Monday, July 9, 2012

Your Email Seems Compromised

     There were so many instances where I received "suspicious" email, not from spammers or unknown addresses, but from those in my address book or have previous email exchanges with me.  And in many cases, if I have few minutes to spare, I notify the person that their email seems compromised.  I give them simple steps or suggestions what to do about it.

     More recently however, I see more and more email of this kind coming into my account.  As a matter of fact, important or prominent offices and organizations are favorite target or not spared by this situation (see reference story).  So instead of individually sending them same quick tips I gave to the other people victimized before, I thought of writing it in a blog and just send them the link where they can read more detailed explanations or guides.


So, IF YOUR EMAIL SEEMS COMPROMISED, here are important things that you should start doing:


1.) CHANGE YOUR PASSWORD 
 and make it difficult for others (but easy for you).

- Try using non-dictionary words such as from local language (or dialect)
- ideal password length is fourteen characters
- Ensure password complexity by spelling it with letters, numbers and special characters.

Instead of password, consider making it a “passphrase”, example: BA1!w-k@y0!!?? which translates “you are crazy!?” in English. 
- If you are fond of using dates or numbers, you may also try alternating the numbers with its corresponding keyboard characters by using the CAPS LOCK or SHIFT KEY for the other numbers to comply with your special character requirement.  Hence, example is the event “18 March 1987 is my wedding” will become 18M@RCH!(*&AKOkinasal.


2.) ENSURE YOU SUPPLIED ALTERNATIVE EMAIL 

- If your email was intended to be taken away from you (like hijacking a car or plane), you have greater chances of recovering your email if you have provided an alternative email address.  Try to recover your compromised email through your alternative mail, or answering the security questions you provided to the mail site (hoping they have that feature).  You should also consider revising or changing the security questions and answers you supplied to the email provider.


- Otherwise, if it was intended to be simultaneously used by somebody else (whether by a real person or by a botnet) without you knowing it, the next thing you must do is sign-out of your account immediately (I will explain through a different post in the future why you should do this) and perform the succeeding steps. 



3.) UPDATE (ACQUIRE) YOUR ANTIVIRUS 

- You will never know the extent of attack or infection caused to your computer until you use technology in dealing with technology.  The battle of virus and anti-virus is an on-going cycle.  Someone creates a disease, others create the cure.  And what you must have done before, is to have your computer "vaccinated" by the latest anti-virus updates (technically known as virus definition or virus database) and prevent being "infected".

- There are many good anti-virus software available in the market.  In fact, many are even free.  The Cyber Security Group of the Philippine Navy (NCEISC) recommends using the Comodo Antivirus.  It is a free anti-virus software and has been proven effective, in fact, it is available at the Navy website for its personnel to download.  And I can attest to its effectiveness.  Because this is the only anti-virus that I am using for about two years already.  I used to have another (paid) antivirus running along with Comodo (it works to some by installing Comodo last) but I have to give it up because of renewal payment issues.


4.) UNPLUG THE INTERNET

- Since we already started using some medical terminologies, let me use it's analogy further.  To unplug or disconnect from the internet is to "isolate" or "quarantine" your computer.  Your PC's immune system is already weak because of maybe at least one infection, don't let more illness come in.

- Second, prevent infecting the other computers in your network.

- And the third reason is, your email account might be sending emails behind your back... No, no, no, behind the back of your computer.  This is the reason why you have to sign-out as stated in step no. 2.  Your computer might have already transformed into a zombie-PC (or somebody else is using it remotely), that is why it is sending email to your contacts unknowingly.  And because you are a very adorable and lovable person, the recipients of your email was very glad to get a message from you and excitedly opened the package also containing the same disease.  Then viola! His PC becomes infected too.  And there will be two of you (at least that you may know) sending malicious emails.


5.) SCAN YOUR COMPUTER

- Now, since your PC might have already acquired a disease, let us hope that your anti-virus software already formulated the "antidote" for it (which is why you have to update regularly) and apply the cure by scanning your computer.  Otherwise, your next option is to "reincarnate" or reformat your computer if it is already incurable - and that is a mess.  This is the literal IT interpretation for "an ounce of prevention is better than a pound of cure" :-).


6.) SETUP PERSONAL FIREWALL

- A firewall is different from anti-virus.  It serves as a sentry or guard to validate all incoming and outgoing traffic of your computer.  So it is a matter of configuring how tough or how light will you let your guards down.  I have used Zone Alarm before and I find it very effective.  There is also a Comodo Firewall available, however, it is recommended only to more techno-savvy people because of it's very stringent security settings.  There are also combined Anti-Virus and Firewall products available. 




7.)  UPDATE YOUR OPERATING SYSTEM

- You may have a security guard and a police dog, but you've let the burglars easily break through your house by not fixing your windows.  Some viruses exploit the vulnerabilities of operating systems (Microsoft Windows especially) and reside like parasites.  You might end up again reformatting your computer and installing a fresh copy of the operating system.  Some files may be lost, it's waste of time (even money), and of course - its annoying.



8.) DON'T SEND EMAILS THRU PUBLIC COMPUTERS / NETWORKS

- Finally, prevent getting your account compromised again.  Among the main culprit (as with the referenced story above), is sending emails using public computers (used by more than two persons in your office/work) or public networks (internet cafe/free wifi).  Those computers may be infected intentionally or unintentionally with password harvesters, keyloggers, malwares, botnets, etc.  Social networking sites are easily hacked in these locations.

- Have your own computer for connecting to the internet or at least create individual user accounts in the same common computers.


------------------------- netSECURITYbasics.blogspot.com -------------------------

     I hope the steps above will be helpful and not so tedious for you.  If you have objections, reactions, additional suggestions, I am very much interested in considering them.  Just say it in the comments box below.

     You may consider checking back in the future when I finish doing the following topics:
- WHY BOTHER ABOUT COMPROMISED EMAIL?
- HOW DID MY EMAIL GOT COMPROMISED?
Reactions:

6 comments:

  1. now i know...it will help a lot.

    ReplyDelete
  2. I just hope that I explained it well-enough in layman's term. If in case you find it very technical- kindly speak up. thanks.

    ReplyDelete
  3. Excellent tips! I would add to watch out on suspicious "sender name" in the incoming mail message. And also, attachments are dangerous.

    ReplyDelete
  4. Yeah, you are right. I forgot to mention that.

    ReplyDelete
  5. Although this topic assumes that the email was already opened and the PC already seems compromised. I will take note of that one if I make a blog about "HOW TO AVOID INFECTION FROM EMAILS".

    Thanks.

    ReplyDelete
  6. I really like your blog and have one with similar information. If you have time check it out.
    Alarm systems

    ReplyDelete