Many of you may be familiar with my motto that “things aren’t as bad as you think – they are far worse” at least in regard to scams and identity theft, but I am happy to report to you today that through a joint effort of law enforcement agencies in Romania, India, China and the United States criminal charges were recently brought against two Arkansas men, Mark Anthony Townsend and Joshua Alan Tabor for allegedly operating a black market website www.needapassword.com on which they would illegally obtain email passwords and sell them to hackers. According to the FBI, Townsend’s and Tabor’s efforts resulted in the hacking of approximately 6,000 email accounts. In addition to the arrests in the United States of Townsend and Tabor as well as three of their customers in California, Michigan and New York, arrests were also made in Romania, India and China of other people allegedly operating similar criminal enterprises including the arrest in China of Ying Liu for running the black market website www.hacktohire.net. Perhaps the most positive takeaway from these arrests is the extensive cooperation between these countries, particularly China, which has not been particularly helpful in the past in taking actions against hackers attacking people outside of China.
Hacking into a person’s email is far from innocuous. Often people will have great amounts of personal information that can be mined for identity theft purposes. In addition, access to a person’s email account also provides their list of email contacts which can be further exploited to make the people on the contact lists victims of identity theft through a technique called spear phishing whereby an email would appear to come from a trusted friend’s email address when, in fact, the email is coming from an identity thief who may have a link or a download containing malware in the email that the person receiving the email trusts and clicks on the link or downloads the attachment to their detriment because it often may contain keystroke logging malware that enables the identity thief to steal all of your personal information from your computer. The two things that you can do to protect yourself are to first, use a strong password that is difficult to break and also a security question, the answer to which is not readily determined by a search of information on the Internet. Sarah Palin’s email was hacked when the hacker was able to change her password by answering her security question as to where she met her husband. The hacker obtained the answer by merely going to Wikipedia. Even if you are not famous, you still may have a security question with in answer that hacker could find, such as the name of your pet or your mother’s maiden name. Instead, I suggest you use a nonsensical answer to your security question, such as the name of your favorite vegetable and make the answer “seven.” For information as to how to set up a good password, check out my book “50 Ways to Protect Your Identity in a Digital Age.” On the right hand side of this page is a link to Amazon. A goods password is long and mixes letters and symbols. The second thing you should do is never download attachments in emails or click on links until you have confirmed that they are legitimate. Merely because the email containing the link or attachment appears to come from a trusted source does not mean that the link or attachment can be trusted.