Is Your PC Spreading Malware?
I often receive emails from people who haven’t contacted me in years, with a subject line such as “check this out!” I open the email and contained within is simply a web link. When you get emails like this don’t click on the links – they usually contain malware that will infect your computer. If the person sending the malware is you, here are some steps you can take to fix the problem, and hopefully assure that it doesn’t happen again.
First, determine where the message came from. Messages sent from your email or your Facebook account should show in your Sent Items folder, so check there first. If you see messages that you didn’t send in your Sent folder, you know that someone accessed your account and sent the message to people from your address book. Change your password immediately, and if you use the same password on any other accounts, change every potentially compromised site to a unique password.
If you don’t see the spam message in among your sent items, it’s likely that the culprit “spoofed” the sender address to hide the actual sending account and make it look like the message originated from you. Unfortunately, there’s not much you can do to rectify someone impersonating you. Even if you manage to track down the IP address it was sent from and report it to the Internet Crime Complaint Center, they won’t be of much assistance.
It’s important to determine if the message was sent to everyone in your address book, even if your account wasn’t actually used to send the messages. If so, then your account has been compromised and you need to take steps to immediately secure your account. In some extreme cases, like if your friends are getting repeatedly spammed from your account even after changing your password, it’s time to close that email account entirely and start fresh with a new address.
There are a few ways your account can be compromised: password hacking, session hijack, phishing, guessing secondary questions, using your credentials on a site that was hacked, and malware already installed on your computer. Here are some things you can do to prevent it from happening in the future.
Choose a strong password. There’s a reason why most sites require more complicated passwords these days. “ABC123” is just not going to cut the mustard. Choose a robust password that contains at least 7 characters, including numbers, and upper and lower case letters. You should also change your password occasionally. Pick a schedule that works for you and stick to it.
If it’s too difficult to keep track of all your different passwords, use a password manager such as LastPass (https://lastpass.com/) to get yourself organized. It’s free and takes a few minutes to set up, but once you’re done, you never have to worry about multiple passwords again. It can create unique passwords for you if you like, and it will store all your login info so you need only remember your LastPass account info.
Be vigilant when logging in from strange locations. Un-check the “keep me logged in” box unless you’re logging in from your home computer. Make sure to log yourself completely out of your session when you’re done checking your email – don’t just close the browser window. Don’t surf other websites while your email session is active.
Beware of phishing scams. Don’t give your username or password to anyone, regardless of how official they seem to be. Never click on a link from an email and log in to a site from the destination. Always navigate directly to the website using your web browser before entering your account login info.
Beef up your security. Whenever possible, enable two-factor authentication and login notifications for your accounts so you’ll get an alert whenever your account is accessed from an unfamiliar location. Choose difficult-to-guess answers to your secondary questions. While these typically help you if you forget your password and need to verify your identity, challenging secondary authentication questions can also waylay a potential hacker.
Stay virus free, anywhere you login. If you’re not regularly scanning every machine you use to login to your email or social media for viruses and malware, you’re doing yourself – and your friends who are getting spammed by your account – a disservice. Windows users should download Microsoft Security Essentials for free (http://microsoft-security-essentials.todownload.com/) and let it scan your machine automatically. Mac users can install the free Sophos (www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx) application which scans in the background to keep you malware free.