• Home
• Prices
• About Us
  • How It Started
  • Mission Statement
  • Why Choose Computer Wizard?
  • Business Practices
• Virus Corner
• Services
  • Hardware Repair
  • Software Problems
  • Networking
  • In-Shop Service
  • Remote Assistance
  • Business Solutions
  • Computer Hardware Recycling
• Service Area
• FAQ
• Refer A Friend
• Feedback
• Contact Us
  • Directions to Us
• CWI Articles
• Educational
• For Experts
• How-To
• Important
• News
• Service Announcements
• Success Stories
• Tips & Tricks

Email Hackings

In the past month or two I’ve seen an increase in email hackings. A few groups seems to be mainly effected:

- Those who use Yahoo email services (emails ending in @yahoo.com, @sbcglobal.net, @att.net, etc)
- Those who use MSN email services (emails ending in @msn.com, @hotmail.com).
- Those who use AOL email services(emails ending in @aol.com, @aim.com).

Evidently somebody figured out a way to crack passwords to these accounts if the passwords are not very secure. The perpetrators are most likely using a dictionary based attack – which means that they try a large number of usual passwords or a combination of them.

For example if your email password is “jack1″ then it’s likely to get hacked. Why? First it’s too short, and it contains a common name plus the “1″ that most people put there when they are required to have a number in the password.

I’ve had several cases that I have had an opportunity to investigate. I found practically identical modes of operation in each case. This indicates that these are automated attacks based on a software that’s probably circulating in hacker circles.

If someone’s email account is hacked he/she will experience:
- Emails being sent out from their account containing spam type advertising (usually a link to a website). These emails will be sent out to all people on their address book, usually about once or twice a day.
- The first indication one notices is that he/she starts getting “undeliverable” messages and/or angry/confused emails from his/her friends about “Why are you sending me this?”.

The hackers evidently use the online web based user interface to carry out their operations. The evidence on this is that the messages sent out are listed in the “Sent” folder of the user. They are also using the user’s online address book to send out the spam. Here is a sample spam message being sent out:

Note: Daniel Reydel is a randomly generated name.

The only good thing is that the spam sent out doesn’t appear to be spreading viruses, it’s only advertising junk.

The solution:

It’s actually quite simple to put a stop to this type of  hacking. You will simply change your password to something that is harder to guess. Here are some guidelines on what makes a hacker’s life harder:

- Use some capital letters, for example capitalize the first letter, or one inside the password. Passwords are case sensitive so this dramatically increases the number of combinations a hacker would need to try to figure out the password.
- Don’t use a single word that would be listed in a dictionary. You can use a phrase or multiple words put together.
- You can use special characters and numbers in place of characters (for example instead of an ‘a’ you can type ‘@’, or instead of ‘l’ (lower case ‘L’)  you can type ’1′, or instead of ‘s’ you can use ’5′ = these are commonly used substitutions that are based on similarity of appearance. Example: instead of using ‘sally’ as a password, you could use ’5a11y’ which would be much, much harder to guess.

Now the only question that remains: How do I change my password? It’s different for each service provider but I looked up the help pages for Yahoo and MSN and here are the links that help you with changing your password:

- Yahoo: http://help.yahoo.com/l/us/yahoo/edit/id_password/edit-13.html (for Yahoo we found a customer support number: 408-349-1572 — if your Yahoo email is via AT&T then call AT&T instead)

- MSN/Hotmail: http://windows.microsoft.com/en-US/hotmail/hacked-account-faq

- AOL: Just got to: http://password.aol.com

Note: you might need to call the tech support of the provider if you don’t know your current password (it happens when people have the computer fill out the password box for them) and/or the answer to the security questions.

Conclusion:

I hope this article will prove to be useful if you or a friend ever become victim of an email hack like this. But, as always, the best cure is prevention.  If your password is too simple, then take action now before someone figures it out!

Did you find this information useful?
Please consider donating.