Since the day I completed my last blog, I started thinking of what to write about for this one. I must admit I’m not a very creative writer; so when I am forced to write about something that I am not passionate about, it just makes things exponentially harder. As the semester progressed, I became more and more anxious because none of the topics we were covering really peaked my interest. I simply wasn’t finding anything that I knew I would love to write about. Actually – I lied – the unit on identity theft interested me, but I had no personal experience with it so I just ignored the idea of me writing about it. How could I write a blog on a topic I had no experience with?? That would be absurd!! Well, many say that God works in mysterious ways, and would you believe that just last week my University account was compromised? Now, was this a coincidence or a message from the heavens? I always try to find the good in bad situations, with that being said, I prefer the latter! Anyways, since I now have an interesting story to tell and a lot more knowledge to share on the topic, (mostly due to the fact that when I couldn’t access my account I panicked and researched like a mad scientist) I concluded that the best thing for me to write about is identity theft.
My Infuriating Experience 😡
It all started early last week when I received an email informing me that Gryphmail was being updated and in order for me to avoid having my account deleted, I had to re-validate it by filling out a form. The form asked for my name, user id, and password. Since I’m stupid sometimes, I filled out the form before I remembered that the University told us that they’d never ask for our password. As my suspicion grew, I didn’t send the form in and I closed the email. A couple of days later, Friday the 22nd to be exact, I checked my inbox again, only to find a bunch of notifications informing me that my “message failed to send”. I figured that these were just spam messages and completely ignored them, yes, I deserve a slap in the face for being so ignorant. Why I didn’t suspect anything, I will never know. Perhaps it was because the 22nd was my course selection date, so that’s where all of my attention was focused. I had prepared the courses and time slots I wanted a few weeks prior to my selection date, so I remember that I wanted to register for them as quickly as possible. The registration went good, except for one of the classes, which filled fairly quickly. Knowing that people constantly dropped courses however, I logged in frequently throughout the day to make sure that if a vacancy appeared, I’d be the first one to get the spot. I even logged on during my time at the Price is Right Live show in Hamilton, now that’s dedication! Unfortunately, a spot never appeared. In my last attempt to check for a spot late that night, I was confronted by the dreaded “Authentication Failed” message on webadvisor. At first I thought I had simply typed my password wrong or that the site was undergoing maintenance, but when the problem persisted the next day, I began to seriously worry. I tried recovering my password and was told that my account had been locked.
After many hours of searching for assistance, I realized that nearly all IT services were closed on Saturday… except for one! The IT desk in the University library. I searched for a phone number like a starving dog would search for food, but I found nothing, which still blows my mind. How can an IT desk not have a phone number?!? Oh the irony. My only option was to drive nearly an hour from my house to the University in search for help. When I finally got to the IT desk, the conversation was short. The man told me that my account was sending mass spam messages out and they were forced to lock it. He said that there was nothing he could do and that I’d have to speak to the security team on Monday the 25th. I have to be honest, at this point it took me a little while to put two and two together, my mind was so preoccupied on the fact that I had just driven nearly an hour for a 30 second conversation that put me back at square one. I wasn’t very happy, to say the least. It was on my drive home that I remembered that email with the form I filled out, but didn’t send. It all made sense. My identity had been stolen.
From there I played the waiting game, all while worrying about the countless online assignments that were due. This past Monday is when I finally got in contact with the CCS and regained access to my account. This experience, (although in the grand scheme of things seems very small since none of my personal information was stolen) definitely put me way behind in my studies and I am currently struggling to finish all of my assignments. The worst part is looking back and realizing that if I was just a little bit more aware, that all of this would’ve been prevented. With that being said, I’d like to help build more awareness on the 3 main methods used by criminals to access your accounts, so that you can protect yourself.
Method 1: Guessing
Yes, it may seem like an amateur issue but truthfully many people just have extremely basic passwords that generally link directly and easily to them!! If you can figure out enough about a person and their interests, chances are, you can guess their password. There is also what I refer to as “the lazy man’s” password, where it is simply the digits ‘12345’. I can’t even begin to describe the number of relatives whose wifi passwords I’ve gotten access to by simply guessing the password as ‘12345’. It’s a fact of today’s world, the worst passwords are the most common. This link shows a list of the top 25 most common passwords of 2012. Notice how simple they are?
Method 2: Phishing
This is the method that I fell victim to. From my story above, I’ve already indirectly explained what phishing is, but in case you still don’t quite understand it, here are a few videos that really boosted my understanding:
Clearly the best way to prevent being a victim of phishing is to ignore any suspicious emails and NEVER follow the links!! I should take this advice.
Method 3: Malware
This final method is probably the most dangerous as it allows the cyber-criminals to track all of your logons and passwords. They do this via a keystroke logger which is a type of malware that infects your personal computer and records everyone of your keystrokes. Here is a short, informative video on keyloggers:
When I first told my cousin about getting hacked, he immediately suspected a keylogger. He had me download Teamviewer 8 and he took over my computer so that he could run a variety of scans. Thankfully, everything turned out negative and I had no malware on my system. An effective way to remove a keylogger is obviously through a malware scanner such as malwarebytes or even as described in this video:
Protecting your computer from keyloggers and removing them if they infect your computer can save you many headaches and stolen passwords! Being aware that they exist is the first step!
For more information on these three methods, please follow this link to a company that is dedicated to protecting against identity theft and are partners with the FBI (in case you questioned their credibility).
Overall, my dreadful experience has opened my eyes to the crazy tactics used by cyber-criminals on the internet to access account information. It has forced me to educate myself on the different techniques used, especially phishing, and taught me how to protect my accounts with passwords people will have difficulty guessing. Even though my adventure was not fun, I have learned a valuable lesson about identity theft: it CAN happen to anyone. I was ignorant to this fact prior to my incident and clearly payed the price for it. On the plus side, my experience helped create this blog and I can only hope that whoever reads this has learned something and benefits from it in the future!