offerings such as Google’s multifactor
5.  Where possible enable https only access.  
6.   Dont use these accounts on a shared network such as coffeehouse wifi.   If you do, log out when you’re done.
7.  Be aware of phishing.  For example, if you get an email promting you to authenticate to get more storage space in your Gmail box, you better think twice.   Would they make you log int to accomplish that or would they just do it?   Is the URL really a Google site and is it protected by SSL?

Social Media account and email accounts are valuable to a bad guy.   He/She gains the chance to social engineer your contacts with a higher chance of success.   The email account can be used to gain access to other even more valuable accounts because it is used in many password reset fuctions.