WATCH YOUR PASSWORDS!!! LITERALLY

Many times I receive mails from email addresses of friends, colleagues and brethren, and I know their mails have been hacked into. Of course those mails ask for money or contain Trojans that can be used to hack or hijack my own account if I am not careful. When I investigated how people’s accounts are hacked into, I realized that you actually have to give the hackers your details (username and password) by yourself; it is extremely difficult, if not outright impossible, for anyone to guess your password. No matter how simple a password is, there are usually trillions of combinations possible so that it is just impractical to attempt to guess someone else's password. Only those who know you intimately may try the possibilities of things like your children’s names, spouse’s name, birthdays etc. For this reason hackers device several methods to have you hand over your details to them.

I want to share briefly a compilation of the methods that I have seen delivered as mails to my email so that others may beware. I decided to do this because I realize that so many people still fall for them.

The summary for most of these methods is that an interphase is presented to you appearing like your mail provider (eg yahoo, gmail etc), bank, Facebook (or any other social network); when you attempt to sign into your account in any of these, you are actually simply handing over the details to thieves. Here are the ways by which they present these pages to people.

1. Attached financial documents.

Sometimes you receive a mail with an attachment that is supposedly a scanned bank teller, notification of some transactions, invoice, or any such thing. As is to be expected, this would arouse your curiosity especially since a lot of times it is from a friend’s email account (already hacked). Once, I saw this in our ministry’s email; since we operate by free-will donations and so often get notifications of payments into the ministry’s account, and because we have a rule to confirm and acknowledge all donations when we are so notified, it was only natural that I would click on the attachment. And I did, but I quickly saw something odd (my web designer says I’m not just an average user).

This is what happens next when you click: suddenly yahoo (or whoever your email service provider is) tells you your account needs to be re-logged into as your session has expired. The login page would pop up in front of you. If you do log-in, you have donated your login details to the hackers; it is a cloned page. That is why you must use a sign-in seal if you can. If you have a sign in seal, never log-in without seeing your seal.

Warning signs: Anytime you click on an attachment and you are told your session has expired, it is most likely it is phishing attachment. Simply close that window and go to another window to assess your mail. If you pay some attention, you will notice that the attachment has .html extension or the page that opens has a different content in the address bar than what you were using.

NB. You may wish to use an email client for your mails, like Outlook, Thunderbird, Operamail etc. Since these automatically sign-in for you, you would easily know it is a lie when told your session has expired.

This is the general principle that is used even in the other types of mails I am enumerating below. The mails only differ in the ‘bait.’

1. Off-line messages.

Another bait that is often used to tell you you have an off-line message. To read, there is a link in the short message. When you click on that link, either the mail will apparently tell you to re-login in or you will be asked to sign in to either Facebook or another of the social networks; in doing so you would be simply handing over your login details. Sometimes the link tells you to read a story or download a free material.

Other gists often used include “See Anita’s pictures” (whoever Anita is), “You have 1 unreceived e-card” “you have won 50,000 dollars, click to claim.” etc.

By the way, note that you cannot win a lottery when you didn’t play one. Your email will not be randomly selected by anyone for a money winning. Many people unfortunately believe in those kinds of miracles (maybe they sowed a 'dangerous seed' and are waiting for a harvest).

Warning: If you get a mail telling you to click to read an offline message or a message someone left you, just ignore the mail. It is a most likely a scam. Be wary of any link you click on and you are immediately asked to login to anywhere.

1. Updates and Suspended accounts

This is about the commonest of the lot. Your bank, Yahoo, Facebook etc, tells you that your account needs to be upgraded, is at risk of being suspended or even has been suspended. “Click to verify” or “click to update”. I am sure we all know these ones are phishing mails. Yahoo now routinely displays the real emails of the senders, so it is so obvious they are from elsewhere apart from your bank or yahoo. It is unfortunate that many people have not been vigilant.

Note: Anytime you have to login to your bank or email account; ALWAYS directly type in the url yourself; NEVER use a link supplied via any email.