Why You Need To Delete Your Old Accounts

ttt-logoMost people let old accounts languish. But abandoned accounts are filled with information that can be used to send spam, spread malvertising, and commit cybercrimes.

For example, I frequently get email messages from people I know, but haven’t talked to in a while. Invariably the email subject is blank or says nothing but, “Re:”. Sometimes the email includes a suspicious attachment. And I sigh and delete the message, because I know these unused accounts have been hijacked from their unsuspecting owners and are now controlled by hackers.

But hijacked accounts go beyond mere annoyance. They are often used to hack other, juicier targets, making it more difficult for such electronic attacks to be traced back to the perpetrator. They can also be used in online financial scams, such as the “I’m stuck overseas and need you to wire me money” scam. Such scams appear far more realistic when they come from a seemingly-legitimate source like a friend’s email address rather than some random account, and many people fall for the trick.

Hijacked accounts can also be used to hijack other accounts like Facebook, Twitter, or even your bank account, if it’s been linked to them. It’s like a stepping stone to the rest of your stuff.

For these reasons, you should always delete old accounts if you are no longer using them. If you’re concerned that someone will take your old username, I recommend maintaining your old accounts by logging into them every few months and using strong passwords that have not been used on any other site.

You will need your username and password for the account you wish to delete. If you don’t have it, you typically need to follow the site’s procedures to recover a forgotten password before you can continue the deletion or deactivation process. Don’t forget to remove the deleted address from other accounts if it’s been linked to them, such as an old email address linked to your Facebook account.

You should note, however, that just because a site claims your account has been deleted, it may not necessarily have been. Many sites retain old accounts in case you want to reactivate them later. Also, your data may not be deleted even if you request it. Over the years any information you’ve stored online has doubtless been copied to untold backups and mirror servers. In reality, once your data is on the Internet, it’s out there forever. But at least by deactivating or deleting your accounts, you can help keep them (and the data they contain) from being used for nefarious purposes.

Here’s how to delete or deactivate your accounts on a variety of popular sites, old and new.

 

Cyber Attacks Spell Trouble For Consumers

padlock-phoneDo you know what to do if your account is swept up in a cyber attack? In the last year many popular sites, including LinkedIn, Twitter, and Evernote, have been attacked and consumer information stolen. What can you do to protect yourself?

As I said in my tech column in this month’s The Northwest Herald:

Cybercriminals attack big companies for the big prize: user account information. With email addresses and passwords in hand, they go on an account-cracking spree across the Internet, hoping that some of the users in their massive heist are using the same weak passwords on multiple sites. Itʼs likely some of your accounts have already been swept up in data breaches like this.

There are a number of things you can do to reduce the possibility of being hacked. Here are my recommendations plus related Tech Tips articles to help you with each step.

If your account has been hacked, you need to reset it. Here is information on account security and resetting hijacked accounts for some of the major sites:

And here is information on the recent breaches I mentioned:

For the latest news on data breaches (something a little more reliable than mass media articles), try these IT security sites.

Do you have questions about cyber attacks and hijacked accounts? Ask in the comments!

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

How To Create Secure Passwords (Revised Edition)

Computer SecurityMany people say to me, “I don’t need a secure password. I don’t have anything sensitive on my computer, so I don’t care if a hacker gets in.” You, my friends, are a hacker’s dream. Because it’s not necessarily your personal information they want, although they’ll happily steal your credit card info if they can. No, what they really want is control of your computer, your email address, your Facebook page… anything and everything that will let them do their dirty work from behind a smokescreen.

I originally posted this on Tech Tips in 2010, based on many years of teaching tech support clients about password safety. But some of the old rules no longer apply, so this is my newly revised edition. If you think you can still get away with slapping an exclamation mark on the end of a word, you need to read this revised advice.

