Saturday, December 13, 2014

SAFEGUARD YOUR EMAIL ACCOUNT : BEWARE OF A NEW MALWARE



A SECURITY WARNING ….YOUR EMAIL  MAY BE HACKED : PRECAUTIONS FOR PREVENTION
In this article, I just tried to  briefly describe few common  examples recently observed , with  ONLY a little bit of technical information regarding – how emails are being hacked, symptoms, what to do in case your account is hacked  and  precautionary measures to protect yourself.  This is not a comprehensive discussion, but covers some of the common issues and remedies.  The following screenshots are from the emails spammed my mailbox. My antivirus helped me to evade the attacks ( I personally use Bitdefender ; see discussion below- point 2 of  the section ''Other Important Information"). 

A new malware spreading through emails – 
MANY VARIETIES…. NEVER EVER CLICK THESE LINKS SHOWN BELOW….THE HACKER WILL STEAL YOUR ACCOUNT…ALMOST IMMEDIATELY. 
(example one and two are the most virulent forms from a hacker. third could be a spoofer- see below).

One looks like the email provider telling that you have some pending emails and to retrieve them you have to click a link : the link takes us to a malware which hacks our emails and personal data- be cautious..!

 
Second :
You will be told by hacker (looks like official email provider)  that you have only some space left In your mailbox and you need to upgrade.


Third :
You will get a mail from your  friends  that they need to share a link.  The senders actually do not know that they are sending these …!  Don't misunderstand them.  sometimes, an attachment will contain a virus.


NEVER  EVER CLICK THESE LINKS….THE HACKER WILL STEAL YOUR ACCOUNT…ALMOST IMMEDIATELY.
If you are lucky enough to have an updated antivirus, it might show the following message :

