In the last 24 hours I have had 5 of my clients email accounts hacked. Someone figures out their email password, logs in and sends out an email something like the following to everyone in their contact list:
“I am traveling in the UK and I had my bag stolen with my passport and all my credit cards. I have no way to pay for a hotel or ticket home. Could you please wire me money ….”
They then change the password on the email account and change all the security questions locking out the true owner of the email account. Now they are free to use your email account, impersonating you and trying to trick anyone they can in your contact list into wiring them money. Frequently they will attach a virus to the message they send to everyone in your contacts list. It looks like the targets of these attacks are owners of common free or free with your internet connection email addresses (ending in sbcglobal.net, yahoo.com, gmail.com, aol.com, msn.com, Hotmail.com, pacbell.net, att.net, etc). So far I have not seen this happen to customers with corporate email addresses (like firstname.lastname@example.org or most other email@example.com type addresses) – however, don’t let this prevent you from trying to setup a more secure password.
On top of trying to trick your contacts out of money, they delete ALL your email history and contacts. From what I can tell so far, the deleted messages and contacts may not be recoverable depending on which service you are using. So there is a potential to lose ALL of your email history.
It takes HOURS of phone calls (many free accounts like Yahoo and Gmail don’t even have a support number to call) and emails to your email provider to get them to reset your password (if you can prove you are the true owner) to regain access to your email account. After submitting proof you own the account it can take them up to 24 hours to process it and get you back in control of your email address.
The reason these accounts have been hacked into is because the passwords are too easy to break (but occasionally it’s because your computer is infected with spyware, malware or keyloggers). Today, computers are so fast, that In just minutes they can try millions of password combinations and quickly figure out your password. This website has a chart showing this: http://wiredcpu.com/how-long-will-it-take-for-hackers-to-crack-your-password/.
This website is a great way to see how secure and how long it would take someone with a modern PC to hack your password: http://howsecureismypassword.net/.
This website describes in great detail what goes into selecting a SECURE password: http://wolfram.org/writing/howto/password.html
In short, if you have a simple or short password I recommend you change it as soon as you can! Many people have trouble remembering a secure password like 4Fz@lo49% (this password would take about a million years for a modern PC to hack). So I suggest you modify an existing password and/or use a word you can remember with a few modifications:
Let’s say your current password is hotdog (this password would be hacked almost instantly as it’s a dictionary word). We can make a few modifications to it to make it a very strong password, yet still easy to remember. We will use pager code (swapping out letters for numbers and symbols that look similar) to make this password a little more difficult, turning the password hotdog into H01d@g (capital H, replaced the o with a zero and the other o with an @ symbol which looks like an o. This password by itself would take about 4 hours to crack). Then we add some numbers before and after this word – 22H0td@g98 (added a 22 before it and a 98 after it. Still relatively easy to remember – but this password would take about 17 thousand years to hack).
If you have any questions about how to change your email password (or a password to any other online account – email accounts and banking websites should be at the top of the list), you can often check the help section of the service you use for instructions or Google it (“how do I change my yahoo email password”). If you are using an application like Outlook Express, Microsoft Outlook, Thunderbird or Mac Mail App you may also have to update that program with your new password. If all else fails, send me an email if you need help!