Strong passwords must be:

Not in use on any other system
This is perhaps the biggest no-no in the password rulebook. When hackers nab passwords, they try the same account/password combinations on popular sites like Google, Facebook, Twitter. If you’re using the same password you just let them in. Do not ever, ever, ever use the same password anywhere. Before you despair, keep reading. There are tools to make it easier.

Changed regularly
Yes, you have to change your passwords. And yes, they still have to be different everywhere. Use a secure password management tool if you find it unmanageable (see below).

12 characters or longer
Think passphrase rather than password. We used to say 6-12 characters was enough, but we’ve found that the longer and more complex a password is, the less likely it can be cracked.

A mix of upper- and lowercase letters, numbers, and symbols
Some systems won’t allow you to use a range of characters in your password, in which case I suggest you reconsider using that site. Do you really trust someone who isn’t going to allow you to secure your account properly? Makes you wonder how secure everything else on the site is.

Not common words or proper nouns found in a dictionary
An analysis of the recent LinkedIn breach found that many people were using ridiculously simple passwords like “password” and “123456.” If your passwords sound like these, change them now.

Not the names of your spouse, kids, pets, or other personally identifying information
Presidential candidate Mitt Romney’s online accounts were hacked via the very simple expedient of answering security questions with information that had been made publicly available. Same thing happened to Sarah Palin. Don’t create passwords out of information that can be gleaned about you, and don’t share information that can be used to guess security questions.

Examples of good and bad passwords

Good passwords (but don’t use these!)

AP@ssw0rdIJustMADE!UP!4U
Here’sAnOtHeR1FOR$You

Bad passwords

password
password1
password!
123456
<blank>
mypassword
spouse’s name
pet’s name

Password Don’ts…

  • Don’t rotate between the same two or three passwords. It’s just as bad as using the same password everywhere.
  • Don’t send passwords via email, Facebook, Twitter. Use other means like text message or fax, which goes directly to the recipient. Or, even better, a phone call.
  • Don’t stick passwords on Post-It notes. Whether it’s under the keyboard or on a bulletin board, it’s exposed. Be like Gandalf: Keep it secret, keep it safe.
  • Don’t share passwords and accounts. This is especially prevalent in small businesses. Don’t create one account then share the password; create multiple accounts for each person who needs access. More time consuming? Sure. More secure? You bet.

Tools to manage your secure passwords

Feeling overwhelmed? Don’t worry, there are plenty of password management tools available. With a password management tool all you have to remember is one master password and the software takes care of the rest. I recommend KeePass, 1Password or LastPass. Even better, you can use the same password management tool on your computer and on your mobile devices.

Why not take this opportunity to change your passwords? It’s the best thing you can do to protect yourself against identity theft and cybercrime.

[Originally posted in 2010 as How To Create Secure Passwords. This version has been updated with the latest advice on secure passwords.]

Donation Scams Another Tool In Hacker Arsenal

When disasters strike, we want to help. But before you click to donate to charity, ask yourself – is it a scam?

Hackers use natural disasters like hurricanes, floods, and earthquakes to scam unsuspecting donors. In The Northwest Herald I talk about donation scams:

What’s behind these fake links? Many of them lead to phony lookalike sites that steal your donation and compromise your credit card number. Others silently install malware on your computer or steal your passwords for Facebook and email. Sometimes they do all of these things, a veritable smorgasbord of hacker delight.

As I said in the article, you should never click on links but instead type the address of the charity into your browser. The Red Cross, for example, is www.redcross.org.

A real charity will never ask for your password, your Social Security number, or other personal information. Most charities also don’t solicit via email unless you’ve specifically signed up for their list.

How can you tell if a charity is legit? Here are some places to start.

If you’ve already been scammed, here are resources that can help:

Do you have questions about donation scams? Ask in the comments! You can also subscribe free to Tech Tips by email for more computer news, security tips and social media advice.

 

Five Ways To Make Sure No One EVER Subscribes To Your Email Newsletter

No one’s signing up for your email newsletter? Maybe you’re not doing it right. Here are the top five ways for you to beat customers over the head with your marketing message.

