Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Things to do to Lower odds of getting Hacked

  1. May 25, 2015 #1

    WWGD

    User Avatar
    Science Advisor
    Gold Member

    Hi all,
    Last two weeks, while at a public place, a computer lab actually, my email account was hacked.

    The only safety measure I can think of is to restart the computer after logging of. I heard that one
    can lock the computer if/when one walks away from it for a few minutes, but I don't know how. I
    have a reasonably-strong password ( it is ************ , in case you're curious :) ) and I don't socialize
    much in there to have someone guess my account.

    What else can I do to increase my account safety?
    Thanks.
     
  2. jcsd
  3. May 25, 2015 #2
    How did you know it was being hacked? Were you on a public computer or your personal laptop?

    Logging into secure accounts like email or banking is very dangerous when using public computers.
     
  4. May 25, 2015 #3

    WWGD

    User Avatar
    Science Advisor
    Gold Member

    Hi Greg, I guess I should say I think it was being hacked ;basically some emails disappeared and the computer started acting strange the screen resolution changed and the settings to change it back were locked. I restarted in safe mode and removed some programs, then changed my password and the problem disappeared. :
     
  5. May 25, 2015 #4
    What email service do you use? This was your laptop or public computer? Did you run antivirus and malware scan?
     
  6. May 25, 2015 #5

    WWGD

    User Avatar
    Science Advisor
    Gold Member

    I use outlook/Hotmail. I was in a public computer. And I did run an AV scan.
     
  7. May 25, 2015 #6
    Yeah this is not advised. Public computers are usually riddled with viruses.

    If I ever have to login to email using the public computer I do it very quickly. To login I also use a username/password obfuscation technique to prevent easy key logging. Essentially it is typing a few letters in your username and then click over to a random text input box like the search bar and type in a few random characters. Then go back and finish the username. Do that for the password too. That way the keylogger will have more difficulty figuring out what is your real username and password.

    ex

    username: johnwiller23
    password: dw2kd09

    If you use my technique, then the keylogger might only see johnk5432dwiller23dw2kfr43rfkgdd09

    Also make sure you wait to make sure the system successfully logs you out.
     
  8. May 25, 2015 #7

    WWGD

    User Avatar
    Science Advisor
    Gold Member

    Thanks, I will try that. Does restarting the computer log you off? And does typing Control+Alt+Delete disable (at least temporarily) key logger?
     
  9. May 25, 2015 #8
    Sometimes. Often there is a "remember me" box where it will auto log you back in.

    Sort of, but you're also not able to type anything, so what is the point?
     
  10. May 25, 2015 #9

    Astronuc

    User Avatar
    Staff Emeritus
    Science Advisor

    Don't use a public computer to access personal accounts!

    Browsing the internet is fine as long as it does not involve personal information.

    Definitely, do not log into PF on a public computer.

    Start with the assumption that any public computer, especially one to which one can attach a flash drive, is unsecure.
     
  11. May 25, 2015 #10
    run your computer from the guest account, type mmc in the run box and see what you'll find, you may need a domain controller (win server), I'm not sure whats going on with the latest editions of windows(you need the ULTIMATE version or some such nonsence). it used to be that you could download a hardened template from the nsa for win2k/xp systems and apply the security policy. you may need the win(version?) resource disk for admins to get to the tools in the latest versions of windows, I'm running win7 ultimate and the security policy is under administrative tools in the start menu.
     
  12. May 25, 2015 #11

    WWGD

    User Avatar
    Science Advisor
    Gold Member

    I thought I was relatively safe since I don't have an admin account . I mean , there are a lot of restrictions on what I am allowed to do/download/etc..
     
  13. May 25, 2015 #12
    They don't have to guess passwords : it is possible to be redirected to a fake-version of the login-page where you input the password : it's called phishing ... http://en.wikipedia.org/wiki/Phishing#Website_forgery

    [ Having said that , in the past Hotmail has been hacked behind-the-scenes, which is not preventable by user ].
     
    Last edited: May 25, 2015
  14. May 25, 2015 #13
    I'm confused, your emails caused your personal computer to change monitor resolution (from logging in and possibly having your emails hacked while using a public computer)? How do you view your Hotmail emails on your personal computer? Website or Outlook (the program, not outlook.com) etc.

    GData Total Protection (which is what I use) blocks phished websites, as would many other security solutions.
     
  15. Jun 8, 2015 #14

    Borg

    User Avatar
    Science Advisor
    Gold Member

    I hope that you have changed your passwords from a non-public computer by now.
     
  16. Jun 8, 2015 #15

    WWGD

    User Avatar
    Science Advisor
    Gold Member

    Yes, I did, but , since I suspected someone was reading or getting access to my email messages ( a few of them disappeared), I left a f**** you message before changing it.
     
  17. Aug 26, 2015 #16

    harborsparrow

    User Avatar
    Gold Member

    The number one thing to do to prevent this in the future is stop using Outlook as the email client. From its conception, Microsoft Outlook was born with the ability to allow programs attached to emails to run on a computer, which is a really really bad idea. Typically anti-virus programs will try to prevent this, but they don't always succeed. If you switch to an email client such as Thunderbird, NO program will ever be executed directly from within your email.

    There are a few other things you can do as well. If you use Facebook, turn off "apps" in Facebook and keep them turned off. This means you won't be able to logon to other sites using your Facebook logon, and that is a good thing. Use of "apps" in Facebook means you are giving your Facebook logon and password to third-party companies, and you can't guarantee that they won't leak or share that information with hackers. The fact is, most people reuse their logon names and passwords, and so once one of those gets loose in the wild, you become vulnerable in several ways.

    The same thing applies to using Twitter or Google logons on third-party sites. Don't do it. Every time you do, your logon information is being more widely shared across the world, and you can't guarantee the good behavior or safe IT practices of all those companies.

    Basically, you need an easy set of logon / password combinations for all those third-party sites. Keep that completely separate from your email logons or the logons for any of the major portals providing an email-like service, such as Google, Microsoft, Facebook, Twitter, etc. Keep them separate. Keep them separate. Do not cross-logon. Period.
     
Know someone interested in this topic? Share this thread via Reddit, Google+, Twitter, or Facebook