At Plante Moran Financial Advisors, we understand that individuals, families, and businesses want to ensure their information, legacy and reputation are protected. Spamming, email account hijacking, and/or “phishing” are becoming larger problems - with hackers trying to gain access to important information, such as login credentials or account information by masquerading as an entity or person in an email, IM, or other communication channel.
To help ensure confidentiality, integrity, and availability of data, here are a few best practices to help you from becoming a victim of this increasing problem:
Password strength and spam from someone you know
Information security experts have identified two common trends about hijacked email accounts. First, many accounts have weak passwords that make them easy targets for hijackers. Second, when someone’s account gets hijacked, their contacts often find out before they do, because the hijacker uses their account to send spam or phishing emails to all of their contacts.
Having a strong password is just one step to protecting your account. You should periodically change your password. Relying on the same password for a long period of time may reduce your security.
Getting spammed by someone you know typically involves a message from a family member or friend. It may contain a somewhat obvious spam, such as an advertisement. In other cases, it may be an attempt to fraudulently obtain money. A common scheme involves a plea for money with an explanation about someone you know is stuck in a foreign country and needs cash. Payment instructions are provided with a telephone number to call for verification.
Email security best practices
To assist you with protecting your email account(s), we recommend the following:
- Choose a strong password. A strong password uses letters, numbers, and special characters, and is longer than eight characters. Don't use a birth date, generic word, or a set of characters such as "password" or "12345678." Use a combination of upper and lowercase letters if your email program allows it.
- Use a unique password for your email account. If you use the same password for all of your online accounts and one account is compromised, then the hacker will have access to everything - including your email account. Use different passwords for different purposes.
- Avoid sharing your email address on the internet. Placing your address in public forum messages or otherwise spreading it around in full view online is an invitation for spammers to spoof or clone your email. Essentially, spammers collect email addresses and send out spams that appear to come from those addresses. Don't make it easy for spammers to find and impersonate your address.
- Use anti-virus software and keep it up to date. Anti-virus software is one of your most important lines of protection for general computer security. Anti-virus software can alert you if you click on an infected attachment in your email and can prevent your computer and accounts from becoming compromised. Separate spyware scanning programs are also available. Scan your computer periodically to check for potentially dangerous programs that might have slipped by.
- Use an email program with a spam filter. Most email applications have spam filters built in that will filter out potentially dangerous emails that could give hackers an in-road into your email account or computer. Flag spam emails that aren't caught automatically and don't open emails from unknown senders.
- Protect your email address and password. Any person or website that asks for your email password is most likely not legitimate. Your email provider will never ask you to give out your password or type it into an online form on another website. The same goes for phone calls from people who may be pretending to be from technical support. If you have any doubt, contact the company directly to verify the request or determine if a webpage is legitimate.
- Consider maintaining more than one email account. You can have a private, personal account as well as a different one that you use when signing up for online services or filling in online forms. Be sure to use a different password for different email addresses and other sites. Providing your email address to a site which has a password similar or close to other email passwords can provide a hacker with the information they need to take over your account.
We would also like to encourage you to read a recent blog posted in Crain’s Detroit, “WannaCry? How to protect your personal, work devices”, written by Raj Patel, partner-in-charge of Plante Moran’s cybersecurity practice.
With your best interests as our priority, please feel free to contact us at any time.