I am making this post based on what has happened to a friend of mine last night.
It is a hard lesson to learn in the way this friend has had to learn it and has caused hours of work which are not over by a long way. So far there is no financial loss but its too soon to be 100% sure.
Apart from the possibility of getting keyloggers/spyware on your PC which is a constant threat there is another threat many do not even give a second thought to.
I am sure some, if not many, of you have dabbled in the HYIP games and I am sure that some if not all of those HYIP programs ended up dying on you and disappearing into thin air with your money.
Now what you may not realize or may not have given a second thought to is that the admins of those programs have a copy of your user id you used and the password you used for their program.
You see they not only set out to scam people out of their money but they also set out to gather that vital information. They know that many people use the same id and, much worse, the same password in different programs.
They then watch other HYIP site, join their forums, and watch for user id's they have on their list. They then wait a while and if a user posts they are making money the scammer will then attempt to hack into that users account using the id and password that the hacker has. If they hit it right they then proceed to watch the account and see when a payment is due. Just before it is due they will changing the egold account number that the payment has to go to, change the account password so the rightful owner cant get in until its too late, and so on.
The following applies to ALL programs no matter what they are.
So What is the vital lesson here?
1. Never use the same password for different programs.
By all means use the same user id if you want, it does after all become a trade mark for you.
2. Make your password at least 15 characters long - anything that is 10 or less can be cracked fairly fast, but once you get up to 15 and over the hackers will not bother as it would take them more time than it is worth. Remember the longer they keep trying the more chance they have of being caught, and they know this.
3. Do not use an email account like Yahoo, Gmail, etc for your financial accounts eg PayPal E-Gold, etc. Use something you have control over such as one of your own domain email addresses if you have one of use an email address supplied by your ISP.
4. In your E-Gold account you can register more than one email account so that way if you have one email account compromised you can still get your pin code at the other and get in there and remove the compromised email address.
To place more than one email address in your egold account you simply enter each email address separated by a comma and a a space. Go to your account info then click on the contact tab then in the email box enter the alternative email addresses.
Example myemail1@mydomain.com, myemail2@anotherdomain.com
Don't forget to fill in the turning number and save.
What can you do to protect your self from keyloggers/spyware?
Install a firewall there are plenty of choices that offer both free and paid options.
Get Spybot Search & destroy from http://www.spybot.info/ and ad-aware SE personal edition from http://www.Lavasoft.com Both are free to use.
Run them regularly (at least a couple of times a week)
Get Roboform http://www.roboform.com It not only securely stores passwords for you but it has a password generator built in that you can select what length of password you want it to generate. When you have generated a password you simply copy it and past it onto the appropriate field in the form of the web site. and before submitting the form I use the manual save button. This will give you an option to add a master password to protect it even further.
Your master password should be something very long (more than 10) that you keep safe somewhere and learn to memorize it as well.
Now you have a saved password the next time you go to the site you will be able to just click a button and it will fill in your login id and password for you. If you have not used the login for a while it will ask you for the master password. You can set how long it needs to remember the master password so that if you are going from account to account you dont have to keep filling it in.
Point to note with Roboform. The Free version allows you up to 30 pass cards only. The paid version has unlimited passcards and in my opinion is more than worth the money it costs in saved headaches about forgotten passwords and the secure entry of passwords.
The reason it is secure is that you never have to type in your password so a keylogger can not register it.
If anyone needs help with Roboform and setting it up contact me I have been using it for over 5 years so I think I can safely say I know what I am doing with it.
Please help everyone and give your friends the link to this post. I know what I have posted is mostly common knowledge but with time and having never been hacked we sometimes become sloppy and think 'It wont happen to me'. Don't be so sure It CAN happen to anyone.
People used to laugh at me for having "crazy passwords" as they called them and for having so much security on my PC I would get comments like " Geez you ain't Fort Knox" and similar comments.
Well let them laugh I know I am doing all I can to protect my interests.
And so should you.
Be Safe on the Internet