The most common ways that accounts get “hacked” or compromised is through poor security practices of the user.
If I were to attempt to access your emails (the account that all your password reset links get sent to) then the first thing I would do is attempt to reset your password. I would then check your MySpace, Facebook, Friendster, Windows Live Blog, LinkedIn, etc. to find as much information about you as possible, as you’ve probably shared information like “mothers maiden name” or “first school you went to” or “name of first pet” somewhere on social media.
Once I’ve reset your email password and I’m able to login then the rest of your accounts would be child’s play, sending password reset links to the primary email address on the account. If I were being particularly malicious then I would also change all the answers to your security questions so that it were impossible for you to regain access.
Call us immediately as soon as you realize that your computer is infected 1-323-644-5444.
Use Google Chrome or Mozilla Firefox – These browsers are way superior to IE, Edge, Safari, etc. They’re open source software which means that thousands of developers around the world are able to submit bug fixes and new features for the approval of the core development team meaning that the users can make the software to their liking.
Use Unique Unpredictable Passwords for Each Site – Unique passwords will stop an attacker from re-using a discovered password on every site. I know this is hard and I’ve personally only recently managed to implement this myself. Please don’t write your passwords down. You’ll lose them or someone will read them, which completely negates the point.
Don’t Open Email Attachments from Unknown Senders – A Phishing scam is where someone contacts you via phone or email pretending to be your bank or some other trustworthy entity in order to get you to provide them with your private details (passwords, credit card details, etc.
Try to figure out if the email sender has sent you this email by accident or if they’re trying to get something from you. Most web-pages will not randomly send you a link to reset your password unless you ask them to nor will they require you to verify your account details once you’ve initially activated your account, most of these types of email are phishing scams.
It’s OK to click NO – This is the primary way computers get infected with viruses. Keyloggers which send your passwords and credit card info to attackers. If you’re installing a piece of software from the internet, you need to scrutinize every page of the installer, there are a lot of programs that bundle other unwanted programs in the installer and imply that you’re required to install them (you’re not).
There’s usually a checkbox below the EULA that tells you what the EULA is for and what software you’re agreeing to install, If you don’t agree to their terms then they won’t install the software. You can usually still install the software that you’re intending to if you wait until you see it’s EULA.
Enable 2-Factor Authentication Where Possible – This means that if someone manages to guess your password, security questions, etc, they still won’t be able to login because they need your phone or code fob. 2-Factor Authentication (2FA) means that you need more than just a password to login. This is generally fairly easy to set up and sites that allow you to use it usually have step-by-step instructions on how to enable it.
Use HTTPS Instead of HTTP if Possible – HTTP is completely un-encrypted which means that everything you access online could be changed by a “Man in the middle”, so you should never do anything sensitive (internet banking, online shopping, etc) over HTTP.
HTTPS stands for Hyper-Text Transfer Protocol over SSL(Secure Socket Layer). The only part you need to worry about is the SSL part which encrypts your connection between your computer and the provider.
SSL is an encryption standard that uses trusted certificates and certificate authorities to verify the ownership of a web-page, which means that there are “Trustworthy” companies out there that can generate a certificate for a webpage. When your computer goes to that page you get sent a copy of that certificate which your computer then checks against a database of trusted certificates.
If the page is using HTTPS but does not have a valid certificate then your browser will make it very hard for you to see that page. There are browser plugins that attempt to use the HTTPS version of a site before going to the HTTP version such as “HTTPS everywhere” for Firefox and Chrome.
Use a VPN Tunnel When on Foreign Networks – Using a VPN back to your home network creates an encrypted tunnel for all of your communications to travel through so that people nearby can’t sniff your data out of the airwaves. When you use free WiFi there’s generally no password on the network which means that everything you do can be seen, read or modified by anyone with the know-how in the immediate vicinity. Configuring a VPN can be tricky, alternately you can contact us and we can configure it for you.
Use Linux Instead of Windows – Linux is designed from the ground up to trust you (the user) only as far as it needs to, which creates a very secure environment where you need to have the administrator (root) password to modify system settings and install software. Windows can be configured that way but it is not the default configuration.
If you’re interested in Linux then please contact us and we can do a needs analysis with you and pick the right flavor for you.