5. Give them a hard sell.
There’s nothing like receiving an email that screams, “BUY MY PRODUCT!” Forget about drawing them in with valuable content they will find useful and want to share.

4. Use bright colors and funky fonts
The brighter, the better. If Curiosity can’t see it from Mars, it’s not worth sending.

3. Spam your newsletter to every single person in your professional organization. (chamber of commerce, networking group, book club)
After all, you joined these groups to network, right? So that gives you permission to bombard them with your nifty newsletter about widgets. Never mind that most of them aren’t in the market for widgets. Those who are will surely love your unsolicited spam, and those who aren’t couldn’t possibly offer you anything useful, like qualified referrals.

2. Spam your newsletter to every single person… again.
They didn’t sign up the first time. Maybe they didn’t get the newsletter and would like another one? This one’s different… it says BUY MY PRODUCT NOW instead of BUY MY PRODUCT. Also, the colors are even brighter!

And the number one way to guarantee people will despise your email newsletter:

1. Subscribe people instead of inviting them.
Because everyone loves getting inundated with junk they didn’t ask for, particularly when it’s blatantly obvious you’re doing exactly what your professional organization told you not to do: mass-subscribing everyone from the Excel spreadsheet they provided.  Inviting people and asking them to verify their subscription by replying to a confirmation email – waste of time! Yours, anyway.

This post is dedicated to the most recent company to add me to their list without my permission. They managed to make every single one of these mistakes, and they will never get an ounce of business from me.

If you don’t want potential customers to react the same way, have some respect for them and their inboxes. Email marketing is an exceptional way to build your business, but it can also be an exceptional way to stifle it.

Don’t Use Facebook As Your Personal Planner

Those Facebook games that have you put in your mother’s maiden name or your grandfather’s birthday? They’re siphoning your info. It’s like waving a lollypop in front of a kid while you steal stuff out of their pockets. “Play our cool game! Oh, and thanks for all the personal details, sucker.”

Personally identifying information, or PII, is the data that identifies YOU as YOU. Birthday’s aren’t just birthdays anymore, they’re the keys that can unlock your bank accounts. So are maiden names, place of birth, the schools you went to, the people you’ve known.

Games People Play
Think about the security questions you’re asked to fill out on many web sites. If you’re answering the questions honestly (and there is something to be said for security through lying), the answers can be gleaned from your FB page.

Some of these “games” come in app form, while others are simply text-based chain letters: “Hey everybody, let’s play place of birth – post where you were born!” Consider the things you might share on Facebook: birthdays, calendar, contacts, vacation plans, photo album. That last one freaks me out the most. I do NOT use Facebook as a family photo album and I highly recommend that you don’t either, especially if you have kids. There are too many creeps out there.

Real-World Consequences
If you don’t believe this is a major problem, try these examples on for size:

Hackers Invade Accounts By Guessing Security Questions
This hack of Mitt Romney’s Hotmail email and Dropbox accounts is a great example of how answers to security questions can be gleaned. Amusement value: one of the questions was “pet’s name” which thanks to the infamous “car rooftop” incident is known to one and all as Seamus. Oops!

Similarly, Sarah Palin’s Yahoo! account got hacked during her campaign through correctly answering the security questions based on publicly available info.

Thieves Use Facebook To Rob Vacationers’ Homes
People posting their vacation plans to Facebook should do so after the fact. There are many instances of crooks using Facebook to scout vacant homes for theft. You can read about a few of them here and here.

If you think your Facebook friends would never do this to you, bear in mind that criminals create fake Facebook profiles that can be quite convincing. You might have a few ringers in your own friends list as we speak.

Facebook Doesn’t Delete Your Data
Even if you remove your information, there’s no guarantee it’s actually deleted. Facebook has long been criticized for not deleting data such as photos upon user request. Once you’ve posted something to Facebook, you can assume it’s there permanently.

