Why You Need To Delete Your Old Accounts

ttt-logoMost people let old accounts languish. But abandoned accounts are filled with information that can be used to send spam, spread malvertising, and commit cybercrimes.

For example, I frequently get email messages from people I know, but haven’t talked to in a while. Invariably the email subject is blank or says nothing but, “Re:”. Sometimes the email includes a suspicious attachment. And I sigh and delete the message, because I know these unused accounts have been hijacked from their unsuspecting owners and are now controlled by hackers.

But hijacked accounts go beyond mere annoyance. They are often used to hack other, juicier targets, making it more difficult for such electronic attacks to be traced back to the perpetrator. They can also be used in online financial scams, such as the “I’m stuck overseas and need you to wire me money” scam. Such scams appear far more realistic when they come from a seemingly-legitimate source like a friend’s email address rather than some random account, and many people fall for the trick.

Hijacked accounts can also be used to hijack other accounts like Facebook, Twitter, or even your bank account, if it’s been linked to them. It’s like a stepping stone to the rest of your stuff.

For these reasons, you should always delete old accounts if you are no longer using them. If you’re concerned that someone will take your old username, I recommend maintaining your old accounts by logging into them every few months and using strong passwords that have not been used on any other site.

You will need your username and password for the account you wish to delete. If you don’t have it, you typically need to follow the site’s procedures to recover a forgotten password before you can continue the deletion or deactivation process. Don’t forget to remove the deleted address from other accounts if it’s been linked to them, such as an old email address linked to your Facebook account.

You should note, however, that just because a site claims your account has been deleted, it may not necessarily have been. Many sites retain old accounts in case you want to reactivate them later. Also, your data may not be deleted even if you request it. Over the years any information you’ve stored online has doubtless been copied to untold backups and mirror servers. In reality, once your data is on the Internet, it’s out there forever. But at least by deactivating or deleting your accounts, you can help keep them (and the data they contain) from being used for nefarious purposes.

Here’s how to delete or deactivate your accounts on a variety of popular sites, old and new.

 

How To Protect Your Privacy On Social Media Sites Like Facebook And Twitter

socialmediaWhen was the last time you checked the privacy settings on your social media accounts? Once? Twice? Never? If you don’t check periodically, you run the risk of having your account hijacked by hackers.

Related article: Strong passwords key to social media privacy by Triona Guidry (The Northwest Herald)

What do you mean by “social media”?

Sites primarily used as a means of mass communication: Facebook, Twitter, LinkedIn, Pinterest, Instagram, Tumblr… You could also think of them as virtual communities, each with different rules and tendencies.

Why should I bother securing my social media accounts?

Because having your account hijacked stinks. At best, it’s inconvenient to reset your passwords and notify your friends. At worst, it results in data loss, identity theft, and financial ruin.

But aren’t these sites private?

Nope. They have privacy settings, most of which aren’t on by default. But anyone can sign up on these sites, and anyone can pretend to be anyone else on them. They’re designed to share information, not keep it private. Which is why the idea of people sharing their entire life stories and that of their kids gives me the screaming heebie-jeebies. Social media sites aren’t private photo albums and diaries. They’re publicly-accessible news sites (and data aggregators for advertisers).

Why do hackers want to hijack me?

In short: money. Cybercrime is a multi-billion dollar global industry. With economies tanking and people out of work, the idea of making tons of cash through Internet scams is hard to resist. Through commandeering your account, cybercriminals sell everything from Internet pharmaceuticals to fake antivirus programs to Twitter followers using your hijacked identity. It’s the go-to crime of the 21st Century.

Should everyone protect their social media accounts?

Yes. Absolutely. There’s no excuse not to.

How can I protect my social media accounts?

Use strong passwords that are unique on every site

Double-check your privacy settings

Report fake followers and inappropriate content

Verify links before sharing

Do you have questions about securing your social media account? Ask in the comments, and don’t forget to subscribe to Tech Tips by email and follow on Facebook. You can also follow @trionaguidry on Twitter.

