Yep, my e-mail got hacked. I should have known better but the e-mail originally came from someone I regularly do business with and I didn’t doubt the message. I should have, they had been hacked. I’m pretty carefully about e-mail and web security, and as a company we are continuously vigilant and I still fell for this e-mail ruse. I’ll pass on the tips I’ve learned about avoiding an attack so that hopefully you won’t get hit. This is by no means an exhaustive list that will prevent an attack but it should help you be more aware.
Most of our web and e-mail tech stuff we do in house, but since our website has been attacked numerous times we hired a security expert, Heath, who helps us get extra protection for our website and even alarms e-mailed to us if it appears that an attack is underway. As Heath says, “there are two kinds of websites, those that have been hacked and those that don’t know they’ve been hacked.”
You can check your website’s google analytics to see where your traffic is coming from or a super quick and easy way is to go to Alexa.com and type in your web address. Scroll down to the section that says “Audience Geography.” That shows you where your website visitors are located. Most likely your traffic is 95% or more from the U.S., unless you have an international presence. If 10-20% or more of your traffic is from a foreign country, especially India, Ukraine, Poland or China, you’ve probably been hacked. Of course that doesn’t rule out being hacked from within the U.S.
Your web hosting company or website designer can probably help you set up anti-hacking controls, or hire outside help if you are really worried about it.
Our web traffic is high enough that we are consistently ranked in the top 100,000 websites in the U.S. A hacker will get into a high traffic website and attach a page selling his product or redirecting your visitors. Your website doesn’t even have to have a lot of traffic. The hackers will highjack what traffic you do have and send it to their pages. We found a page selling Viagra on our website and it could have been much worse than that.
If you have proprietary, confidential information on your website you probably don’t need me to tell you that you need extra protections. Jonathan Nguyen-Duy, Director or Global Security Services at Verizon Enterprise Solutions, told a story at a recent panel discussion during the Annapolis Film Festival, of a shipping company that was pirated three times in one month. The company couldn’t figure out how the bandits could get in and out in under 30 minutes, targeting only the most expensive products. Turned out that their website, with all their accounting, bills of lading and shipping schedules had been hacked giving the bandits exactly the information they needed for a fast and profitable robbery.
Hijacking Your Computer
We’ve all heard about ransomware that will come in and block access to your website, or take over your computer so that you can’t do anything unless you pay them money. MedStar Health was recently attacked and it took them days to get their system back. Put safeguards on your website and along with a current virus scanner, our guy Heath recommends running Malwarebytes.org. Be cautious and don’t click on anything that looks strange.
Attacking your e-mail
Don’t click on links that look suspicious, don’t open e-mails that look strange. Set your spam filter on high. Don’t give out information in an e-mail like your credit card number, driver’s license or social security number. Hackers have gotten really good at replicating bank e-mails. If something looks suspicious call your bank. When my e-mail was hacked I got a notice from g-mail (we use google for business as an ESP) letting me know that someone tried to change my settings from a browser that I don’t normally use.
What to do if your e-mail is hacked
Despite knowing all this I still clicked on the link because the e-mail came from someone I do business with on a regular basis. It only took a few minutes to realize that I had been hacked. Immediately I changed my e-mail password and then I actually shut down that e-mail so it couldn’t send. I notified everyone in my office that I had been hacked and I sent out an e-mail to everyone who might have been forwarded the e-mail containing the hack. I ran a Malwarebytes update on my computer. And when I received two text messages from my bank that looked suspicious, I called the bank rather than click on the link. There wasn’t a problem with my account, it was the hackers trying to access funds in my bank account.
It’s a shame that we have to spend so much time and energy to keep our electronic selves safe. Unfortunately there are people who use their technical skills to cause mischief or steal from others and they are faster at coming up with new scams than programmers can prevent them. Let me know if you have any other tips.