What happens  next if you accidentally click the links :
Your email will be hacked immediately. And soon, some of your friends will get a message that  you’ve been stuck somewhere in a remote country  when you went for a conference.  If any of the recipients respond, a series of  messages follow that will hack the email or bank accounts of the victim (the unfortunate recipient).
There is one more variant : instead of being hacked, some of the hackers use  ‘spoofing’,  i.e., Mail is being sent from somewhere else with your address being forged onto its "From:" line.
Many times, we do get spam , with ads of  Viagra, watches,  cosmetics or condoms, with from address stating the names of known. The hacker sends emails from your email id to others. While the spoofer uses your email id to be shown, though the mail is sent from somewhere. If your email is hacked, it is an immediate danger while, the spoofers eventually compromise  your security by sending links with adware and malware.
IMMEDATE STEPS IN CASE YOUR ACCOUNT IS HACKED :
If you could still access your email account :
1.       Change the password immediately- choose a password that is difficult to guess (using the name of your spouse,  date of birth etc makes it easy for guess and makes your account prone for hacking); choose to add few numbers also to be included in the password.
2.       Keep your retrieval information (like security questions  etc) updated. Nowadays, email providers also use OTP (one time password) to be sent to  your mobile. So, register your mobile in your profile.
If you could not access your email account : it is possible that the hacker might have changed the password.
1.       Reclaim your account by using, “Forgot password” option. You need to answer the security questions  or using a backup email account. These options  vary from  and depend on the individual email providers.
ARE YOU SAFE AFTER CHANING THE PASSWORD ? :  NOT COMPLETELY
If your system is infected with a  spyware/malware/virus etc. , even your new passwords will leak to the hacker. You have to scan your system using a good, updated antivirus.
WHAT MAKES YOU PRONE FOR HACKING ?
Using the passwords that are easy go guess, sharing the passwords with others, clicking on the links in the email spam (as shown above), using the same passwords for several sites, using easy security questions (like mother’s maiden name etc.)..all these will make you prone for hacker attacks.
In addition, if your computer is installed with several free programmes, however legitimate they may be, will sure to attract some adware. That eventually brings some malware too.
In some cases, children might be playing some online games, and in doing so, they madly click on any link that appeals to them. Some hidden links will install spyware in your computer, which will be activated later.
Sometimes,  watching  the porn sites  might  infect your computer  so badly that  your passwords  and credit card information etc will all  be stolen in one go.
WHAT PRECAUTIONS TO BE  TAKEN :
·          SETTING  THE  PASSWORD :
1.       Use a password that is difficult to guess, with a combinations of letters and numericles.
2.       Keep changing the passwords often.
3.       Never share your passwords.
4.       Use different passwords for different sites.
5.       Keep your  security information updated (security questions, back up email, mobile phone number etc) and registered with your profile.
·         CARE FOR USING THE SYSTEM/INTERNET :
1.       Never try to open your emails in shared computers/ public computers/ public wifi like air ports, hotels, shopping malls etc. : this makes you more vulnerable.
2.       Never click  on any links  in spam .
3.       Never respond to emails asking you to update  your login Information/upgrade your account etc.
4.       Never enter your email  id and password  in any sites other than the website which you regularly check email. See the address bar carefully before you actually type in the info. – some sites will appear as the original sites (email provides, online bank services etc). but if you check the address carefully, you can  avoid being mislead.
·         OTHER IMPORTANT INFORMATION :
1.       UPDATE YOUR BROWSERS : MOZILLA FIREFOX AND GOOGLE CHROME  are the popular and widely accepted ones. internet explorer is inbuilt with windows. But, unless you have the original and legitimate operating system the security flaws  will not be patched.
2.       UPDATE YOUR ANTIVIRUS : ALWAYS USE A GOOD ANTIVIRUS PROGRAMME .  UPDATE IT REGULARLY.  Many antivirus programmes update themselves automatically if you are connected to the internet.  Among the free programmes, Avast, Avira and AVG are good and popular ones. Some reviews say AVG  is more bloated  and may not clean the antivirus completely. I  personally feel  Avast or Avira are better, though some amount of false positives   may be seen with them.  Among the paid versions,  Bit defender or Kaspersky are the best ones. They are not very costly. One year subscription costs between Rs.  600-1000. NEVER USE CRACKED OR PIRATED ANTIVIRUS.  IT IS GIVING KEYS TO A WATCHMAN WHO LATER WILL GIVE THE KEYS TO A THIEF. USE ALWAYS A LEGITIMATE SUBSCRIPTION, PAID OR FREE. They will  also protect you against the autorun viruses that spread through pendrives. Malware bytes is another good programme. But , don’t install two antivirus programmes  simultaneously in the system. It will crash the system.
3.       BEWARE OF FAKE SECURITY MESSAGES :  SOMETIMES YOUR SYSTEM STARTS SHOWING MESSAGES LIKE : YOU NEED TO INSTALL  A SECURITY SOFTWARE ETC. DO NOT BE DUPED INTO SUCH  FAKE ANTIVIRUS. SEARCH GOOGLE FOR THE WEBSITE OF ORIGINAL ANTIVIRUS PROVIDER. DOWNLOAD FROM THEIR SITE ONLY. The fake antivirus pops up and asks you to install . the moment you install the fake antivirus, your system slows down, several web pages automatically popping up and eventually and  your browsers start  behaving strangely. Removing them will be very difficult.
4.       Use  a system cleaner like, Ccleaner. Use it regularly to remove temporary files and cookies.
5.       Do not  install freeware, without verifying its legitimacy and deciding its need.  Follow the installation steps carefully. Several software download and install some other software  llike browser toolbars , antivirus programmes  etc also, if you do not carefully look at the check boxes as the  installation progresses.
6.       Do not visit porn sites or online gaming sites, unless you are prepared to accept the risks hidden in them.
7.       Use adblockers and popup blockers available in chrome or firefox.
8.       Never use  public  internet places to access your emails or bank accounts.
9.       Never download and open the email attachments unless you are sure of what they will be containing. 
10.   Delete spam mails. Do not open any links from them.
11.   No email provider will ask your passwords (except while logging in for the first time) or credit card details. Be cautions.
12.   Keep a backup of your address book. This helps in case you can not access your old mail and create a new mail id :-)

 
 Please share your views, ideas and experiences in the form of comments below.


1 comment:

  1. News Item in Deccan Chronicle today (14-12-2014) :
    Cyber crooks target freshers hunting jobs
    DC | K.K. Abdul Rahoof | December 14, 2014, 01.12 am IST

    http://www.deccanchronicle.com/141214/nation-crime/article/cyber-crooks-target-freshers-hunting-jobs

    " Cyber criminals who target job hunters now collect contact details of freshers from job websites and offer them jobs. They sent emails to the victims from IDs that is identical to an MNC using email spoofing. They cheat them by levying all kinds of charges and finally send them a fake appointment letter."

    ReplyDelete