September 30, 2018

Danger, Will Robinson!

I got a wake up call the other day.  In the form of spam.  Though I should have expected something like it at least by now.  And in retrospect, it’s probably a good thing it arrived, as it got me thinking about security, which I’ve been rather lax in for at least the last several months, and even years.

Suffice it to say, it was one of those emails that gets your attention when you’re scanning through the inbox.  In the subject line, all it said was ‘account was hacked’.  So I clicked on it, and the body of the email certainly got my attention, which of course it was designed to.  It revealed essentially the password to one of my email accounts (accurately), and said that whoever it was that had sent me this, has/had been monitoring my account for the last few months, not to mention they’d supposedly accessed my webcam (at this point I determined it was unlikely, since I’d received zero information from my computer security portal suggesting there was anything amiss) and had been recording my doings from both without and within.

After that info, there was the kicker.  Send $700 USD to their Bitcoin account within 48 hours and they’d ‘delete’ whatever information they had, and everything would be just fine.  (Of course, there was the implied threat that if I chose to ignore it, my ‘friends and family’ would get an email with compromising information in it.)  At this juncture, I was ready to call their bluff, since too many factors about the email were not adding up.  The only thing that concerned me was that indeed they had gotten the password correct for the email account they’d referenced, which meant there was a security problem, though it was one I was well aware of, I’d just been rather lazy about doing something about it.

Consequently, I spent the next hour upgrading my security, changing passwords and making them MUCH more secure.  Whereas a lot of the email passwords were easy to hack and quite basic, mostly for the ease of entering them in over the years.  I went the distance and changed them to complex alphanumeric ones, that are far and away more secure.  I went ahead and upgraded some other things as well, and talked to the people who host my domains, to make them aware of what had transpired.  I was assured by them that their security measures are definitely what I’m paying for, so things on their end are and have been good to go.

Looking back on this, what these people are doing is certainly unethical, mean (and certainly probably illegal) but in a way they did me a favor, opening my eyes to the fact that in some ways I was kidding myself in terms of what I was calling security for some of my online activities.  I’ll certainly be more aware and cognizant in the future!