 

A Parent’s Guide To Protecting Your Kids Online

kidsIt’s hard to protect kids online, because parents and educators often have a hard time finding resources that can help them understand the latest risks and recommendations. I’ve gathered a variety of information in one place so you can learn about antivirus, parental controls, and protecting your kids while using mobile devices and video games.

Kids’ computers are among the most vulnerable to security threats. That’s not to say your kids are doing anything wrong. On the contrary, they’re the victims. Not only do virus-writers like to booby-trap kids with malicious web sites, they also like to infiltrate legitimate ones. Kids are also at much at risk of identity theft as any Internet user. More so, because cyberbullying has become such a deadly and devastating menace.

These are resources every parent needs to know about how computer viruses and Internet threats work. If you have questions, please feel free to comment. You can also subscribe to Tech Tips by email and follow on Facebook. You can also follow @trionaguidry on Twitter.

Antivirus And Security

Mobile Devices

Video Games

Cyberbullying And Harassment

 

Cyber Attacks Spell Trouble For Consumers

padlock-phoneDo you know what to do if your account is swept up in a cyber attack? In the last year many popular sites, including LinkedIn, Twitter, and Evernote, have been attacked and consumer information stolen. What can you do to protect yourself?

As I said in my tech column in this month’s The Northwest Herald:

Cybercriminals attack big companies for the big prize: user account information. With email addresses and passwords in hand, they go on an account-cracking spree across the Internet, hoping that some of the users in their massive heist are using the same weak passwords on multiple sites. Itʼs likely some of your accounts have already been swept up in data breaches like this.

There are a number of things you can do to reduce the possibility of being hacked. Here are my recommendations plus related Tech Tips articles to help you with each step.

If your account has been hacked, you need to reset it. Here is information on account security and resetting hijacked accounts for some of the major sites:

And here is information on the recent breaches I mentioned:

For the latest news on data breaches (something a little more reliable than mass media articles), try these IT security sites.

Do you have questions about cyber attacks and hijacked accounts? Ask in the comments!

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

How To Create Secure Passwords (Revised Edition)

Computer SecurityMany people say to me, “I don’t need a secure password. I don’t have anything sensitive on my computer, so I don’t care if a hacker gets in.” You, my friends, are a hacker’s dream. Because it’s not necessarily your personal information they want, although they’ll happily steal your credit card info if they can. No, what they really want is control of your computer, your email address, your Facebook page… anything and everything that will let them do their dirty work from behind a smokescreen.

I originally posted this on Tech Tips in 2010, based on many years of teaching tech support clients about password safety. But some of the old rules no longer apply, so this is my newly revised edition. If you think you can still get away with slapping an exclamation mark on the end of a word, you need to read this revised advice.

Strong passwords must be:

Not in use on any other system
This is perhaps the biggest no-no in the password rulebook. When hackers nab passwords, they try the same account/password combinations on popular sites like Google, Facebook, Twitter. If you’re using the same password you just let them in. Do not ever, ever, ever use the same password anywhere. Before you despair, keep reading. There are tools to make it easier.

Changed regularly
Yes, you have to change your passwords. And yes, they still have to be different everywhere. Use a secure password management tool if you find it unmanageable (see below).

12 characters or longer
Think passphrase rather than password. We used to say 6-12 characters was enough, but we’ve found that the longer and more complex a password is, the less likely it can be cracked.

A mix of upper- and lowercase letters, numbers, and symbols
Some systems won’t allow you to use a range of characters in your password, in which case I suggest you reconsider using that site. Do you really trust someone who isn’t going to allow you to secure your account properly? Makes you wonder how secure everything else on the site is.

Not common words or proper nouns found in a dictionary
An analysis of the recent LinkedIn breach found that many people were using ridiculously simple passwords like “password” and “123456.” If your passwords sound like these, change them now.

Not the names of your spouse, kids, pets, or other personally identifying information
Presidential candidate Mitt Romney’s online accounts were hacked via the very simple expedient of answering security questions with information that had been made publicly available. Same thing happened to Sarah Palin. Don’t create passwords out of information that can be gleaned about you, and don’t share information that can be used to guess security questions.

