When your email, credit card, or identity gets hacked, it can be a nightmare. Knowing what to expect can be a help; knowing how to head off the hackers is even better.
A nation-state hacking campaign like The Mask is designed to do its dirty work while remaining undetected. Analysts have determined that The Mask escaped detection for five years or more, working away in the background, stealing secrets. A hacker who gets access to your personal information, on the other hand, will probably act immediately, hoping to get as much benefit as possible from his unauthorized access before you detect it. What can you do once you’ve been hacked?
How will you know?
Your first indication a hacker has compromised your credit card may be unexpected items on your bill. Always read credit card bills, and take care to figure out what every line means—even the small ones. You can use a personal finance service, such as Mint.com, to keep an eye on all your credit card transactions from one place. Card-thieves will occasionally put through a few small purchases, just to make sure the card is OK, before making a big purchase.
If you’re lucky, your bank will detect fraudulent activity, decline the charges, and issue you a new card. That’s a pain, of course, as any automatic payments you’ve configured will need the new number. But it’s better than letting hackers buy a Caribbean vacation with your credit.
Scammers can use a compromised email account to broadcast spam, or to send targeted email scams to your contacts. Your first clue may be worried phone calls from friends asking if you’re truly stuck in a Paris airport with no cash, or irate messages from those “you” have spammed.
An identity thief can also use your personal information to open credit accounts, accounts you know nothing about. You might only find out when a request to refinance or open a new line of credit is denied. At AnnualCreditReport.com you can request a free report from Equifax, Experian, and TransUnion once a year. Don’t get them all at once; space them out at four-month intervals for best coverage.
What happens next?
credit card compromise may be the easiest hack to weather. You’re not responsible for the fraudulent charges, and once the bank has issued a new card the problem is effectively solved.
Regaining control of a hacked email account can be tougher. You’ll have to contact the email provider and prove that you’re the true account holder. Of course, if the hacker changes your password, you can’t use your regular email to contact the provider. It’s important to have more than one email address, and make each the alternate contact address for the other.
Did you use your email address as a username on other sites? That’s certainly a common practice. But if you also used the same password that you used for the hacked email account, those accounts are now compromised as well.
Even if you didn’t use the same password, you could still be in trouble. Think about this. If you forget a website password, what do you do? Right—you click to get a password reset link sent to your email address. A smart hacker who has control of the email account will quickly seek your other accounts, social media, perhaps, or worse, shopping and banking accounts.
After recovering from an email account takeover, you absolutely should visit every site that’s associated with that email address and change your password. A password manager will be a great help at this point.
Help for identity theft
Full-on identity theft can be a nightmare. Victims can spend thousands of dollars over weeks and months trying to get their online identities and lives back in their control. The Federal Trade Commission offers an excellent advice site with full details on how you can proceed.
Start by putting a fraud alert on your credit with one of the big three credit-reporting agencies. This will help stop the fraudsters from opening more accounts in your name. Order your credit reports, so you can see what’s happened. And make an official identity-theft report with the FTC.
The site goes on to specify absolutely everything you need to do in step-by-step fashion. It includes checklists so you can make sure you didn’t miss any tasks, as well as sample letters and forms. You won’t go wrong relying on this useful resource.
Won’t get hacked again!
How can you make sure you don’t get hacked, or don’t get hacked again? As far as credit cards go, there’s not much you can do, other than avoid shopping at shady retailers, real-world or online. When chipped credit cards become a U.S. reality next year, they’ll secure in-person transactions thoroughly, but they can’t help with card-not-present online transactions.
Poorly-secured websites can expose your email address and password to hackers, but using a bad password leaves your account wide open to a simple brute-force attack. Use a strong password for your email account, and a different strong password for every other account or secure site. Yes, you’ll need a password manager. Editors’ Choice LastPass 3.0 is free, so there’s really no excuse for not protecting your passwords.
On some sites, you can request a password reset by answering a few simple security questions. The problem is, in most cases the bad guys can Google up the answers to those questions in seconds. If you’re allowed to define your own security questions, do so, and choose strong questions—ones only you could answer. If you’re forced to choose from lame questions like your mother’s maiden name, don’t use a truthful answer. Pick a false answer that you’ll remember. And don’t use the same question/answer pairs on multiple sites.
As for protecting against full-scale identity theft, there are some things you can do. Never fill out any information on Web forms that isn’t absolutely required. If it’s required but not relevant, like your street address on a site that doesn’t ship things to you, make something up! Get an inexpensive shredder for paper bills and statements. Review all statements, and make use of your free credit reports.
Yes, there’s some effort involved, some vigilance. But it’s vastly less than the work you’d have to expend to recover if hackers managed to steal your identity.
(article by N.J.Rubenking)