Recently, a friend’s email got hacked. He is using Yahoo and his email was compromised. The attack sent out a link like the one below to every person in his address book. If you’ve been using email for any length of time, chances are, you have received an email from a friend that looks like this:
Since the email comes from someone you know well, you trust them and you click on the link in the email. Now what? What just happened? We’ll address the 4 steps to resolve this problem for both those that had their email hacked and those that received the hacked email. The link that gets sent to all those in your address book may have multiple purposes.
1) It may be designed to steal your password through a known vulnerability in the Yahoo email client. See this link if you’d like to understand more about how the hack works. If the hackers know your password then they can potentially gain access to sensitive information that has previously been emailed (Hint: Never email sensitive info).
2) The link may download a virus or Trojan onto your computer that will allow your computer to then attack other computers. Sometimes the virus is designed to just capture information from your computer or serve ads to you when you browse.
There are many other scenarios that I could go into that would bore you so I’ll leave the examples at the two above. The important point is to understand that the security of your email can be easily compromised but there are steps you can take to protect yourself if you are compromised.
If you are the person whose web based email (Yahoo, Hotmail, gmail, etc) address has been hacked, the first thing that should happen is to change your password to your email. Typically, this will solve the problem for the hacked email address. Now comes the fun part – those that received your hacked email.
IMPORTANT: The best practice is to NEVER click on a link in an email unless you are expecting it and know the link is taking you somewhere safe. If you are not sure, contact the person that sent the email to ensure the link was purposely sent and that it’s safe to click on.
If anyone that received your message accidentally clicks on the link, the situation unfortunately is potentially more serious. Here are the three steps to do immediately after clicking on a link from an infected email.
1) SHUTDOWN – One can never predict what website the hacker is sending them to but the first thing to do after clicking on the link is totally shut the computer down and restart. This clears out any virus information in the computer memory. Many of these “viruses” are not actually installed on the disk
2) SCAN – After startup, you should run a FULL virus scan with your AntiVirus program. You do have antivirus software right? It is up to date right? All Chiropractors should have monitoring to ensure this but in either case, making sure you have no infection is paramount.
3) SCAN AGAIN – Since no one antivirus software is good enough to trap everything, you should also download a strong malware cleaner like Malwarebytes (www.malwarebytes.com) You can use the FREE version of this to check your computer manually, but as part of our service we include the professional version and centrally control the scans and the monitoring of this program so we are alerted in the event of an infection.
4) CHANGE YOUR PASSSWORD – As a precaution, changing your email password is always a good idea.
This is a great to start for those that click on a link in an infected email. There are a number of other layers of protection that we recommend be implemented to protect your office better but the above items will at least get you most of the way to ensuring no infection. Nothing is 100%, but at least you have the steps to follow if you or a friend are victims to an attack. Some additional resources to further protect your office are listed below.
An audit is a great way to ensuring that you are properly protected. Click the FEEDBACK tab at the right for an audit if you want to know if you are properly protected as HIPAA requires and is just good common sense.
Choosing a strong passphrase and never clicking on links in email that you are not 100% sure of are two of the best strategies to keeping your email secure. See our PASSPHRASE BLOG ARTICLE for help in choosing a secure passphrase (not password) in the first place.
Happy and Safe computing!
Leave A Reply (No comments so far)