Not only should you be concerned about what you are posting, but also what your friends are posting. If your friends add your birthday or other personal details without permission, ask them to remove it. While you’re at it, you could point them to this article and explain the dangers of too much online sharing.

An Uncontrolled Experiment
The truth is that these companies have not proven that they can be trusted with our data. There’s no history for this, no fossil record of what happens when we entrust our lives to the Internet. We are collectively engaging in a new human experience and we have no idea how it’s going to shake out.

So my advice is caution. Don’t use Facebook as a personal planner. That’s not what it’s for and you are endangering yourself and your friends by using it that way. Facebook is for sharing things with people, and the company has no intention of keeping anything you put on there private. There are other online tools for that purpose, although I also have concerns about those too, considering recent incidents like the Apple/Amazon customer service hack… but I digress.

The good news is that you can take advantage of Facebook’s viral nature to spread the things you want known far and wide: your business, charities you believe in, causes you think are just… and of course LOLcats and, in my case, Doctor Who jokes. But don’t put anything on there that you wouldn’t want made public, or you may live to regret it.

How To Delete Your Old Email Accounts

Did you know your old email account may be spewing spam and malware? In today’s The Northwest Herald I talk about the importance of deleting old accounts:

It happens all the time. You move to a new email address but leave the old one intact; you set up a Yahoo! or Gmail account but never get around to using it. We assume these accounts wait patiently for us. On the contrary, they cower, helpless, waiting for the first hacker who can figure out the passwords.

Unfortunately many people use weak passwords, especially for throwaway accounts. We’ve seen examples of this with a rash of recent security breaches at Yahoo!, LinkedIn, and eHarmony, among others.

These breaches reveal that many people use simple, plain-text phrases like “linkedin”, “mypassword”, and “123456”. People also use the same two or three passwords in rotation. What are the chances some old account of yours uses a password you’ve reused elsewhere?

Here are the additional resources I mentioned in the article. You might find these related Tech Tips articles helpful:

Here are links from some of the more common email providers about how to delete accounts. Note that these links may change without notice, and that account deletion policies vary by provider. Consult the individual site for more information. I’m providing the exact URLs so you can see where you’re going.

And, some social media ones:

Image: FreeDigitalPhotos.net

How To Recognize An Email Scam

Email scams are inundating our inboxes. From fake Facebook links to phony software programs, cybercriminals use email as the bait for their hooks. And many people fall for it.

Rule #1: Never click on email links. You should always go to your Web browser and type the site name directly. Links are easily forged, and clicking bad links allows viruses to bypass your security and silently install themselves on your computer. Remember our motto: Think Before You Click.

We’re going to dissect three of the most common email scams: fake social-media messages, phony antivirus warnings, and counterfeit account statements. But first, let’s talk about how these scams work. All of them bear similarities: use of real logos, colors, and addresses; realistic-sounding language; and links that look like they lead one place when they actually go somewhere else.

Don’t rely on poor grammar or punctuation to tell a scam from the real deal. Some scams may be amateur efforts, but others are so convincing that it’s almost impossible to detect them. It’s best to err on the side of caution and never click links in any email messages.

(Click the screenshots below to enlarge them and see how these email scams try to trick you.)

The Facebook Fake-Out
What It Is: False messages from popular social media sites like Facebook, LinkedIn, and Twitter are a popular way to harvest passwords and sneak viruses onto your computer. People are used to getting email from these sites, so they will click without a second thought. As a result, social media has become the top method of computer virus infection.

How To Avoid It: Never click on links in email. Go directly to Facebook, LinkedIn, Twitter, and other social media sites by typing the site addresses into your Web browser. Don’t try to reset your password via instructions or links in email – and shame on LinkedIn for encouraging people to do exactly that in their recent password breach. See, even real companies get security wrong sometimes, so don’t listen to bad advice no matter who it’s from.

