I get a lot of junk in my mailbox everyday. Today the count was like 294. Most of them I know is junk from the subject line. The usual viagra, canadian pharmacy you have won the euro lottery, my south american inheritance.

Once in a while I will get the Bank of America ones telling me to update my details blah.

The ones that stump me are the ones that sneak into my inbox somehow and where I have a legit account. They will have the same colour as the real company. The logo will be perfect. The format will be exact as the ones you get in the mail. The link will even go to the fake site that looks like the real site.

I almost replied to one a few months ago. Something made me stop. I remembered vaguely reading the important information in the security section of the real site.

It went something like this

• We will never send you an email asking for your personal information
• We will never ask your for you log in information in an email
• We will always address you with your full name (registered name) and nothing else

Ah ha! this email said dear valued customer! can you reset your log in password as we have had some tech difficulties blah blah.

Don’t be fooled by the look and feel of these type of emails . By rule never give out personal information in email especially log in password or bank account details.

Online theft costs $1 trillion a year, the number of attacks is rising sharply and too many people do not know how to protect themselves say the experts.

• Set your passwords to real difficult
• Don’t have the same password across board
• Change your passwords frequently
• Have good security programs on the computer that you login to your bank account.

To change your password frequently and finding a difficult password is tedious. I use Roboform to generate random passwords for me in a second.

I know I have written about this topic many times before. A story I read today reminded me not to take this subject lightly.

I was just now reading a blogger’s post about ” How he fell for a phishing attack and the response or no response from Google.

Mark Gosh is a blogger and has a community in Orkut with a following of 25k. He fell for a phishing attack and his profile was taken over by the hackers. He also uses Gmail to store a lot of stuff. (Don’t ask me why people do this kind of silly stuff – really!) He had the same login password for both (Duh!)
He changed his log in password for both his accounts. But the hackers managed to play hell with his Orkut community. Here is why it was happening.
“The Orkut application stores cookies in such a way that if your cookie is ever recreated by someone else or transmitted to someone else, they can use that cookie to log in to Orkut as you. forever. No matter how you change your credentials, you have no recourse of regaining control. So if you ever get caught in a phishing scam that sends your password to someone else and they recreate your orkut_state cookie, they can login as you forever.”

He states that is spite of ringing,emailing Orkut help and Google he got no where. Looks like Google does not want to know about him. What do you do? I personally feel he got himself into this mess.

The most important rule of online activity is not to have a common login password. That way you can cut your losses if something like this happens. Have long difficult passwords and keep changing them often. This can be a tedious job if you do it manually.

I use Roboform to generate random passwords for me in a second.
But it is also sad that big companies do not care about you when you get into a kind of soup. In the past I have had some troubles with Google and no they did not want to know about me.

Continuing from my post yesterday, the hacking problem has been resolved by Hostagator. This is one of the reasons I love Hostgator. They are so quick to resolve problems.

There were two spamming scripts installed on the website server. Even after deleting all the files these spamming scripts could not be deleted. It was finally deleted by Hostgator after a few emails back and forth.

I have been recommending Roboform in couple of posts. There a free version and a Pro version. The Pro version has more functions and I purchased it couple of months. I did try the free version before I purchased.

image by Declan TM

I have changed the passwords of all my sites after this experience.  Just to be on the safe side. I will be paying special attention to online security from now on.  If this had not been detected and fixed the domain could have been de listed. Then it is a bit of a time & process to get it listed again. I would not want this to happen to a large site that produces income for me.