Do you ever read about online fraud or identity theft and think, I’m too smart to fall for that? Well, don’t be so sure. Earlier this month, WIRED and Gizmodo technology writer Mat Honan was the target of vicious computer hackers. If it can happen to Honan, an expert in his field, it can certainly happen to you! Exploiting flaws in Amazon and Apple’s security, the hackers gained access to Honan’s entire online life. They used his Twitter to broadcast offensive messages in Honan’s name, they locked him out of his own Gmail account and they wiped all the data from Honan’s Macbook, iPhone and iPad. Luckily for Honan, the hackers stopped short of emptying his bank accounts. But it was still a digital nightmare. Let’s review Honan’s story and the lessons it can teach us about staying safe online.
How a Tech Professional Got Hacked
These days, technology is deeply integrated into all of our lives. You don’t have to be a computer geek or a professional blogger to have an online identity. If you’re reading this blog and participating in Scambook’s community, then you probably use email, Facebook, YouTube, Google, online shopping and online banking. It can be frustrating to remember different usernames and passwords for every internet service you use, so you may have them all “daisy-chained” together. Linking accounts is easy and convenient – but also dangerous.
Think about it. Have you ever forgotten an online username password? When you need to
remember your username or password, most websites will send a reset link to your email address. Therefore, if someone has access to your email account, they can take control of every service you’ve ever used that email address to sign up for!
This is how Honan was hacked. Impersonating Honan, the hackers called Amazon and
added a brand new credit card to Honan’s account. At the time, Amazon’s security policy allowed users to reset their passwords over the phone by calling customer service and providing a credit card number registered to their account. So the hackers called back and accessed Honan’s account with the credit card number that they had just registered themselves.
Once they were inside Honan’s Amazon profile, they could see Honan’s other credit cards and his Apple username. They called Apple and used this information to get into his Mac iCloud. Then, they used his Apple information to get into his Google account. After the hackers controlled Honan’s Apple email and his Gmail, they could reset the password for each one of Honan’s online accounts.
The Moral of the Story: Follow These 4 Internet Security Tips
There’s a lot to be learned from Honan’s experience. According to messages from the hackers, Honan wasn’t targeted because he writes for WIRED and Gizmodo. The hackers claim that they were creating chaos just for the fun of it, as though destroying Honan’s digital life was a merry prank. But due to Honan’s prominent role in the tech world, and his decision to share his story, Honan’s loss is our gain.
NPR reports that Amazon and Apple are both addressing the security problems highlighted by Honan’s experience. However, hackers will always find a way to try and exploit you. We recommend the following steps to increase your internet security.
Tip #1: Use Multiple Email Addresses. It’s convenient to have a single email address for everything, but as we learned from Honan’s hackers, it leaves you vulnerable. There’s no limit to the number of free Gmail or Yahoo! accounts you can create. Use a new email address when you’re registering for a site that stores your credit card information or mailing address, such as eBay or Amazon.
Tip #2: Use Separate, Secure Passwords for Everything! Don’t use the same password twice, and make sure your password is secure. Use a combination of uppercase letters, lowercase letters, symbols and numbers. For example, instead of “ilovekittens”, use a password like “[email protected]”. It’s also important to change your passwords every three months.
Tip #3: When Possible, Use Two-Part Authentication. Some websites, like Google, have started to implement two-part authentication. This means that you’ll receive a special code via text message or voicemail, and you’ll need to enter this code in addition to your username and password. It might sound like a hassle, but it adds an extra layer of security that’s well worth it. Honan says that his hacking wouldn’t have been possible if he had used Gmail’s two-part authentication.
Tip #4: Delete Online Accounts You Don’t Use. Even if you haven’t logged into MySpace in years, your account may still exist. It may contain personal information that a hacker could use to exploit you. You might have forgotten that you left the color of your first car, your grade school, and the name of your first pet on your MySpace profile. Since you don’t use it, login and delete it.
Honan’s experience also illustrates why it’s very important to backup your data. Buy an external hard drive to store all your documents, home movies and photos. Update it as often as possible and leave it unplugged when you’re not using it. A hacker won’t be able to delete anything from a hard drive sitting on your shelf.
But If You Do Get Ripped Off, Don’t Feel Stupid
Honan’s case proves that anyone can fall victim to online fraud, identity theft and computer hacking. That’s why you shouldn’t feel stupid if it ever happens to you. Unfortunately, we often hear from Scambook members who blame themselves. They may feel embarrassed or even ashamed because they were victimized. Sometimes, people are afraid to seek help right away because they’re worried that their friends and family will think they’re foolish.
This only makes the situation worse – whether you’re hit with an unauthorized credit card charge or hacked like Honan, it’s always easier to get resolution when you act quickly. You’re not stupid, and you’re not alone. Join Scambook to connect with other people in your situation, find group justice and learn how you can avoid falling victim to fraud.