If you use Twitter or Facebook, you’re probably aware that there are several different attacks circulating right now. You can often tell that someone’s been hit when you receive an unusual message from them. These messages are usually about making money online, but may also relate to losing weight, gaining followers, or something else that is out of character for that person.
If you receive such a message, please don’t make the mistake of clicking on the link to see why your friend is suddenly sending you strange messages, or you may expose your computer to a virus, spyware, or phishing attack. Instead, contact the supposed sender via another method and let them know about the strange activity on their account.
That’s what professional organizer Monica Ricci did when one of her friends supposedly initiated a chat session with her on Facebook a few months ago. Being a smart woman, she suspected that it wasn’t really her friend, and her suspicions were confirmed when her “friend” said she was stuck in London and needed her to wire her some money. She immediately telephoned her real friend, who then logged into her Facebook account and began using the chat feature herself. As soon as the hacker realized he or she had been caught, the conversation ended abruptly.
I don’t know why certain individuals are affected by these attacks, but I do know a few things you can do to reduce the risk of becoming a victim.
1. Watch where you’re entering your information.
Before you enter your Twitter user name and password into an external website, make sure it uses OAuth, so you can be confident that your information is secure. If you have any doubt whatsoever about the authenticity or integrity of a website, err on the side of caution.
2. Use unique and random passwords for all your log-ins.
I know lots of people who use the same password for all or most of their accounts, because it’s easy to remember. Very often it’s a word that could be guessed by anyone who knows a little bit about them, such as the name of a pet or child. With so much personal information displayed online, it’s not hard for someone with ill intent to figure it out.
A strong password will include a combination of upper- and lowercase letters, numbers, and even characters, and will be at least 8 characters long. Although it may be difficult to remember and to type a password like nQ7WxwMhB#7H, let alone a different password for every account you create, it’s also much more difficult for someone else to guess it.
3. Avoid entering passwords.
Another way that hackers steal passwords is by using spyware that records your keystrokes when you log into a website. Hopefully you’re using software that blocks spyware, but you can add an extra layer of protection by using software that stores your passwords securely.
Last year I bought an amazing, yet inexpensive program called RoboForm, which allows me to securely store my passwords in a bookmark-style toolbar, which I’ve organized by category. When I need to log into a site, I simply click on it in my RoboForm toolbar, and it takes my browser to the appropriate log-in page and enters my user name and password for me. I no longer have to remember which password goes with which site or worry about keystroke loggers! Oh, it also generates random passwords whenever I create a new account or need to change my password, so I don’t even have to think of clever passwords myself.
There’s a free version that’s fully functional for 30 days, which you can continue using after the trial period if you have 10 or fewer passwords. For an added measure of security, you can password protect your RoboForm toolbar, so if someone else uses your computer, you don’t have to worry about them accessing your accounts. If you work on more than one computer, you might prefer RoboForm2Go, which runs from a USB flash drive.
In terms of keeping my passwords organized, saving time looking them up and typing them in, and general peace of mind, RoboForm is one of the best investments I’ve ever made.
4. Change your passwords as needed.
In many corporate settings, users are required to change their passwords every 30 days. This may not be necessary for your home-based business, but use your common sense and change yours when something out of the ordinary occurs, for example:
- If you’ve logged into a website and your computer screen flickered – maybe it was a power issue, but maybe it was spyware activity
- If you sense that someone was watching you while using your laptop in a public place, or using a public computer
- If you’ve had to give your password to a helpdesk employee – how do you know that he or she is trustworthy?
When in doubt, change your password – better safe than sorry!