Should you worry about your online accounts being compromised by so called ‘hackers’?

Lately in the news, hackers are claiming victory as they proudly announced that they have acquired massive amounts of password from Sony, Facebook, PayPal and the CIA.

A group called themselves, Lulz Security (or simply LulzSec) claims to be responsible for the cyber crimes and have successfully attacked websites such as, LinkedIn and X-Factor, altering their web pages.

So how can this group of hackers able to steal customers’ passwords from highly secured online companies? Are they that intelligent to actually ‘hack’ into their data bases? What can we do to help prevent this from happening to us?

1. Ensure your passwords are protected and difficult to guess at.

Here are some tips to protect your Password:

  • Do not use the same password for every account you have. The reason for this is that, if the password to one of your accounts has been compromised, chances are, these criminals will try that password with similar or associated accounts.
  • Change you password regularly.
  • Do not use your User Name or your Email Address as a password. For example, if your User Name is: LULZSEC, do not use LULZSEC as your password. If your Email Address is:, do not use LULZSEC2011 as your password
  • Use Letters, Numbers, Special Characters, Upper and Lower case characters. Your password should be at least 8-10 characters long.
  • The password should not be in anyway related to your User Name or your Email Address associated with your account.

2. Beware of fake emails used to steal your password and other sensitive information.

Beware of ‘Phishing or Spoof’ emails from criminals impersonating to be legitimate companies in the attempt to acquire sensitive information such as Usernames, Passwords, Credit Card details and other sensitive personal information.

This process is simple and very easy to identify, if you stop to think about it. They send a mass, spam email to a list of millions of email addresses, hoping to trick those who actually have an account with that particular company, to click on a link and be re-directed to a web site that looks like the legitimate company. At that point, they will ask you to enter very sensitive information – and that’s how they get your information. They don’t actually ‘hack’ or break into your account, they ‘trick’ you into giving away your password and other sensitive information then, they take over your account.

Here are some things to look out for as these emails always have the same structure:

  • The body of the email will contain an official logo of the company they are impersonating.
  • They will always refer you as “Dear Member” or “Dear User” or “Dear Account Owner”, “Dear xxxx Customer”, etc. All legitimate companies, if they send emails, will always refer you by your Full Name.
  • The email subject and intent of the email is to create a sense of urgency, so that you will act fast to resolve the concern. For example, “your account is over it’s limit” or “your account has been suspended, please update your information”, etc.
  • You may notice spelling errors or bad grammar within the email. No one said these criminals are educated.
  • There will always be a way for you to quickly resolve the concern by providing a clickable link within the body of the email. The link may look legitimate and appears to be going to a legitimate website, however, if you place your mouse over the link and take a look at the Status Bar of your email program or the Status bar of your web browser, you may notice that the actual destination is not legitimate. Often, these criminals will go as far as purchasing a domain name with similar keywords or characters of the company they are impersonating.
  • In the body of the email, there may be links that actually goes to the legitimate company’s website such as Help pages or Policy page, but the actual link for you to resolve your account issue, will go to a fake web site that was created for the purpose of obtaining your sensitive information.
  • Take a look at the header of the email and you may notice the email was sent using an email program such as Microsoft Outlook Express. Most companies do not use consumer email programs to send emails. They have a special program for their customer service department to contact their customers.
  • Don’t be fooled by the email address showing in the ‘From’ and ‘Reply-to’ sections of the email because they can easily be altered to look like it is coming from the legitimate company.
  • There may also be a statement telling you to NOT reply directly to the email.

Below is a sample spoof or phishing email, targeting PayPal customers.

sample spoof email trying to steal information from PayPal users

Important things to remember, to prevent being “Spoofed” or “Phished”:

  • Legitimate companies will always address you by your Full Name.
  • Legitimate companies will never ask you to resolve your account related issues by clicking on a link within an email. Instead, they may provide you with instructions to manually sign on to your account to resolve the issue.
  • When in doubt, call the company by telephone directly or manually open up a brand new web browser program and sign in to your account to contact the company by using their web form. If you are certain the email you received is a fake, spoof or phished email, simply delete it without clicking on any of the links within.

3. Protect your computer from malicious malware and spyware programs that can track your keystrokes and passwords by sending the information to criminals anywhere around the world.

Here are a few important tips:

  • For Windows computer users, ensure the Firewall setting is ON.
  • Have a valid, paid subscription to an anti-virus or internet security software. There are many free programs out there, but you know the old saying, “you get what you paid for.” With hundreds of new viruses, spywares and malwares being created every day, it is vital to have protection installed on your computer. Companies such as Symantec created a software program called, Norton 360 is one of the best on the market that provides the most advance security. It is constantly updated so that your computer is protected by any new viruses, spyware or malwares being created.

Should you worry about hackers stealing your passwords and sensitive information?

Should you worry about hackers taking over your online accounts?

Should you worry about companies protecting your sensitive information?

You decide!

Copyright © 2011 All rights reserved.
Reproduction of this post in any form is prohibited by federal and international laws. Violators will be prosecuted.