Apr 222014

A client called me about her computer being hacked. Turns out that only her AOL account probably was hacked. People in her address book were getting odd email messages supposedly from her. Her PC was okay otherwise.

She’s one of many experiencing the problem. PC World noted the situation in their article “You’ve got spam mail: Slew of AOL email accounts fall prey to spoofing attack.” There’s a hash tag #aolhacked tracking reports of the problem.

It’s unclear whether in all cases AOL accounts were hacked or somehow address books were compromised and used to spoof email addresses.

AOL recommends changing your password. That may help if your account was hacked. But if your account is being spoofed, that’s another matter, with no ready solution. AOL has a page describing the difference here.

PC World also recommended reviewing these computer safety tips: How to protect your PC against devious security traps.

The classic case of spoofing is where you receive a message purportedly from yourself to yourself — something that you did not do.

Remember that email is modeled after the United States Postal Service (USPS). So, it’s easy for anyone to put whatever “to” address they want on an envelope as well as any “from” address.

You just have to be careful, especially with email messages with subjects like “Hi” or “How are you” or something else that’s really general or vague (or even blank). And beware of phishing scams that have subjects regarding undeliverable packages.

In general I recommend that everyone have at least two email addresses with different service providers. So, if you have an AOL account, then also have a Google account with a Gmail address as a secondary address.

Prof’s Hack Challenge Revealing

 Computer, News  Comments Off on Prof’s Hack Challenge Revealing
Dec 092013

PC World summarized the results of a New York University Professor’s challenge to conduct a personal “pen test” on him.

And the answer, at least in his case, is that knowing that they were out to get him didn’t stop them. He got hacked. As he wrote, in an account of the project last month, while conducting a class at NYU, “without warning, my computer freezes. …”

This article may be viewed at: http://www.pcworld.com/article/2070671/anatomy-of-a-hack-team-meets-a-professors-challenge.html.

Of particular note was that social engineering was key to the attack, “hacking someone’s head” versus clever tech. A phish email was used. As has been recommended many times, beware of emails with links to view something, although prima facie the message appears authentic, from someone you know. Check that link first!

The article concluded with some general advice.