The Phony Antivirus Program
What It Is: Rogue antivirus is fake software that tricks you into installing it, usually by displaying phony infection warnings or upgrade notices. I’ve discussed rogue antivirus before; you can read about it here and here. Once a rogue antivirus program commandeers your computer it will disable legitimate antivirus, regenerate itself if deleted, and even hold your data for ransom.

How To Avoid It: Don’t install software on your computer unless you know where it’s from. When in doubt buy a packaged program from a store. Go directly to security software makers’ sites to buy and download software rather than relying on links in email.

The False Billing Statement
What It Is: Counterfeit billing statements attempt to harvest your password and account credentials. This information can be used to gain access to other accounts including your bank accounts and credit cards.

How To Avoid It: If you receive electronic statements, don’t click links in them. Visit the site directly to enter your account information. Never believe a password reset email or instructions to “verify” your account.

These are not the only scams in town. Fake package delivery notices, marketing surveys, and other scams abound on the Internet. It’s up to you to learn how to recognize and avoid them, but hopefully this has given you a head start.

How NOT To Subscribe People To Your Email Marketing List

Although social media is rampant, email lists are still a core of online marketing. But there are some ground rules that people still don’t seem to understand.

First, let it be known that there is a proper way to add people to your e-newsletter.

Invite, Don’t Subscribe!

Do not ever subscribe someone without their permission. This is the number-one way to lose subscribers, even customers. It’s tacky, it’s unprofessional, and it’s against spam laws. Which is better, a list full of people who unsubscribe angrily, or a list full of people who are excited to hear what you have to say?

How do you invite instead of subscribing? Set up your mailing list software so that people must reply to a confirmation email in order to be added to the list. Subscribing is therefore in their hands; if they reply they are subscribed, if they don’t they’re not. Believe me, you will get far more subscribers this way than if you automatically add everybody in sight.

Here are some other email marketing pitfalls to avoid:

Not using mailing list software
If you are maintaining your email list with an Excel file or an Outlook address book, stop right now. There are far better methods that will take away the onus of manually managing subscribes and unsubscribes. Constant Contact is one of the most common ways to do this.

Pestering people to join
I ask folks all the time if they want to subscribe to my email list – but I also take no for an answer. If someone chooses not to subscribe I encourage them in more subtle ways, perhaps by forwarding a link to a post I think might interest them.

Marketing aggressively
If your e-newsletter is nothing but “buy buy buy” no one will want to read it. Be a valuable source of information and keep the selling to a minimum. By providing timely information on a particular topic, people will know what you do and seek you out when they need your help.

Drowning them with your wit
Yes, I realize your last newsletter made an incredibly clever quip about Elvis, but don’t send it out twelve million times. Set expectations with your readers as to how often you’ll post and what kind of content they’ll receive. You can repeat content occasionally, but don’t drown them in it.

Hiding the unsubscribe option
This is also against spam laws. Give people a convenient way to opt out. Losing subscribers is inevitable, and you have to accomodate that. Of course you want your subscribe buttons to take top billing!

Throwing your business card at someone in passing, without saying a word
Happened to me at a networking mixer. Seriously.

Is there a future in e-newsletters, given the rise of social media? I think there is, for the time being. People receive information from many sources, so you should spread your content as far as you can. Facebook, Twitter, and your e-newsletter can all work together to bring you traffic from a variety of sources.

Naturally, after an article like this I simply must ask if you’re interested in subscribing to Tech Tips by email. Plus, don’t forget to follow me on Twitter @trionaguidry for breaking computer news and other geeky stuff.

How do you encourage email list subscribers? Share in the comments!

 

How To Ditch Your Computer For An iPad

Word on the street is that traditional computing is dead and the tablet is king. While you still need a computer for heavy-duty tasks, much of your everyday work can be done on an iPad.

First, some pre-planning. What do you use your computer for, and of those things, what do you want to do on the iPad? For most people the answer usually includes, at minimum, email, surfing the Web, and word processing.

