Were you aware that your email account is worth real dollars on the hacker market? This might explain why we continue to see more and more people, even in Columbia or Millersburg, MO, with their Gmail, and other accounts, hijacked. According to Krebs On Security, a person’s email account is seen as a valuable resource to cyber crooks because they can do so much with it. While you might be thinking, “Why would anyone want access to my email account? It’s not my checking account.” You would be surprised what a resource the average person’s email account is.
The biggest reason your ordinary, everyday email account is so valuable is because it is often the key to all of your other online accounts. When signing-up for anything such as iTunes, Amazon, credit cards, or online banking, you provide your email as a contact point. If someone then tries to take over that other account, they simply request a new password to be emailed and BAM, now they have that account too. That gets really scary when it’s your bank account or credit card, but even with access to your Amazon account they could easily order a couple of 52in flat panel TV’s and then sell them for cash.
Another way we see crooks using hijacked accounts is that they monitor who you do business with, and then send people a request posing as you.
“Hi Bill, would you please wire $3500 to a friend of mine in California? His name is xxxxx, and the account number is xxxxxx ….”
Fortunately for our customers, we will not send a wire-based from an email request, but that doesn’t mean it couldn’t happen at another well-meaning business. The important thing is not to give someone the opportunity to hack into your account.
Another new trend with a hijacked account is holding it hostage. They gain access and change passwords to lock you out. Then they demand payment for you to get control back. While it’s not at gunpoint, when a cyber-crook contacts you and says that he’s deleting your account unless you pay x-amount of dollars, it sort of feels like gunpoint.
Here are some suggestions to help prevent an account takeover:
>> Use only one password for one account. Don’t ever use the same password for multiple accounts, especially your email account.
A study from 2010 found that the average user visits 25 password-protected sites but uses only 6 passwords, and 33% of people use the same password on every site. 1
>> Use a password with at least 8 digits and with a mix of numbers and special characters.
A professional hacker can crack a 6 digit, lowercase-only password in 10 minutes. Make it 8 digits, but still only lowercase letters, and it extends the time by a few minutes. Instead, just adding a mix of uppercase, numbers, and symbols makes it much harder and longer to crack! And don’t think that abcd1234 will throw them off. That is one of the most common passwords used and common names found in the dictionary are all tested first.
>> Be mindful of “shoulder surfers.”
Be aware of your surroundings and mindful if someone is nearby who could look over your shoulder when you key in your password. That cute guy at the coffee shop may be smiling at you because he knows how to access your account.
>> Be wary of emails from strangers, especially if it comes bearing gifts.
Your mama’s advice about not talking to strangers applies here as well. If you get an email from someone you don’t know, do not click on any of the links and certainly don’t open any attachments. They almost always will load some kind of malware or virus that can give a crook access to your computer or send them all of your keystrokes. Emails now often come with a promise of a gift card to your favorite store if you take a survey or visit their website. You’re better off just deleting those.
>> If you suspect your account has been hacked, stop using your computer.
If your account has been hacked, your computer may be hacked as well. If a cyber-crook has access to your computer, changing your Gmail account password won’t help. They’ll know the new password also. Hire a computer pro to check your machine for viruses and malware, and remove them. Having antivirus software that is up to date can help prevent this. However, if you clicked on a nefarious link (see previous paragraph,) it will then bypass your security software. In the mean time find a computer or device that you don’t normally use (preferably not a public computer). You can access your account with it to change your password.
We hope this will help you realize that your computer security is not something to take lightly. While we can’t help you with fixing your computer, we can help you if you feel your checking or savings accounts may be in jeopardy. Please contact your Personal Banker or our Customer Care Team if you have concern that someone may have access to your bank accounts or online banking. We can walk you through the process and help you determine if your bank accounts are at risk. If they are, we’ll help you get new accounts setup and the old ones closed.
By the way, a hacked iTunes account goes for around $8. Some Gmail accounts are worth upwards of $30 on a black market. How much would you pay to keep it from happening? That’s the real question.