Amal Yeargin

Knowledge Areas : Real Estate in South Carolina, Residential Sales

Reputation Score: 95

Submit An Answer

Answers ( 3 )

 
  1. Can you describe in a little more detail what happened?  Did someone else get your credentials and start sending emails from your account?  

    UTC 2021-01-13 01:55 PM 0 Comments
  2. Yes, e-mails were sent to my contact list asking them to open a file (I am a Real Estate broker). I also received several return to sender emails. I checked my account, the emails did not originate from my account. I was advised to change my email password and I did, .but I do not know how the hacker got my contact list.

    UTC 2021-01-13 05:52 PM 0 Comments
  3. From what you describe, it sounds like some of your passwords were compromised.  Unfortunately this happens all too often, as the online companies we use fail to completely secure the user information we trust them with.  


    The first thing you need to do is change your email password - check, you've done that.  The NEXT thing you need to do is change ALL your important passwords, starting with anything that might have been compromised in your emails.  More on "best practices" in a moment.


    How it happened?  One good way to check is to visit https://haveibeenpwned.com/ and enter your email address - it will show you the various breaches in which your information was compromised, and crucially, the dates when the information was released.  This will help you know if you've updated your passwords recently enough.


    Many corporations require employees to change passwords every six months.  This is a good idea for EVERYONE.  Additionally, you should use separate email accounts, ideally from separate providers, to limit the potential damage of a leak.  Email is functionally free today, with Gmail, Yahoo, Hotmail, etc all willing to give you a new account. 


    I recommend having a "spam" email address that you use for all web services you sign up for - anything you use that is web-based like MyFitnessPal or Patreon or TheSageBoard - use unique passwords for these sites but don't point them at your MAIN email account, which you use for banking, work, etc.  


    Strong passwords are essential, but remember they are no better than "passwrod" if they are published when the site you are using gets hacked. That's why you need to change passwords regularly, at least on the most important stuff (bank, broker, etc).  One good way to have strong passwords that are fairly easy to remember is to have a phrase or sentence that you memorize, and use regular variations on it when you change them.  This was popularized in a webcomic called XKCD, where he pointed out that its easy to remember "Correct Horse Battery Staple" but very hard to remember a random string of numbers and digits. You just have a little story about how a horse was trying to remember the difference between a battery and a staple and they were correct - humans are good at stories but bad at random strings of information.  Have a list of mammals you rotate through to change the password - "Correct Cow Battery Staple" is, as far as computers are concerned, an entirely different password, and if the "horse" password is leaked, a spoofer trying to use it won't get into an account with the "cow" password.  And because spammers are lazy, they aren't going to try to figure out your new password, they will just move on to someone who hasn't updated their information.

    Take that a step further and have a phrase or story that you use as a baseline, and put some kind of reference to the site you are creating the password for.  Say the first word of the phrase relates to the site.  "Wise Horse Battery Staple" could be your "Sage" password.  "Healthy Horse Battery Staple" could be your "MyFitnessPal" password. "Noble Horse Battery Staple" could be your "Patreon" password.  You still change out the second bit every six months, but now you have a way to remember ONE word that is associated with your site's password, and ONE changing key that you can make an excellent guess at if you've ever forgotten what it is.  


    You'll have to modify this a bit for some sites which require a number and a non-alphanumeric character, or only let you have 8 characters or something, but the beauty of this is that once you've created your personalized "password key" you can safely use it everywhere, and almost never forget it, even for sites that you use once a year.  You can safely leave clues for yourself in a note, because only you know that "bivalve mammal standard" is your password clue for your "oysters.com" account, and even if someone DID put that together, they don't know which mammal you mean or what the second half of the password would be.  But YOU do, and you can tell someone you trust your key or write it down someplace safe so that, in the event something happens and someone else needs to get to your information, they could do so.

    That's a lot!  Sorry!  :)   To sum up:


    1) Have good passwords that are easy for you to remember and hard for computers to guess.  

    2) Change passwords regularly.  Have a calendar alert or something, put an hour on your calendar to go through your important accounts and update the passwords every six months, and then DO IT when that appointment shows up.  :)

    3) Use separate email accounts for important websites and casual use ones


    I hope this helps!  Good luck!

    Accepted UTC 2021-01-14 01:40 PM 0 Comments

To answer this question, you must be logged in.

By Signing up, you indicate that you have read and agree to Sage's Terms and Conditions and Privacy Policy

Create an account

Already have an account? Login.