You may also be interested in using social media like Facebook and Twitter from your iPad. If so, I’ve got a brand-new seminar coming in April called Social Media Marketing On The Go! that might interest you.

As an example, let’s say you want to use your iPad to access email, LinkedIn, and Facebook. You also want word processing plus a way to display business presentations on a projector and screen.

Email
Email’s a snap thanks to the iPad’s built-in Mail app. However, accessing your mail and moving your mail are two very different things. The first is easy. The second is difficult to impossible depending on how you read your mail now.

This could be a whole discussion in and of itself, but here are the basics. There are two ways to read mail. Either you read it in your Web browser (called Web mail) or you have an email program like Outlook (called an email client). With Web mail your mail lives on a server, while email programs pull your mail to your local computer. So, your mail might live on the Internet or on your computer depending on how you read it.

If you’re using Web mail you’re all set. If you’re currently pulling your mail into a program on your computer, however, you will not have access to your archived mail. If you want to keep using your email program but also check mail from the iPad you need to tell the iPad to save all your mail on the server. When you check mail from the computer everything, including the mail you already saw on the iPad, will be delivered. (This may sound familiar, because it’s exactly how Outlook works if you have more than one computer.)

It’s really easy to mess up email and have some of it going one place and the rest going another. That’s why you need to plan your email strategy. If you’re not sure, or just want a quick email account to use on the iPad, you might want to sign up for a spare Gmail or Yahoo! account to keep things separate.

Social Media
LinkedIn and Facebook have apps for the iPad, but there are tons of other options too. The nice thing about using an iPad for social media is the convenience. Have a quick update? You can just type it and send in a matter of seconds. You can also use social media dashboards to consolidate your efforts.

I’ll be talking about this more in April in conjunction with my new seminar, Social Media Marketing On The Go!

Word Processing
This is a little trickier, because the iPad doesn’t save files the way you’re used to. If all you want to do is move documents between the iPad and your computer, the easiest way is to do so via iTunes. But the process is a little counterintuitive in the same way Mountain Dew is a little caffienated.

(An aside to Apple: Seriously? You develop an incredibly easy-to-use interface (iOS) but you can’t figure out a better way to manipulate files than clunky import/export? *facepalm*)

Here’s how the process works, using Apple’s Pages word processor as the example.

  1. You create a file on the iPad, or open a file you’ve created previously.
  2. You work on the file.
  3. You export the file to iTunes in whatever format you want (usually Pages’ native format or Word, since PDFs aren’t editable). This is the important step and the one that’s not intuitive.
  4. You go into iTunes on your computer, select the iPad, then Apps, then the app that you created the file in, and click Save As to save it on your computer.

Conversely, to get a file from your computer onto the iPad:

  1. In iTunes, go to the iPad, then Apps, then the app the file is in.
  2. Add the file, then sync the iPad.
  3. In the Pages app on the iPad, go to Documents, then hit the + to add a document. Tell it to get the document from iTunes and the one you want should be there. Again, this is the tricky step.

Not only is this process clunky, but you’ll get warnings that the file on the iPad is newer than the one in iTunes, or vice versa. And it only works with supported apps like Pages.

Presentations
The most difficult part here is not the presentation software, but hooking the iPad to a projector. You have to have the right adapter. Apple carries all sorts, the one you probably want for a standard PC projector is the VGA one but it will depend on the projector.

For your presentation app you probably want Apple’s Keynote. It’s like the Ferrari in the parking lot that makes all the Volvos look pathetic. At $20 it’s pricey but so sweet you may never want to look at PowerPoint again.

At this point you should have a nicely configured iPad that does most of what you want. As you use it, you’ll discover there are other things you just can’t live without. Fortunately, as they say, there are apps for that. If you subscribe to Tech Tips by email you’ll receive my bonus product reviews including some of the iPad apps I recommend.

Have you ditched your computer for an iPad? Share your experiences in the comments!