In a rather odd coincidence, both my mum and mother-in-law’s computers have been hacked in the last couple of weeks.
My mum has a Mac and once the hacker got in (we think it was through an email attachment in Hotmail), they changed the computer system settings and the language – which was quite clever because my mum just left the computer on, clicking around trying to get the language back to English. I suspect the longer the computer was left on, the longer the hacker had to make more changes on the system.
Once the hacker had control of her Hotmail account, they sent out emails saying my parents were abroad and in distress, and required some cash to get them out of trouble. The email looked 80% genuine – good enough for some of my parents’ friends to call me and ask if they were OK.
Unfortunately for my mum, I don’t know very much about Macs, let alone being able to look at an Arabic version of Mac OS and get it back to English. She had to call a computer trainer to come over and help return her computer back to normal, including installing some security software.
Hackers managed to get into my mother-in-law’s Gmail account. We still don’t know how they did this. The first we knew of it was when hackers sent an email to my wife (they didn’t email everyone in the contacts – for instance I didn’t get the email). The email didn’t look like computer generated spam, so my wife phoned her mum and recommended she change the password straight away. The password was already complex – I had set it up originally, including a capital letter, numbers and letters, punctuation and a decent length.
My mother-in-law then called a few days later to say she hadn’t received any emails since the incident. I looked at her laptop and the hackers had set up a Gmail rule redirecting all email into the Bin straight away. This was clever because it meant that for all the emails sent from her account, if someone replied to ask whether it was genuine, the reply would have gone straight to the Bin without my mother-in-law seeing it.
I guess the key takeaways are to keep changing the password regularly, and keep it complex. Never ever open attachments in emails unless you really are expecting something and it looks genuine.
The operating system vendors, Apple and Microsoft, and now mobile operating system vendors too, have a tough balancing act. They have to provide a marketplace for third parties to produce security software, but they also have a duty of care to make their systems secure for users. The argument is that if say, Microsoft, bundled anti-virus software with Windows, the third parties would be out of business within days.
However the email providers don’t have such a balancing act, and really should be prohibiting certain attachments to emails, or checking their contents properly.