A client recently wrote that in the last two days, she had received two emails, apparently sent from friends, both of which were scams. She was concerned that her system might have been compromised, or even that she was somehow responsible for the breach, given the proximity of the two emails.
I reassured her that the odds were good that she had had nothing to do with this occurrence. In fact, the same thing had happened to me. Both my husband and my brother’s email accounts had been hacked within days of each other and I had received a bogus email from each account. (One was a Yahoo account, the other a little-used hotmail account.)
If you receive an unexpected email from someone you know (or don’t know) with a strange subject line or nothing but a mysterious link in the body, don’t open it. If you do, it never hurts to run a virus scan. (You do have high-quality anti-virus installed and up to date on your machine, right? I can’t tell you how many infected machines I have with perfectly good anti-virus programs that are expired so they’re not doing their job!)
You may also wish to contact your friend (preferably not sending to the same email address, since the hacker may still have access to it) and advise her/him to change her/his password. Here’s some excellent advise about how to choose a password that is easy to remember but hard for a computer to crack:
If you don’t feel like watching the video, I’ll boil it down for you. Use a combination of letters and numbers, other than the number 1. At least one upper case letter is even better, and please, do not use “12345” or “password” or your user name as these are the first things hacking programs check. As Steven Gibson says in the video, length matters more than complexity.
Beyond those guidelines, it doesn’t have to be messy. “Th1sISmyp4ssword” is just as hard for a machine to crack as “f93sk39v2wq4fh91”. Which would you rather use?
P.S. For your own security please don’t use my example! Pick your own and keep it a secret.