Examples of good and bad passwords

Good passwords (but don’t use these!)

AP@ssw0rdIJustMADE!UP!4U
Here’sAnOtHeR1FOR$You

Bad passwords

password
password1
password!
123456
<blank>
mypassword
spouse’s name
pet’s name

Password Don’ts…

  • Don’t rotate between the same two or three passwords. It’s just as bad as using the same password everywhere.
  • Don’t send passwords via email, Facebook, Twitter. Use other means like text message or fax, which goes directly to the recipient. Or, even better, a phone call.
  • Don’t stick passwords on Post-It notes. Whether it’s under the keyboard or on a bulletin board, it’s exposed. Be like Gandalf: Keep it secret, keep it safe.
  • Don’t share passwords and accounts. This is especially prevalent in small businesses. Don’t create one account then share the password; create multiple accounts for each person who needs access. More time consuming? Sure. More secure? You bet.

Tools to manage your secure passwords

Feeling overwhelmed? Don’t worry, there are plenty of password management tools available. With a password management tool all you have to remember is one master password and the software takes care of the rest. I recommend KeePass, 1Password or LastPass. Even better, you can use the same password management tool on your computer and on your mobile devices.

Why not take this opportunity to change your passwords? It’s the best thing you can do to protect yourself against identity theft and cybercrime.

[Originally posted in 2010 as How To Create Secure Passwords. This version has been updated with the latest advice on secure passwords.]

Donation Scams Another Tool In Hacker Arsenal

When disasters strike, we want to help. But before you click to donate to charity, ask yourself – is it a scam?

Hackers use natural disasters like hurricanes, floods, and earthquakes to scam unsuspecting donors. In The Northwest Herald I talk about donation scams:

What’s behind these fake links? Many of them lead to phony lookalike sites that steal your donation and compromise your credit card number. Others silently install malware on your computer or steal your passwords for Facebook and email. Sometimes they do all of these things, a veritable smorgasbord of hacker delight.

As I said in the article, you should never click on links but instead type the address of the charity into your browser. The Red Cross, for example, is www.redcross.org.

A real charity will never ask for your password, your Social Security number, or other personal information. Most charities also don’t solicit via email unless you’ve specifically signed up for their list.

How can you tell if a charity is legit? Here are some places to start.

If you’ve already been scammed, here are resources that can help:

Do you have questions about donation scams? Ask in the comments! You can also subscribe free to Tech Tips by email for more computer news, security tips and social media advice.

 

Stop Integrating My Computer With Social Media!

Tech companies need to remember that consumers are people with brains and don’t need to be force-fed technology through the virtual equivalent of a baby spoon. Mountain Lion, Apple’s latest operating system for Mac (OS X 10.8), boasts improved Facebook integration. In my mind that’s not a feature, it’s a reason to stay away.

I DON’T want my operating system to be integrated with social media. The operating system is the brains of my computer. It doesn’t need to check into Facebook or Twitter. I may run apps on top of it that do need to check into Facebook or Twitter, but that’s my decision. I don’t want my system software making that decision for me.

I want my system software stupid. I don’t want it to know a damn thing about the Internet except how to connect to it. To put it in IT terms, I don’t want my OS thinking past the lowest layers of the OSI model. I certainly don’t want it making decisions at the presentation and application layers. Let it merrily chat away via TCP/IP without bothering to look inside those data packets, and let the programs I choose do that work.

I could say the same for my iDevices. I don’t want to use iCloud. I don’t want to use FourSquare. I don’t want to check in every five seconds. As I said in a previous rant er… post, I certainly don’t want all my data syncing to some unknown datacenter when all it needs to do is go two inches from device to computer.

There’s such a thing as too much integration. Everything doesn’t need to work seamlessly with everything else. If I wanted an operating system based on Facebook I would do all my work with Facebook apps. If I wanted to use cloud computing I would sign up for cloud computing. But if all I want is to work locally on my own computer, I should be able to do that too.

What I want is an operating system I can secure with third party tools (sayonara, Windows RT!), upon which I can run the programs of my choosing.

