HOW TO: Protect Your Hotmail, Gmail, Yahoo Mail, Facebook from Hackers!



Note: If you have a Hotmail, Gmail, Yahoo or AOL account, it’s advisable to change your password now!

Last week, about 10,000 Hotmail user accounts and passwords were posted on a developer’s forum. The accounts listed were the ones starting with the letters A and B hinting that this is just a snippet from a bigger list of accounts that have been compromised.

To further freak out webmail users, another list containing a cocktail of about 30,000 Gmail, Yahoo, and AOL user’s accounts was leaked later on during the week.

So how did they do it?

Apparently, people are still not able to tell the difference between an authentic website and a phishing website. Most of the compromised accounts on the list were obtained using fake websites that ask for your login and password to authenticate your account. While campaigns educating the user on how to better protect himself or herself from phishing scams have been running nonstop for the past 5 years, they can’t be blamed for falling for such scams.

One reason that phishing websites have been more successful in luring in victims lately is that nowadays, there are so many legitimate website that ask for the same things a phishing website would. Allow me to further expand on this point: in the past, only phishing websites would blatantly ask you to input your email account and password within their own website. Nowadays, and with single login features available on every website from Facebook to blogs, it has been a lot harder to figure out which websites are legitimate. Hell, the website could be absolutely legitimate but it has been comprised and is copying your login information.

So the lines have been blurred to such an extent that the previous notion of keeping your account information private is rationally impossible to adhere to.

So what can we learn from this attack?

First and foremost, people suck at selecting passwords! Bogdan Calin got his hand on the 10,000 user list and analyzed it. He found out that the most popular password is *drum roll* “123456”. Also in the top 10 were “1234567”, “123456789” and “111111”. Furthermore, up to 42% of the passwords comprised of only small letters from a-z with only 6% combining letters and numbers in their passwords. Several others used their names or dates of birth for their passwords. The shortest password was one character long “(“.
Now honestly, at this day and age where any piece of information is readily available on social networks is it the brightest idea to use a first name as a password? And they wonder how Sarah Palin’s account got hacked!

Tips to protect your webmail accounts:

Online Security

Online Security

Tip 1: Use a stronger password !

It is understandable that a strong password is harder to memorize and might be forgotten if the account is not used regularly. That is fine, just come up with a strong password and write it on a piece of paper and place it in your wallet.

That is the best method to protect your password from being compromised electronically. The best password is a more than 6 characters long and combines both alphanumeric characters and special characters such as “$,%,# …etc”.

Tip 2: Don’t answer the security question truthfully.

Probably the answer to “What is your favorite book?” is available on your blog that you linked to from your Facebook profile. Given how hard it is to remember what has been said online and whether the answer to a security question has been compromised, the best method is just to select an answer that does not relate to the question directly. If they ask about the your favorite book, answer the question with the name of family member that you hate the most, that’s bound to be amusing, easy to remember, and hard to guess as “your favorite book”

Tip 3: Don’t use the same password for every account!

Again, it’s way too common for people to use the same password for their webmail and online banking accounts. So while your online banking website has higher security precautions than your webmail account, it will be just as easy to penetrate once your webmail account have both compromised.

Tip 4: Raise the security level.

Gmail is currently the only webmail service that allows you to encrypt not just your log-in information but your messages as well. The encryption of the messages will make it harder for hackers to capture your information when connecting through a public hotspot. This security feature is off by default on your Gmail account. To enable it click “settings” on the top right of your Gmail account, go to the General tab, and under “Browser connection” select “Always use https”.

Tip 5: Reset your password regularly.

While it might have been a bother to come up with a good password in the first place, it is not advisable to use it forever. It is recommended to change the passwords of your accounts at least once every 72 days.

If you are interested in learning more about how to better protect yourself from phishing attacks and password hackers, please subscribe to our RSS Feed and stay tuned for my next post.

Do you think your account was hacked? Did it change any of your security habits? Surf safely…

This post is sponsored by: “Protect your online communications with the best email security software.” ~ Websense Email Security

Comments and Reactions

13 responses to “HOW TO: Protect Your Hotmail, Gmail, Yahoo Mail, Facebook from Hackers!”

  1. Amer Kawar says:

    Great post Mohd. You missed an important tip: Do not fall for phishing attacks.

    I have 3 points in mind:
    i) make sure you use a safe browser, like Firefox 2.0+ or Internet Explorer 7.0+ with phishing protection, and keep an eye on the addons.
    ii) Keep your antivirus up to date, some viruses might trick Windows into redirecting every request you make to say to their own servers.
    iii) Keep an eye on the SSL certificates, check that they belong to the relevant company (eg. Microsoft for Hotmail or Google for Gmail)

    I'm sure there are more things to keep in mind, but that's what I do, and I think it's safe to say it's a solid strategy.

  2. FadiPick says:

    Great tips, I just don't think that giving are wrong answer to the security question would solve the problem, I can guarantee you that after few years and with the numbers of accounts I create here and there, I wouldn't be able to remember that I did trick myself! Maybe it would be better to pick up a question that has an answer which you would consider to be a secret and wouldn't share it online for any reason?

  3. Beiruta says:

    I wish I could blame the large corporations, such as Hotmail and Google, for this hacking incident yet, to be fair, I can not! The truth of the matter is that we are warned, constantly about where we share our password, we are given tips of the password combination and even sometimes guided by the password strength measurement tool! Still, we refuse to think it can happen to us!

    I really enjoyed reading your post and it taught me one thing that I can never forget: You can never be 100% sure of your privacy and security especially when online!

    Thanks for the tips :)

  4. […] HOW TO: Protect Your Hotmail, Gmail, Yahoo Mail, Facebook from Hackers! ( […]

  5. […] HOW TO: Protect Your Hotmail, Gmail, Yahoo Mail, Facebook from Hackers! ( […]

  6. M.Bamieh says:

    Here is the thing. to people who are tech savvy what you are talking about is a piece of cake, but to the average computer user its just too much to handle :D
    Especially that the people who use social media sites are not, on average, tech savvy like they were back in the day

  7. […] HOW TO: Protect Your Hotmail, Gmail, Yahoo Mail, Facebook from Hackers! ( […]

  8. […] topic.Powered by WP Greet BoxLast week, we talked about how tens of thousands of webmail accounts were compromised and wrote another post with 7 tips to protect yourself from phishing. In this post, we will focus […]

  9. […] too long ago a range of email accounts have been compromised including some Gmail accounts. If an attacker acquires your Google account, he will not only have […]

  10. dazzamonjones says:

    This will have to come to an end one way or another.

  11. Alex Icann says:

    I'm using Mozilla Firefox, it has a great feature for filtering if a site is a phising site or not, it will automatically prompts in front of your screen, and one more thing, don't use a single password in all your web accounts.

  12. zixmail says:

    well, i look this site good!

  13. pottinger says:

    Just wanted to say good work before i i forget.

Latest pingbacks

©2010 thoughtpick, copyrights reserved.