Email hacking for money
Submitted by Joseph Tesoro, It Security Education Specialist, IMITS
Scenario: Cyber Thief Sam has hacked into your email and is sending spam to your family and friends.
You log in to your email. To your surprise, you see messages from family and friends asking why you sent them an email about investing in a business opportunity.
You think, “Business opportunity? What are they talking about?”
You can see that the email they’re referring to appears to have come from your email account--but that’s not possible. You have no idea what this email is about. And yet people think you sent it.
What do you do?
Examine what’s happened so far. Can you confirm the emails appear to have come from your account? Can you confirm that you definitely didn’t send those emails? If you answered yes to both, then most likely there’s something fishy going on.
In this scenario, Cyber Thief Sam was up to no good. Using a sophisticated computer program, he successfully guessed your password and sent emails to your contacts pretending to be you, all in the hopes of fooling some of them into giving you (but really him) money.
To stop Cyber Thief Sam from sending out more emails, you should immediately change your current password into one that is difficult to guess.
IMITS Information Security says
Not all passwords are created equal. Consider the following to avoid creating “weak” passwords criminals can guess within SECONDS.
- Don't use sequential letters or numbers (e.g., 12345, abcde).
- Don't use repeated letters/numbers or keyboard patterns (e.g., 111, aaa, qwerty, asdfgh).
- Don't use the same password for every site you visit.
Instead, consider doing these to create “strong” passwords that are difficult to guess.
- Use more characters. Research shows that passwords with 11 characters take an average of 10 years for a computer to guess. If the password has 12 characters, it’ll take the computer 200 years to guess it.
- Use spaces. Instead of "ihave1dog" make it "i have 1 dog."
- Use misspellings. Instead of "ilove2eatthat" make it "iluv2ettht". Non-dictionary words make the password more secure.
- Use long and complex passphrases instead of a password. Instead of "2dogs1cat" add punctuation, capitalization, spaces, and misspellings to make it "I own 2 dggs, and 1 caat!"
The moral of the story?
When it comes to passwords, longer is stronger. Stop making things easy for Cyber Thief Sam.
Stay tuned for our next article where Cyber Thief Sam uses “shoulder surfing” to steal passwords.