Of course, I could always run Mountain Lion and simply not give it my Facebook credentials, but that’s not the point. The point is that the capability of integration is there. The point is that if something happens – if I input my password in the wrong dialog box, if a virus presents me with a malicious login, if one of Apple’s preferences “accidentally” gets switched on – then suddenly I am sharing a whole lot of data with the world that really shouldn’t be shared.

As a computer expert, I know the best ways to avoid that. But most people don’t. The average person, right now, is streaming data to Facebook, Twitter, iCloud, and who knows what else, without even being aware of it. And that’s BEFORE the latest integrations between social media and our system software.

Stop sacrificing security for convenience, because it’s not the tech companies that pay the price, it’s the consumers. We’re the ones who get our bank accounts hacked, our email hijacked, our identities stolen, our lives ruined. That’s not exaggeration, that’s the result of a multi-billion-dollar cybercrime industry.

 Subscribe free to Tech Tips by email for computer news, security tips and more!

Don’t Use Facebook As Your Personal Planner

Those Facebook games that have you put in your mother’s maiden name or your grandfather’s birthday? They’re siphoning your info. It’s like waving a lollypop in front of a kid while you steal stuff out of their pockets. “Play our cool game! Oh, and thanks for all the personal details, sucker.”

Personally identifying information, or PII, is the data that identifies YOU as YOU. Birthday’s aren’t just birthdays anymore, they’re the keys that can unlock your bank accounts. So are maiden names, place of birth, the schools you went to, the people you’ve known.

Games People Play
Think about the security questions you’re asked to fill out on many web sites. If you’re answering the questions honestly (and there is something to be said for security through lying), the answers can be gleaned from your FB page.

Some of these “games” come in app form, while others are simply text-based chain letters: “Hey everybody, let’s play place of birth – post where you were born!” Consider the things you might share on Facebook: birthdays, calendar, contacts, vacation plans, photo album. That last one freaks me out the most. I do NOT use Facebook as a family photo album and I highly recommend that you don’t either, especially if you have kids. There are too many creeps out there.

Real-World Consequences
If you don’t believe this is a major problem, try these examples on for size:

Hackers Invade Accounts By Guessing Security Questions
This hack of Mitt Romney’s Hotmail email and Dropbox accounts is a great example of how answers to security questions can be gleaned. Amusement value: one of the questions was “pet’s name” which thanks to the infamous “car rooftop” incident is known to one and all as Seamus. Oops!

Similarly, Sarah Palin’s Yahoo! account got hacked during her campaign through correctly answering the security questions based on publicly available info.

Thieves Use Facebook To Rob Vacationers’ Homes
People posting their vacation plans to Facebook should do so after the fact. There are many instances of crooks using Facebook to scout vacant homes for theft. You can read about a few of them here and here.

If you think your Facebook friends would never do this to you, bear in mind that criminals create fake Facebook profiles that can be quite convincing. You might have a few ringers in your own friends list as we speak.

Facebook Doesn’t Delete Your Data
Even if you remove your information, there’s no guarantee it’s actually deleted. Facebook has long been criticized for not deleting data such as photos upon user request. Once you’ve posted something to Facebook, you can assume it’s there permanently.

Not only should you be concerned about what you are posting, but also what your friends are posting. If your friends add your birthday or other personal details without permission, ask them to remove it. While you’re at it, you could point them to this article and explain the dangers of too much online sharing.

An Uncontrolled Experiment
The truth is that these companies have not proven that they can be trusted with our data. There’s no history for this, no fossil record of what happens when we entrust our lives to the Internet. We are collectively engaging in a new human experience and we have no idea how it’s going to shake out.

So my advice is caution. Don’t use Facebook as a personal planner. That’s not what it’s for and you are endangering yourself and your friends by using it that way. Facebook is for sharing things with people, and the company has no intention of keeping anything you put on there private. There are other online tools for that purpose, although I also have concerns about those too, considering recent incidents like the Apple/Amazon customer service hack… but I digress.

