A few weeks ago, tech blogger Abe Olandres of Yugatech posted how his PayPal account was hacked, resulting in the unauthorized transfer of a significant amount of money to another’s account. As if that incident wasn’t bad enough, the opportunistic hacker changed Abe’s passwords, shutting him out of his own accounts.
This incident panicked me, since I also use PayPal for online shopping and other payment services, and Abe wasn’t exactly a newbie in the tech department—the fact that this happened to him was really alarming.
Olandres theorizes that the hacker found an opening via his Gmail account, where the hacker subsequently asked for a password reset from PayPal, and accessed the reset information via Gmail. Thankfully, PayPal and parties concerned were quick to rectify the damage done to Yugatech’s account. Nevertheless, this experience made Abe more vigilant in keeping his e-mail account secure.
We may not realize it, but e-mail has become an ubiquitous presence in our lives, it has become the primary method of communication for most people, especially those who are bound to their desks in front of the computer the whole day. Our e-mail accounts also become the gateway for all online services we sign up for, like customer accounts for online merchants, forums, and social networking sites. It is also where forgotten passwords are sent or reset, which is why it is important for us to safeguard our e-mail accounts like it were a vault.
Gmail, one of the most popular free e-mail hosting clients is now offering users a two-step verification process for extra security. This method uses an authentication code sent to your mobile phone—either via SMS or voice call—to access your account together with your password. Smartphone users can download an app that instantly generates unique authentication codes that only work once, after which another one is generated for your next log-in.
No one will be able to access your e-mail account without the generated authentication code, and while this method may not appeal to those who don’t have their phones glued to their hands (like mine is), it’s a good safeguard to have, especially if your e-mail account is linked to information sensitive accounts, like online banking, credit cards and the like.
After Yugatech’s scare and decision to employ this added layer of protection, I decided to apply it to my account as well. It is a bit tedious at first having to have your phone on hand when signing on a new computer, but it’s reassuring to have that extra bit of security. Plus, it’s rather cool, it makes me feel like one of those guys in the movies delivering a secret briefcase handcuffed to my wrist.
Arm yourself with these good e-mail habits to help protect yourself from the headache of getting hacked.
1. Don’t make it easy for them to guess what your password is. Use characters, numbers, a mix of uppercase and lowercase letters and do not rely on common words like “password,” “love” or your “firstnamelastname,” or worse, your user name.
2. Don’t give it away too quick. Most banks, online merchants or payment gateway sites like PayPal will never ask you to provide your user name and password in an e-mail. If you receive an e-mail like this, this could be a phishing scam, where the unsuspecting user is led to a non-secure dupe site where they “grab” your user name and password the moment you enter it. When in doubt, forward the e-mail to the concerned site’s support center or better yet, open your browser and enter the site’s address directly versus following a suspicious link in the e-mail.
3. Spam, beware. Don’t sign up for every interesting online promo you come across. Some of these are bogus and these unsavory sites will pass on your e-mail address to more spammers. Yahoo mail protects you from spam by giving you an alternative e-mail address to keep your original one untouched by junk mail.
4. Using a public computer? Make sure not to click yes when you are prompted for your password to be saved, and always remember to log out after checking your inbox (make sure the “Remember me” box is not ticked).