Will Lukang, PMP, CSM, MBA, MASCL

Never in my wildest dream would I ever think that such thing would happen to me. Not me – I have the technical know-how and background to prevent such a thing from happening.   I’ve been in information technology for over 20 years and I consider myself an above-average technician in terms of maintaining hardware or software.

On the morning of January 11th everything changed, on my way to work with my friend Jason.  He told me that I sent him a link to a blog.   He asked what it was all about.  I was like, what are you talking about?  I don’t have time to send e-mails in the morning as I’m trying to get ready for work.   I quickly checked my iPhone and saw that my other personal e-mail account received the same message.  The worst part is that it accessed my contact list and e-mailed the same message to everyone.

Another friend of mine named Barry also alerted me via text message that he receive an e-mail with a link to a blog.   On my way to work, a few of my friends did the same thing.  They brought it to my attention.  At this point I was so embarrassed that such a thing happened to me.  While running a meeting, I could not help but think of what happened and was trying to figure out how to stop it.  By 10:23 a.m. another round of e-mails went out while I was in another meeting.  I called my wife to power down my laptop, because I was not sure if there was a Trojan virus on my laptop.   While in a meeting, I was busy trying to change my password on my Gmail account.   Thankfully my account was not highjacked, meaning I was still able to gain access to it and change the password.    It was only at that point that the e-mails stopped.  While the spam e-mail continued, I felt helpless and did not know what to do.  I’m thankful to have my iPhone that allowed me to access my personal e-mail; otherwise the problem could be worse.

After my 10 a.m. meeting, I stopped by Barry’s office to pick his brain on how to prevent such a thing from happening.  Barry is our resident technical expert.    Besides two brains are better than one.   We chatted and he gave me a couple of pointers like scanning my laptop and possibly installing Ubuntu on my laptop.    The rest of the day, I was thinking how to craft the apology e-mail to everyone who received the spam e-mails.

That night, I checked my laptop for viruses and found none.   I proceeded to send apology e-mails to people whom I inconvenienced.    Some were supportive while others gave me a stern warning as to what I was sending.   Either way the whole experience taught me some valuable lessons that I’d like to share.

  1. Website login account – If you have the same login accounts for different websites, use different passwords.
  2. Website using e-mail address as login ID – When a website requires that you use your e-mail ID as the user ID, do not use the same password that you use for your email account.
  3. Password strength – Make sure your password is a combination of characters and numbers.  If you can use special character that would be great, but make sure you can remember it.
  4. Change password – change your password every quarter.  Set up a reminder to alert you of the need to change your password.
  5. Request for information – If you receive an e-mail requesting information from you, DO NOT respond.   Unless you’re the one who initiates a request like password reset.  This is a common way for bad people to get your information.   It is otherwise known as Phishing which means a fraudulent attempt to secure your information such as password, credit card number, social security number, etc.

To close, no matter how experienced you are in a field, you can always be caught empty handed if you’re not prepared.  Don’t let your guard down.  Same is not really good.  With so many passwords to remember, I made a mistake of using the same password just so I would remember them easily.   That was a big mistake.    Hopefully this blog will help others avoid a similar situation to what I experienced.