For the past week, I've encountered a series of unfortunate online events.
First, I got a message from Google that there was strange activity with my login attempts, and I needed to change my password. Next, Facebook told me they also needed me to change my password. I've written both Facebook and Google, but they seem to be a little too busy to tell me why.
Then, some of my messages containing sensitive material (what an awesome phrase) get deleted.
And, so on and so on and so forth.
I think someone got my password from when I entered it on another site. This is when a hacker gets a password. So, I went fishing for some resources about phishing to protect myself in the future. I'm sharing with you all, because I always ignored the basic Internet safety suggestions thinking I had anti-virus, didn't visit weird sites, and was above getting spammed/hacked/phished.
Here's what I think happened. I've used the same two or three password variations since I've been online (note this is really, really not smart). I think I entered that password at a site I joined that wasn't secured and run obviously with someone with questionable morals. Many people are like me and use the same password for everything, so that person then could have just used my password to login to my email/Facebook. Google and Facebook probably noticed I logged in from two places around the world at once, and sent the messages.
My second theory is that one of the Facebook third-party applications was my down fall. These applications are pretty notorious for causing problems. Basically, many of us trust them because they're through a site we trust, Facebook. I've always been leery of apps, rarely do I go there unless it's a site I trust. I had some weak moments and gave some apps some permissions I should have.
Lessons I learned:
I posted about this on Facebook and got some good feedback. I loved this tip, if you type your password on notepad or Microsoft Word and use the CTRL-V shortcut to paste into the password field, a hacker can't get your password.
We also talked about changing passwords often. Set aside a day each month or week to change them to something random. I know, I know. Old habits and old passwords die hard. Write them in a super safe place. I might make the 6th my day to do this because it's the day Cora died, I always remember that day.
Use a password hierarchy, have a password only used for silly, unsecured sites. Sites that aren't operated by a reputable organization, but you really want to join and maybe win that iPod or be able to post to.
Skip the apps and also think twice about signing up for site. Do you know the people running the site? From your sign up, the site administrator can potentially access your IP address and the password you created? Who do you feel comfortable with having that information?
Add your spammy/hackey/phishy advice below.