Improving my security .... email hacked

jpe20

Hi folks,

In a bit of a tiz here. MAJOR security breach of my email account and paypal account have occurred over the past 4days culminating in a large amount of money disappearing from my paypal account. The fraud has been reported etc to paypal and all seems in hand with regard to that.

NOW IT IS THE AFTERMATH ..... I have to assume that someone has hacked into the email account and hence have access (ie downloaded all my webmail) to lots of my personal information. I have changed credit cards and bank accounts etc. Other stuff like NI number etc I am not too sure how to handle?

Anyhow I have always ran AVG, ZA, AdAware, Spybot and ccleaner and this seemed enough, Now I am contemplating reinstalling windows next week!!!! Maybe I will buy something new security wise.

Also may take out some form of identity theft insurance?

So what do you techies do if you get hacked??????? How do you clean up ???? Both computer wise and paperwork wise?

Off to download HiJack this .... Already run googles spyware pack .... only minor infections found .... tracking cookies etc.

POSSIBLE CAUSES OF HACK ...... (in hindsight) ... possible drice by download (hard to close download .exe pop up) when surfing for some hard to find furniture maker!! Security being on WEP for a few days while I had connection problems now back on WPA. Just unlucky .... first incident in 12yrs of net use?

Things to do ...... thinking out loud ... bit muddled at the mo
(1) Changed all passwirds,,,, (2) Fix my other PC so I have back up PC if the reinstall of windows fails. (3) Collect drivers for windows install etc. (4) Change NI no.???? (5) run out of ideas for now......

Any how any tips both tech and real life appreciated on this issue.

Jools

Marty_J

How much money do you feel like spending?

I know I might get flamed for this, but you could consider buying a Mac. Spyware, malware, keyloggers and the like are far less likely to bother you.

If you don't feel like spending any money (this is moneysavingexpert.com after all!), you could consider using Linux. There's a bit of a learning curve, but it's free, more secure than Windows, can run some Windows programs, and you can dual boot it with Windows so you have Windows there if you need it.

Cat695

Are you sure it was your computer and not you using a fake paypal site? very rarely are peoples PC's actually used to obtain information.....more likely "they" have actually done it themselves (though unintentionally)

have you used paypal recently etc given detials out to this furniture site etc? i'd be pretty shocked that none of your antivirus etc didn't pick something up (especially ZA)

jpe20

The paypal site is genuine .... (I phoned them up and they confirmed the money loeaving my account). No payment details given to furniture websites!!!! Was just looking for a company called MTE furniture.

Can't buy anything at the moment anyway cos myu card is canceled!!! Though may consider spysweeper. Don't fancy Linux and the Mac is too dear.

I've had this Windows 2000 type login box appear recently on my windows splash screen when windows starts and another for the shutdown ... Does this indicate that there is some type of unauthorised VPN activity going on without my knowledge??? How do I get rid of this annoying login box at the start of windows??? I have no password as it is a machine that I use only in the house.

Jools

Nilrem

My basic approach to email security is

1: Use common sense when opening emails (don't click links to sites in emails, and certainly don't enter personal information in such sites).

2: Keep your Anti-virus up to date.

3: Keep your OS and browser up to date with any patches etc (i tend to have windows set to download but not install updates to the os so I can check them out myself).

4: Use 2 or more email accounts. One public, one "private" only use the private one(s) for things like paypal.

5: Don't use something like hotmail/gmail for your private email addresses.

6: Use a good password something random like hu1dl0v rather than gooner03 (especially if you're an arsenal supporter;) ).

7: Don't use a password reminder that is obvious.


I actually have about 8 email accounts at the moment that I use for various things with my hotmail being used visibly for various forums, my gmail being used largely by family, an isp one for banking, and then a few more for thngs like online shopping.

It's amazing the number of people who will have all the best PC security, a fairly hard password for their paypal account, then use "freemail" with a weak password (or weak password reminder) for their paypal account.

iviv

Indeed, its more likely you accidently put your information into a pishing site than you having a keylogger that none of those security programs picked up.

Another possible option is you using the password on other sites. Using the same password for your email, paypal, and also signing up to an unknown forum with the same password. Some forum software can store the password in plaintext, so the forum owner can simply access the file and see all the users usernames, emails and passwords.

elfreako

Nilrem wrote: »

My basic approach to email security is

1: Use common sense when opening emails (don't click links to sites in emails, and certainly don't enter personal information in such sites).

2: Keep your Anti-virus up to date.

3: Keep your OS and browser up to date with any patches etc (i tend to have windows set to download but not install updates to the os so I can check them out myself).

4: Use 2 or more email accounts. One public, one "private" only use the private one(s) for things like paypal.

5: Don't use something like hotmail/gmail for your private email addresses.

6: Use a good password something random like hu1dl0v rather than gooner03 (especially if you're an arsenal supporter;) ).

7: Don't use a password reminder that is obvious.


I actually have about 8 email accounts at the moment that I use for various things with my hotmail being used visibly for various forums, my gmail being used largely by family, an isp one for banking, and then a few more for thngs like online shopping.

It's amazing the number of people who will have all the best PC security, a fairly hard password for their paypal account, then use "freemail" with a weak password (or weak password reminder) for their paypal account.

This is true password strength is a must, always try using numbers within the text as this is harder to crack.

Make sure that you use a number of spy ware programs to protect yourself as well as virus software.

I use adaware, spybot and spyware blaster all in together.

jpe20

Can I install Leopard (Mac OS) on my Acer Laptop in a dual boot??

Jools

superscaper

I'd say the majority of "hacking" is just social engineering. As mentioned either phishing emails, guessing weak passwords etc.

iviv

jpe20 wrote: »

Can I install Leopard (Mac OS) on my Acer Laptop in a dual boot??

Jools

Sorry, Apple don't want you using their OS unless you've shelled out for their own hardware.

Conor_3

jpe20 wrote: »

Any how any tips?
Jools

Yeah, stop using WEAK passwords. For anything important, I use a 16 character password containing letters and numbers which isn't merely a word with obvious characters replaced by numbers or numbers added at the beginning or end.

You want something like:
gdffds45fk659jkz

..which just looks like garbage or encrypted data to anyone trawling through code, especially if you just use the letters a to f.

Using any word that can be found in a dictionary or on google is a waste of time.
Using something like "ribbon" but replacing letters with numbers to give "r1bb0n" is also a waste of time, as is "1234ribbon" or "ribbon1234" and similar. DOB, pets names, kids, names, important dates etc are all a waste of time.