Other issues in this category (26)
A hacking attempt is reason to act
Tuesday, December 24, 2019
Passwords leak into criminals' hands every day. Despite that, many people are still careless enough to use the same password for all of their accounts. Why’s that dangerous? If your password is leaked from a site you do not frequent (perhaps, you only signed in once!), an attacker may gain access to your other accounts and, as a consequence, to more important information.
And even if your passwords haven't been compromised yet, loads of people use weak passwords. And just by entering 'password', a hacker may gain access to a target account.
As a rule, victims learn about leaks later, after an attacker has already changed their passwords and is using their compromised mailboxes for spam mailings. But sometimes hacking attempts can be detected.
Today, just around closing time, I received an SMS, warning me that someone tried to hack into my Gmail account. The short message was as follows:
Suspicious sign-in to @gmail.com (google.com/blocked)
At first, I was somewhat perplexed. My first thoughts were about phishing or some kind of spam. I instantly switched to the Gmail tab in my browser and saw a similar email notification, which contained a bit more detail. Here is the email text:
A password was entered in an attempt to sign in to the Google account @gmail.com. Someone tried to sign in to your account with an email client or a mobile device.
We blocked the sign-in attempt to protect your account.
This is an automatic sign-in notification. Messages of this kind can be dispatched if a user has signed in from several different devices during a short period of time. But if you weren’t involved in this or the attempt originated from a different location, this may signal danger.
And it’s quite possible that the attackers may not even be trying to hack into your account specifically but are merely trying their luck with easy-to-guess logins and weak passwords.
Is there a way to protect accounts from attacks of this kind? The next example answers this question.
…and here comes a short message with a Telegram access code.
Someone successfully (!) entered a code from a short message but still failed to gain access to the account because they didn't have a two-factor authentication password.
The Anti-virus Times recommends
- Change your passwords regularly.
- Use different passwords with different accounts.
- If you receive a hacking attempt alert, change the password immediately.
- Try to come up with something out of the ordinary as an answer to your secret question. Don't use the actual answer. Instead, create another strong password.
- An attacker can regain access to your account even if you change the password. If your registration data now includes additional phone numbers (not yours), that's another alarming sign. If it contains email addresses you have never entered and know nothing about, delete those.
- If you use your social media account to sign in, take time to make sure it hasn't been compromised.
- Use an anti-virus. Someone may be trying to hack into your account after your credentials have been leaked by malware.
- If you don't use Dr.Web, scan your computer with Dr.Web CureIt!