AN ENIGMA: THE CASE OF HACKED EMAILS IN DIFFERENT FORA
After receiving a private email from a fellow forumite who I hold in high esteem, I have decided to write on this issue. Though it seems "the beast" has been tamed for now and though some (or many) of us know what to do, for the benefit of those who don't, I am providing this "mbaak mkpong" post. I am in no way an expert on this issue so if I here, those in the know should please speak up:
After studying the rash of emails that plagued the forum in recent weeks, I have concluded that the first person to get the "bug" fell a victim of social engineering.
What is Social Engineering? From wikipedia:
"Social engineering, in the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information.[1] While it is similar to a confidence trick or simple fraud, it is typically trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victims."
How does one fall a victim of Social Engineering?
In the case of our forum, one person more than likely received an email from "adiongo awo". Since there is an element of trust involved, the innocent victim clicks the link in the email and gets infected. The link then does what it does and in the process, probably goes through the victim's online address book and sends the same email to everyone in the book
Disadvantages of falling a victim to Social Engineering, as it applies to our forum:
- You could infect your computer with a virus that does God knows what
- You could infect others with your virus
- You could end up annoying your friends and family with a gazillion emails in their inboxes
- You could lose potentially good posts from our forum if you decide to send forum emails to the spam box
What to do if your email address has been compromised:
- Change your password immediately (more on passwords in the next section)
- Contact your ISP
- Alert all those in your address book: Tell them not to open any of such emails that come from you
Prevention is better than cure: Be proactive - Avoid being a victim
1) Passwords: change your password frequently (I do so every 3 months)
2) Don't pick easy passwords (chidren's birthdays, non-random strings,
etc). Algorithms can pick those apart before you say, "Iya mmi o! Ennie".
i) Choose a mixture of lowercase and uppercase alphabets, as well as numbers and special characters (*, $, etc)
ii) Choose a password in your language, again mixed with numbers and special characters: The last time I had my laptop checked out, the technician told me he hated working on it. When I asked why, he said, "because I had to keep typing your hard-to-remember password". Nsaak. Of course, once I got home, I immediately changed my password to something else.
iii) Even if you use a password in your language, make it a weird one: Let's face it, though very few people may know your language, you have to assume there is at least one rascal out there who does and who is willing to wreck havoc. A password like "ndanDadumanewa201$" goes a long way. Compare that to say, "adiahakpan".
3) Get a good anti virus software and check for updates at least once a week: New viruses come out probably daily so even if you spent $1000 on some software but haven't updated it in say, a month, you are bound to get infected with a virus
4) Before clicking any links or downloading any files, confirm with your friends and family that they actually intended to send you particular emails
Conclusion:
I hope this post has been helpful to you. Feel free to share it with others and/or add to the discussion. Finally, bear in mind that no system/password is 100% secure. We are all human (I hope). At best, you can only mitigate the problem and throw the bad guys off by leaving them a confusing scent on your trail.
Written By Itoro Akpan-Iquot