The good news is that you can take advantage of Facebook’s viral nature to spread the things you want known far and wide: your business, charities you believe in, causes you think are just… and of course LOLcats and, in my case, Doctor Who jokes. But don’t put anything on there that you wouldn’t want made public, or you may live to regret it.

Ten Ways To Tell If Your Computer Is Infected With A Virus

Ever get that sinking feeling that something’s wrong with your computer? Here are ten ways to tell if your computer is infected with a virus.

Run a virus scan
A bit obvious, isn’t it? While you’re at it, make sure your antivirus program has been updated recently. If you haven’t bought a new version in a few years, now’s the time.

Run a second virus scan with a different program
Antivirus programs sometimes come up with different results. It’s a good idea to scan with a second program to pick up anything the first one left behind. However, you shouldn’t try to run two antivirus programs concurrently; they’ll conflict with each other. I like free programs Malwarebytes for PC and Sophos Antivirus for Mac.

Watch your computer’s behavior
Is it slower than usual, crashing, having a hard time redrawing the screen? These can all be signs that viruses are running in the background.

Monitor active programs
If a virus is running in the background, it may show up in the list of active programs. You can then click on it and End Task (Windows) or Force Quit (Mac). Bear in mind, though, most viruses will restart on reboot, and some will even regenerate on the spot no matter how many times you quit them.

  • Windows XP
    Ctrl-Alt-Delete, then click Task Manager
  • Windows Vista/7
    Ctrl-Shift-Esc
    or right-click the taskbar and click Start Task Manager
  • Mac OS X
    Option-Cmd-Escape (the Force Quit menu)
    or open a Terminal window and type ps -aef

Check your Web browser extensions
Browser extensions provide additional functionality on the Web. Some are terrific tools while others are sneaky little devils that serve you ads, slurp your data, and otherwise spy on you. Here’s how you can check your browser extensions.

Check your Sent folder
If your email is spewing spam, it may show up in your Sent Items folder. Viruses often commandeer email accounts to send spam.

Check your Facebook and Twitter
If there are all sorts of weird links on your Facebook wall that you didn’t post, your account may have been hijacked. And if that’s the case, it may have happened through a virus infection on your computer.

Start in Safe Mode
If your computer is so confused it won’t work properly, you can boot into Safe Mode which may allow you to diagnose the problem.

  • Windows XP, Vista, 7
    Hold down F8 at reboot (before the Windows logo)
  • Mac OS X
    Hold down Shift at reboot

Ask the Internet
Fortunately we don’t have to compute in a vacuum. If you think you’re infected with a particular virus, do a Web search on it. You’ll often find removal instructions and links to tools (just make sure those tools are legit and not themselves viruses in disguise).

Inspect your other computers
If one is infected, it’s likely the others are, too. You need to keep all your computers secure, even if they’re old or you don’t use them often.

Want more? Sign up for Tech Tips free by email and receive computer news straight to your inbox.

How To Delete Your Old Email Accounts

Did you know your old email account may be spewing spam and malware? In today’s The Northwest Herald I talk about the importance of deleting old accounts:

It happens all the time. You move to a new email address but leave the old one intact; you set up a Yahoo! or Gmail account but never get around to using it. We assume these accounts wait patiently for us. On the contrary, they cower, helpless, waiting for the first hacker who can figure out the passwords.

Unfortunately many people use weak passwords, especially for throwaway accounts. We’ve seen examples of this with a rash of recent security breaches at Yahoo!, LinkedIn, and eHarmony, among others.

These breaches reveal that many people use simple, plain-text phrases like “linkedin”, “mypassword”, and “123456”. People also use the same two or three passwords in rotation. What are the chances some old account of yours uses a password you’ve reused elsewhere?

Here are the additional resources I mentioned in the article. You might find these related Tech Tips articles helpful:

Here are links from some of the more common email providers about how to delete accounts. Note that these links may change without notice, and that account deletion policies vary by provider. Consult the individual site for more information. I’m providing the exact URLs so you can see where you’re going.

And, some social media ones:

Image: FreeDigitalPhotos.net