Stuff that occurs to me

All of my 'how to' posts are tagged here. The most popular posts are about blocking and private accounts on Twitter, also the science communication jobs list. None of the science or medical information I might post to this blog should be taken as medical advice (I'm not medically trained).

Think of this blog as a sort of nursery for my half-baked ideas hence 'stuff that occurs to me'.

Contact: @JoBrodie Email: jo DOT brodie AT gmail DOT com

Science in London: The 2018/19 scientific society talks in London blog post

Wednesday, 5 June 2013

Days since my email was last hacked: one

I woke up this morning with a Twitter DM from a pal (thank you Rhys) telling me that he'd received  a spam email from me. On checking the rest of my traffic 'routes' I discovered that one of my email accounts had sent out a bunch of spam links between 1.15 and 1.25am early this morning, while I was fast asleep in a comfy hotel bed. It had selected a random four or five people from my contact list and sent them spam.

There was no evidence of the spam messages in my Sent mailbox, but a suspicious number of auto-bounce-fail messages in my Inbox and Spam mailboxes. It took me a few hours to discover the extent of the problem, and to fix it, as I'm in a hotel with comically feeble wi-fi (I've rung reception four times in 24 hours to ask them to do something about it, and they always do). I also discovered that I'd manage to spam my own blog as I have the 'post by email' option set up, and that address is in my contacts too.

Although I have always said it's a matter of when and not if someone gets a nasty email shock, what surprised me was that I had actually taken the recommended precautions of a reasonably strong password and using the two-step process for login.

Also, I hadn't logged in since being at the hotel (I hardly ever log in to be honest as I have the 'remember me' setting on my laptop - perhaps that is a mistake), although I am on public wifi.

Eventually I managed to regain control of my email account (I changed the password, someone else reset it again locking me out, but I got it reset again, now seems sorted). I'm tempted to think it's more likely to have been hacking or a virus (possibly a keylogger although I hear there aren't that many for Macs) rather than phishing, but however it happened it was a bit annoying and stressful, and the rubbish wifi didn't help.

Until this point I'd had a clear run of no hacks etc since 1992 when I had my first email account. Sadface.

Observations
People's responses
Nearly everyone I know is excessively computer-literate and many sent brief messages alerting me to the problem. One or two not-quite-as-computer-savvy chums wondered if it was something I'd sent (big clue is that I hardly ever send a single-line email as I'm a bit e-chatty!) or not, and one said they'd look at it later, hopefully they got my message letting them know to avoid it.

Contacts list
For some time I've thought that a contacts list is a liability. Whoever got into my email managed to send messages to lots of people on it as well as people I don't think I've ever heard of. Possibly those I've not heard of were cced on a message that I was cced in on as well and the system has just collected everything that comes through its gates. Or possibly the hacker just added in some extra email addresses that have nothing to do with me.

The convenience of being able to type the first few letters of someone's email address and for the whole address to ping into place is obviously great, especially when the numbers of emails sent is an order of magnitude larger than the numbers of time I've been hacked.

I think there was something recently about a journalist (or employer of a bank or some other secrecy-conscious organisation) whose email account was hacked. For the journalist this might be a bit embarrassing but what happens if one of the handful of random contacts sent a spam message is someone who really doesn't want anyone knowing that they've contacted that journalist. Hopefully they'll have used a super-secret email address but... what if they didn't.

An advantage of a contacts list is lots of people to spam who will then kindly tell you that you've spammed them. At least I knew my account was compromised!

I wonder if businesses have 'resilience strategies' in place to prevent their contacts list from leaking, beyond simply BCCing people if they have to write to more than one of them.




No comments:

Post a Comment

Comment policy: I enthusiastically welcome corrections and I entertain polite disagreement ;) Because of the nature of this blog it attracts a LOT - 5 a day at the moment - of spam comments (I write about spam practices,misleading marketing and unevidenced quackery) and so I'm more likely to post a pasted version of your comment, removing any hyperlinks.

Comments written in ALL CAPS LOCK will be deleted and I won't publish any pro-homeopathy comments, that ship has sailed I'm afraid (it's nonsense).