Will Lukang, PMP, CSM, MBA, MASCL
Never in my wildest dream would I ever think that such thing would happen to me. Not me – I have the technical know-how and background to prevent such a thing from happening. I’ve been in information technology for over 20 years and I consider myself an above-average technician in terms of maintaining hardware or software.
On the morning of January 11th everything changed, on my way to work with my friend Jason. He told me that I sent him a link to a blog. He asked what it was all about. I was like, what are you talking about? I don’t have time to send e-mails in the morning as I’m trying to get ready for work. I quickly checked my iPhone and saw that my other personal e-mail account received the same message. The worst part is that it accessed my contact list and e-mailed the same message to everyone.
Another friend of mine named Barry also alerted me via text message that he receive an e-mail with a link to a blog. On my way to work, a few of my friends did the same thing. They brought it to my attention. At this point I was so embarrassed that such a thing happened to me. While running a meeting, I could not help but think of what happened and was trying to figure out how to stop it. By 10:23 a.m. another round of e-mails went out while I was in another meeting. I called my wife to power down my laptop, because I was not sure if there was a Trojan virus on my laptop. While in a meeting, I was busy trying to change my password on my Gmail account. Thankfully my account was not highjacked, meaning I was still able to gain access to it and change the password. It was only at that point that the e-mails stopped. While the spam e-mail continued, I felt helpless and did not know what to do. I’m thankful to have my iPhone that allowed me to access my personal e-mail; otherwise the problem could be worse.
After my 10 a.m. meeting, I stopped by Barry’s office to pick his brain on how to prevent such a thing from happening. Barry is our resident technical expert. Besides two brains are better than one. We chatted and he gave me a couple of pointers like scanning my laptop and possibly installing Ubuntu on my laptop. The rest of the day, I was thinking how to craft the apology e-mail to everyone who received the spam e-mails.
That night, I checked my laptop for viruses and found none. I proceeded to send apology e-mails to people whom I inconvenienced. Some were supportive while others gave me a stern warning as to what I was sending. Either way the whole experience taught me some valuable lessons that I’d like to share.
- Website login account – If you have the same login accounts for different websites, use different passwords.
- Website using e-mail address as login ID – When a website requires that you use your e-mail ID as the user ID, do not use the same password that you use for your email account.
- Password strength – Make sure your password is a combination of characters and numbers. If you can use special character that would be great, but make sure you can remember it.
- Change password – change your password every quarter. Set up a reminder to alert you of the need to change your password.
- Request for information – If you receive an e-mail requesting information from you, DO NOT respond. Unless you’re the one who initiates a request like password reset. This is a common way for bad people to get your information. It is otherwise known as Phishing which means a fraudulent attempt to secure your information such as password, credit card number, social security number, etc.
To close, no matter how experienced you are in a field, you can always be caught empty handed if you’re not prepared. Don’t let your guard down. Same is not really good. With so many passwords to remember, I made a mistake of using the same password just so I would remember them easily. That was a big mistake. Hopefully this blog will help others avoid a similar situation to what I experienced.