Thursday, November 26, 2009

How to prevent and handle Email ID / password thefts?

Some unscrupulous guys could gain access to your Email ID and password
and later put it to misuse or abuse causing you a lot of monetary loss
or embarrassments. We also need to know how stolen password may be
used. We need to learn ways of preventing password thefts.

How do cyber crime thieves get at this sensitive info?

You may carelessly leave it in your wallet, or note in some text file
on your disk. You might have noted down such IDs and passwords in some
diary and this may lie unguarded in your house. You may read it aloud
over mobile to your son / daughter or trusted friend asking him
access your own mail account for some urgent message.The guy who
overhears will be clever enough to jot it down, especially those who
manage Paid Phone booths. You may transmit it via email to some
friend.

You might be using your Email in a public PC say a cyber cafe. The PC
in the cybercafe may be installed with a simple program called "key
board logger". This program will capture everything that you type and
what comes to be displayed by any program running on your PC and store
it in a secret hidden file. Analyzing the contents of such a hidden
file, immediately after you leave, will reveal your userid and
passwords easily.

You may be signing up in a number of social networks, websites etc
asking for UserID & password. These are sent back to you for
verification via Email. Email messages are kept on your hard disk in
text or other retrievable manner, if you are using outlook, Pico,
Thunderbird etc as mail client. Scrutinizing such files will yield a
good number of your passwords. Thereafter hacking your password for
Email becomes much simpler.

Many social networking sites ask for your Yahoo / Hotmail / Gmail
UserId & password to be entered. Their idea is to help you
automatically invite all your contacts to become your friends on that
network. Many times the system may show you all your contacts and ask
you you to choose whom you would like to invite. Facebook, Sulekha,
Rediff are some examples. There is no guarantee that both a) your
email Id and password and b) the contacts lists that are downloaded
and displayed are nor intercepted and misuse it. It is very easy for
robots to be snooping around social network vicinity and capture
unauthorized data.

Recently I allowed Sulekha to access and upload all my blog posts from
my Blogger (Google) account, little realizing that the same password
is used for gaining access to all Google services including Gmail.
Uploaded blog posts appeared on Sulkha site for a few hours but later
disappeared totally. When I realized some damage is being done, I
quickly changed all my passwords.

How do people put stolen password to misuse?

Once a thief gets your password it is very easy to cheat or
impersonate you. Orders for products and services may be placed online
or via email with delivery to his own address under COD / VPP basis.
He might send fake email requests for urgent help to your friend via
some Yahoo or Google Group in which you are a member. One such message
usually says that you are out of the country, you wallet is stolen,
you are stranded in some hotel and that you need some money urgently
to be transferred to you c/o hotel manger. This is bogus and fake.

Some tips to prevent the situation:

1. Never leave your password unguarded anywhere in diaries, slips, purses etc.
2. Never say it out aloud over phone. If you must, change it
immediately as soon as your work is over.
3. Never store your passwords in your hard disk that may be accessed by others.
4. Be wary of all usages in cyber cafes. Delete history, temp internet
files etc after your use.
5. Be careful about what you store in your pen drives - especially
email message copies in text format.
6. Have a password for important applications quite different from
those you sign up in many "altu faltu" sites. Make the passwords very
difficult to break or even guess.

How to choose a good password - A suggestion

I wish to suggest a simple solution to assign passwords and also remember them.
I sugest that you write out a longish proverb or quotation in your
vernacular language, transliterate it into English.

For example, read the following tongue twister translierated from Tamil:
KadalOrathileOrural, uruludhu peraludhu (means: A stone mortar on the
sea shore is rolling and re-rolling). From the transliterated phrase
choose, say, any nine characters in sequence. Supposing you choose
nine letters starting from sixth character (6,9) you will get:
"OrathileO" This is your password. Just remember the phrase and 69 to
recollect the correct password. The password is not easy to guess. It
is a mixture of lower and uppercase. Does not resemble any known
dictionary word. The phrase itself is some that you normally cherish
to remember.
You may change the password easily any number of times from the same
phrase choosing some other sequence of characters.

Hope you have a trouble free Internet interactions with no password
compromise at any time.

==================

1 comment:

  1. Several days ago I changed my outlook password and went to a native city. But I came back and first of all wanted to check new emails. And I saw an error. Luckily I quickly called my friend and he told me that my password had been crashed. He recommended me - 2003 pst password remover. To my surprise it finished my suffering quite fast.

    ReplyDelete