Fraud Prevention and Passwords – sometimes the best offense is the easiest defense!

As a business ethics and fraud prevention speaker and author, I find that, nearly every week, someone connected with me has their account hacked and the messages that are sent – well let’s put it this way – they aren’t what they would send.  Adult Friend Finder, Viagra, Canadian drug stores – you name it – the hackers seem to be enamored with using someone else’s Facebook account or email to promote their product or service using your good name.

As an Apple computer user the following was shared related to the common hacking problem that many face.  Take a read and let’s understand the benefit of simple information that can protect your account and your Facebook friends!

Reader Deb Ward is the victim of an increasingly common scam. She writes:

I have a MobileMe account that I believe was hacked. First a message was sent to everyone in my .mac email address book that I was in the UK, held up at gun point, stranded, and to please send money. Then, the hacker was able to get into my .mac account and have my emails forwarded to a Yahoo account! How can this happen? How do I protect my email accounts? And how do I protect the rest of the information on my computers?

While this kind of thing isn’t as common as advance fee fraud (typical of the Nigerian royalty wheeze that’s been around for years), it’s a scam that’s become popular in the past few months. It works this way:

The scammers obtain account addresses (not just from the MobileMe service but other providers as well such as Hotmail, Google, and AOL). They then use computer scripts to generate passwords—using words commonly found in the dictionary—and work through these passwords in the hope of finding one that lets them in. When a working password is found, they go about the nefarious business of grabbing your contacts from the host service and sending out the kind of message that your contacts received. Depending on the service, they can also have messages forwarded to a different account.

COMMENT: I can’t begin to tell you how many FB friends have fallen prey to this “London robbing” scam.  Facts are – when you receive a chat comment or email from a friend announcing their robbery – the initial damage is done.  Now if this come via Facebook chat – my recommendation is (1) keep the chat going.  Express your concern and keep a dialogue while (2) opening another browser and going to Facebook to report the activity.  I have found in doing that – that the folks at Facebook are quick to disable the account thereby eliminating the perpetrator from continuing to scam friends who might be shocked into monetary submission.

Your best hope is that those you associate with are smart enough to ignore this obvious bit of phoniness or, at the very least, check with you to be sure that the message is legitimate. On the other hand, those who do pungle up the dough can be counted as extra special (though pretty gullible) friends. Please treat them gently.

As for protection, Protection Tip Number One is to use a password that can’t be easily guessed. If it’s in the dictionary, it’s a bad password. If it’s in the dictionary and you’ve appended a couple of significant numbers after it—your birthday or age—it’s still a bad password. If it’s a pattern of characters on your keyboard—adgjl’, for example, it’s a bad password. If it’s eight characters or less, it’s possibly an okay password, but not a great one.

Protection Tip Number Two is to not use the same password for everything you do. If you unlock your e-mail, Apple ID, Amazon account, Mac administrator’s password, and bank account with that single password, imagine the havoc that results when it’s cracked.

COMMENT:  Excellent suggestion.  While I admit I like to keep the passwords simple for me to remember, it makes sense to have three or so that you use so that in the worst of circumstances one password does not open your entire world up to hackers!

There are a variety of strategies for creating and remembering passwords. People often substitute characters for letters—$ for S, @ for A, and ! for L. Others remove vowels—grtbllsffre1957, for a Jerry Lee Lewis fan, for example. Others still write random strings of nonsense, write down those strings, plunk the passwords into their Mac’s keychain, and lock the written passwords in a safe place should they need them. (These are people who have complete control over their computer—the one in their home, not in the office.)

Because I have a brain like a sieve, I use Agile Web Solutions’ $40 1Password. Not only can it keep track of all the passwords in your life, it can also generate them. Like so:

1Password’s password generator

When you come to a website you need a password for, select the password field, click and hold on the 1Password button that appears in your browser, and choose Strong Password Generator. In the sheet that appears the title of the site should appear along with its location. Use the Length slider to choose a length for your password (the longer the better) and click Fill. 1Password will fill in the password field with the password it just generated. It will later prompt you to save the login information for that site—your username and password. When you next visit, you can ask 1Password to fill in this information for you.

If you lack the inspiration to create a password for some other kind of account—your e-mail account, for example—1Password can help there too. Just launch the program, choose Go -> Generated Passwords, click the Plus (+) button at the bottom of the second column, and use a procedure similar to the one I just described to create a new password. 1Password will remember this one as well.

FINAL THOUGHTS:  If creating a simple but effective password can save your bank account, credit card information, Facebook account and email – then it makes sense to take the steps necessary to protect yourself.  After all the best defense is a good offense and creating an effective password is OFFENSIVE RULE #1.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: