Tuesday, July 13, 2010

Well, I'll be spammed. (And what you can learn from my mistakes)

Apparently I've been spammed or hacked or whatever you want to call it. To me spammers are hackers and hackers are usually spammers. Both go hand in hand.

For the past week, I've encountered a series of unfortunate online events.

First, I got a message from Google that there was strange activity with my login attempts, and I needed to change my password. Next, Facebook told me they also needed me to change my password. I've written both Facebook and Google, but they seem to be a little too busy to tell me why.

Then, some of my messages containing sensitive material (what an awesome phrase) get deleted. 

And, so on and so on and so forth.

I think someone got my password from when I entered it on another site. This is when a hacker gets a password. So, I went fishing for some resources about phishing to protect myself in the future. I'm sharing with you all, because I always ignored the basic Internet safety suggestions thinking I had anti-virus, didn't visit weird sites, and was above getting spammed/hacked/phished.

Here's what I think happened. I've used the same two or three password variations since I've been online (note this is really, really not smart). I think I entered that password at a site I joined that wasn't secured and run obviously with someone with questionable morals. Many people are like me and use the same password for everything, so that person then could have just used my password to login to my email/Facebook. Google and Facebook probably noticed I logged in from two places around the world at once, and sent the messages.

My second theory is that one of the Facebook third-party applications was my down fall. These applications are pretty notorious for causing problems. Basically, many of us trust them because they're through a site we trust, Facebook. I've always been leery of apps, rarely do I go there unless it's a site I trust. I had some weak moments and gave some apps some permissions I should have.

Lessons I learned:
I posted about this on Facebook and got some good feedback. I loved this tip, if you type your password on notepad or Microsoft Word and use the CTRL-V shortcut to paste into the password field, a hacker can't get your password.

We also talked about changing passwords often. Set aside a day each month or week to change them to something random. I know, I know. Old habits and old passwords die hard. Write them in a super safe place. I might make the 6th my day to do this because it's the day Cora died, I always remember that day.

Use a password hierarchy, have a password only used for silly, unsecured sites. Sites that aren't operated by a reputable organization, but you really want to join and maybe win that iPod or be able to post to.

Skip the apps and also think twice about signing up for site. Do you know the people running the site? From your sign up, the site administrator can potentially access your IP address and the password you created? Who do you feel comfortable with having that information?

Add your spammy/hackey/phishy advice below.


  1. Awesome advice! I think it's something we all need to be aware of. We get lazy and think that it can't happen to us until it does. I guess it's that way with a lot of things.

  2. Something must be going around, lots of people getting hacked. Thanks for the reminder.

  3. Good tips! Until recently I'd used the same password (or a variation thereof) for years. Now I've changed all of them and (because of my memory problems) I've had to write out a cheat-sheet so I can log-in to my various sites. (And that's a hard copy~not stored on my computer-just in case.)

  4. All good reminders. Thank you. And I'm sorry people are screwing with you. Like I said on twitter...there are a lot of stupid and scared people out on the internet. The internet just gives them a place to spout off.

  5. One thing everyone should remember to use a letter/number combination for their password. It is a lot harder to crack one that is letters and numbers.

  6. This comment has been removed by a blog administrator.

  7. I guess it is time to change my password. Thanks for finding my site. It is late tonight, but I will try to hook up with you through private e-mail. I am sorry to hear about your daughter. It makes me angry when I hear stories like these. It amazes me how babies can get sent home with CHD conditions. Especially, here in the states where we have the best trained Dr. and actually have pretty good medical care. No parent should have to lose their child because the condition went un-detected. Ugh! Now, I am starting to get worked up. Anyway, she was a beautiful little girl. Hugs from one Heart mom to another!

  8. I'm so sorry this happened to you. Thanks for all the tips :) Hope everything is now recovered.


Related Posts Plugin for WordPress, Blogger...