By now, I have been using the Internet for almost 8 years and considered myself pretty smart from a security point of view. Because I never clicked on links I received in emails, I considered myself safe from password thefts, until a few weeks ago.
I started receiving emails from a domain named GoDaddy.com
At first I thought it was some kind of a porn website, as the name implied, and ignored the emails by deleting them.One day while I was having a look at my online credit card statement, I noticed a transaction of 20 USD which had been debited from my credit card by a certain company named GoDaddy.com
That set the alarm bells ringing in my head. I quickly opened my browser and visited GoDaddy.com. GoDaddy happens to be one of the biggest domain name providers of US. I had never even heard of GoDaddy.com let alone doing a 20 USD transaction. Now I knew why I was receiving those unexpected emails from GoDaddy.com. I noticed from my credit card statement that the transaction had been done through PayPal. PayPal is a leading web based, online payment solution company which allows you to make payments to any one in the world using your email account.
The credit card which had been used was listed as the primary source of funds in my PayPal account. So I concluded that it was my PayPal account's password that was stolen. I logged into my PayPal account and as expected I found the 20 USD transaction listed in the transaction history.
The next question which came to my mind was how did some one know what my password was?
Any way, I changed my PayPal password and considered myself safe once again. I called GoDaddy and asked them to cancel the transaction. The amount was refunded and the case closed. Well enough.
A few days later I opened my gmail account and wanted to create a filter in my gmail account. I noticed that there was a filter which was directing all email from the domain GoDaddy.com to an email address on the domain aol.com
This was another shocker for me. Who created this filter? Finally the reality dawned on me.
The person who stole my PayPal password, noticed that my email address was sjunaidn@gmail.com
He tried his luck and used my PayPal password with my gmail account. As expected, my gmail password was the same as my PayPal password. So he had no trouble logging into my gmail account and directing all emails from GoDaddy.com to his own email address.
That way I would never see any email from GoDaddy.com and would never know about any transactions funded by my credit card.
Luckily the guy who created the filter was not IT savy and created the filter inaccurately, much to my relief. As a result I did receive emails from GoDaddy.com but as mentioned in the beginning, I just ignored them. The bottom line was that because all my password of major email accounts and my financial accounts were the same, by just stealing one of them, the thief had access to all my private information and most important of all my financial information.
Once again I changed my Gmail account's password. But I was always worried that it can happen once again. I still have not discovered as to how did the thief steal my password. I have never clicked on any links I have received in emails. I never wrote down my password any where on paper or on a file. Who ever did it was nice enough to only whisk away 20 USD. He could have done a lot more damage if he had wanted, without even me knowing about, it until it would have been too late.
Lesson:
In today's world, we have multiple password to manage at different places. What is the way out? Keep all eggs in the same basked only to loose all of them at once?
Finally I decided to use a password manager. A password manager is a software which remembers your password and keeps them safe from theft by encrypting them. So you no longer need to have one password for all your accounts. You can have multiple auto-generated password which can be 32 characters long for each of your account. The password manager can remind you to change the password every n weeks, months or days. It can also generate strong 32 bit passwords, saving you the trouble of coming up with a password every time you want to change one. I found a very good one by just doing a google search. The entry in the top of the search result was what I decided to use.
The name of the software is Kee Pass. It is freely available and can be downloaded from its website.
http://keepass.info/
You can also put instruct the software to visit the login page and then press the auto-fill button to automatically type in the password for you. It virtually saves you from the hassle of remembering multiple passwords and entering them at different places.
Another good important piece of software I found was FireGPG. FireGPG allows you to encrypt even your web based emails and send it across. Once the recipient receives the email, he decrypts the email using FireGPG. So even if some one does open up your email account by stealing your password, all your emails will be encrypted and would make no sense to the thief.
FireGPG , as evident from its name, is only available for FireFox.
Hope I my experience would be of use.
Kind Regards
I started receiving emails from a domain named GoDaddy.com
At first I thought it was some kind of a porn website, as the name implied, and ignored the emails by deleting them.One day while I was having a look at my online credit card statement, I noticed a transaction of 20 USD which had been debited from my credit card by a certain company named GoDaddy.com
That set the alarm bells ringing in my head. I quickly opened my browser and visited GoDaddy.com. GoDaddy happens to be one of the biggest domain name providers of US. I had never even heard of GoDaddy.com let alone doing a 20 USD transaction. Now I knew why I was receiving those unexpected emails from GoDaddy.com. I noticed from my credit card statement that the transaction had been done through PayPal. PayPal is a leading web based, online payment solution company which allows you to make payments to any one in the world using your email account.
The credit card which had been used was listed as the primary source of funds in my PayPal account. So I concluded that it was my PayPal account's password that was stolen. I logged into my PayPal account and as expected I found the 20 USD transaction listed in the transaction history.
The next question which came to my mind was how did some one know what my password was?
Any way, I changed my PayPal password and considered myself safe once again. I called GoDaddy and asked them to cancel the transaction. The amount was refunded and the case closed. Well enough.
A few days later I opened my gmail account and wanted to create a filter in my gmail account. I noticed that there was a filter which was directing all email from the domain GoDaddy.com to an email address on the domain aol.com
This was another shocker for me. Who created this filter? Finally the reality dawned on me.
The person who stole my PayPal password, noticed that my email address was sjunaidn@gmail.com
He tried his luck and used my PayPal password with my gmail account. As expected, my gmail password was the same as my PayPal password. So he had no trouble logging into my gmail account and directing all emails from GoDaddy.com to his own email address.
That way I would never see any email from GoDaddy.com and would never know about any transactions funded by my credit card.
Luckily the guy who created the filter was not IT savy and created the filter inaccurately, much to my relief. As a result I did receive emails from GoDaddy.com but as mentioned in the beginning, I just ignored them. The bottom line was that because all my password of major email accounts and my financial accounts were the same, by just stealing one of them, the thief had access to all my private information and most important of all my financial information.
Once again I changed my Gmail account's password. But I was always worried that it can happen once again. I still have not discovered as to how did the thief steal my password. I have never clicked on any links I have received in emails. I never wrote down my password any where on paper or on a file. Who ever did it was nice enough to only whisk away 20 USD. He could have done a lot more damage if he had wanted, without even me knowing about, it until it would have been too late.
Lesson:
In today's world, we have multiple password to manage at different places. What is the way out? Keep all eggs in the same basked only to loose all of them at once?
Finally I decided to use a password manager. A password manager is a software which remembers your password and keeps them safe from theft by encrypting them. So you no longer need to have one password for all your accounts. You can have multiple auto-generated password which can be 32 characters long for each of your account. The password manager can remind you to change the password every n weeks, months or days. It can also generate strong 32 bit passwords, saving you the trouble of coming up with a password every time you want to change one. I found a very good one by just doing a google search. The entry in the top of the search result was what I decided to use.
The name of the software is Kee Pass. It is freely available and can be downloaded from its website.
http://keepass.info/
You can also put instruct the software to visit the login page and then press the auto-fill button to automatically type in the password for you. It virtually saves you from the hassle of remembering multiple passwords and entering them at different places.
Another good important piece of software I found was FireGPG. FireGPG allows you to encrypt even your web based emails and send it across. Once the recipient receives the email, he decrypts the email using FireGPG. So even if some one does open up your email account by stealing your password, all your emails will be encrypted and would make no sense to the thief.
FireGPG , as evident from its name, is only available for FireFox.
Hope I my experience would be of use.
Kind Regards
No comments:
Post a Comment