Tuesday, May 12, 2009

Improving your Internert Safety: Internet Accounts

Over the last few weeks, a lot of people and organizations have been having a hectic time online.

Take the example of my friend, who was walking along the streets of Nairobi. He met a friend who was surprised to see him in the country, reason been that his friend had received an email from my friend. The email claimed that my friend was stuck in Nigeria, and had been robbed of everything. In the email to all of his friends, my friend had given an account to which cash assistance could be wired to.

My friend then rushed to a cybercafe, where he tried to log in to his yahoo account, but the password had been changed, together with the security questions required for requesting a forgotten password. 

Case number 2 involves Rihanna and Cassie, where the world has been invited to sample their albums. This weren’t the multiplatinum musical albums associated with the former, but a collection of nude photographs of the 2, whose demand rivaled that of pornography stars.

Case number 3 involves the Kenya police and Google Kenya, Uganda and morocco. They all had their websites compromised by hackers.

It is now evident that no one is safe on the web, from security institutions, web authorities to you.

Case number 3 is beyond most of us, while case 2 is beyond to some extent. As for my friend whose e mail account was compromised, it was probably due to the trust he has in Yahoo, his email provider.

What I mean, is that his account was probably hacked by a hacker who tricked him into giving out his password, thinking that he was giving it to yahoo.

To achieve this, most hackers collect e mail addresses from forums and websites where people display their email addresses to their friends, or perhaps a forum. Such websites do not secure such email addresses, e.g. by making them pictures or by using captchas (those things that tell you to enter the words in the image below) Such unprotected email addresses are then collected by computers that scan websites for such email addresses (this computers are called botnets)

After a hacker collects your email address, they then send you an email purporting to be from yahoo (or Facebook or the targeted account). This email contains a link to another site, telling you that you need to click the link to change your password or to see something. Following the link takes you to a site which looks similar to your yahoo (or Gmail or Facebook etc) log in page. Here you then give your username and password, thinking that yahoo (I am tired of repeating the rest, so yahoo shall now stand in their place) asked for it.

The hacker now has your yahoo details. So he or she (hackers adopted affirmative action long time ago) now logs in to your yahoo account, and may change your password and security questions. Of course they now send your friends mail telling them how you stuck in Nigeria.

Another way they use is by use of viruses and worms, which record everything typed into an infected machine, and the website requested before you typed it in. To avoid this, use an updated reputable antivirus. Avoid pirated antivirus software, hackers have been know to re program them to ignore certain viruses, as once happened with a certain cracked Kaspersky antivirus. Also make sure that your operating system is patched by downloading the latest hot fixes for Microsoft

Windows esp. (Google this or contact your local geek for further explanation) You may as well switch to the less targeted Linux operating system, or ensure that the cybercafe comp you are using is running on Linux (given that few update their anti virus software).

As for your email address, always make sure you type in the address yourself, don’t use links. If you use a link which asks for your password, it should not be in a message, but on the websites functions.

It is also useful to double check the address on the address bar. For yahoo, make sure it is www.yahoo.com/whatever else or www.mail.yahoo.com (.co.uk etc)/whatever else. Please note that www.yahoo.hackers.com and www.hackers.yahoo.com are completely different sites. www.yahoo.hackers.com is a page contained in www.hackers.com hence not part of www.yahoo.com. The www.hackers.yahoo.com site is under www.yahoo.com. What matters is the name before the .com, .co.uk, .org etc and not the one after www. or anywhere else in the address.

Hope that this jumbled up bits of information will help you keep safer on the net, and keep those exciting pictures of you safer a bit.

Blogged with the Flock Browser