Why not, you ask? Because your pal probably didn’t send that email.

Chances are that your friend’s email account was hijacked by a hacker who’s now spamming everyone in your friend’s address book, hoping to fool at least some of them—maybe even you—into clicking a link that leads to one of the shadier corners of the web.

How can you tell the fake emails from the real ones? Well, that can be a bit tricky.

An especially enterprising hacker may go to great lengths to impersonate one of your friends or co-workers, all in the hopes that he’ll trick you into giving up a credit card number or a password.

Far more common, though, are the somewhat crude, easy-to-spot messages sent to a wide swath of people, typically with a clumsy (or non-existent) subject line and a single, arcane-looking link.

Let’s tick off six warning signs that the email you just got is from a friend’s hacked email account, starting with:

1. There’s nothing in the message except an odd-looking link

 
It’s mysterious and tempting, no doubt—and it’s also a favorite tactic of hackers trying to fool the most people with the least amount of effort. Do yourself a favor and steer clear.

2. There’s a string of random email addresses in the “To:” field

 
Puzzled that your friend sent a sketchy email message to you and six other people you don’t recognize?

Well, hackers usually divvy up the email addresses in their victims’ address books and send their spam messages to small chunks of them at a time—often in alphabetical order.

3. Your friend is suddenly pitching weight-loss pills or “enhancement” remedies

 
Did your buddy just send an email suggesting you slim down, find an exciting new career, discover the secret of personal enlightenment, or boost the size of your … ah, “organ,” shall we say?

Nope, your friend isn’t trying to drop a hint. Instead, you’re looking at some of the crudest, yet most effective spam pitches of all time. Toss these messages in your “Junk” folder, pronto.

4. Your friend warns that someone’s posting funny—or mean—things about you online

 
“Hello this user is posting very bad things about you,” writes your friend. Or another variant: “Someone just posted a funny picture of you.”

You know you want to click, right? (Full disclosure: I’ve almost fallen victim to this ploy myself.)

Well, don’t—that is, unless you want to end up on a porn site, an online pharmaceutical store, or worse.

5. Your friend needs you to wire money, ASAP

 
Troubling news: a neighborhood friend who’s travelling in Rome (hmm, she went on vacation without telling you?) had her purse—along with her ID, passport, credit cards, and traveler’s checks—stolen, and now she’s frantically emailing you for help. Could you do her a huge favor and wire her some cash?

Well, here’s the scoop: your friend probably isn’t on vacation, nor did anyone boost her purse. That said, someone likely has taken control of her email account in the hopes of tricking you out of a few hundred dollars.

6. A colleague needs your social security number, password, or credit card number

 
Bob from the office just emailed, and he’s got more details on the BlueStar account that you’ve both been slaving over. He also has an odd request: he needs your social security number, your date of birth, and at least one credit card number for a web form. Could you send ’em right over?

Beware. Even though “Bob” seems to know specifics about the office, it’s possible you’re the target of a so-called “spear-phisher”—a hacker who’s managed to scrounge up some “inside” personal or professional information about you, and who’s using said info to impersonate someone you know.

Spear-phishing is a clever, tough-to-spot tactic that’s netted some high-profile victims, and there’s no sure-fire way to protect yourself.

But if a co-worder suddenly requests a key password or your Visa card number over email, think twice (or better yet, give her a call) before clicking “send.”

Bonus tips

• Getting suspicious email messages from a friend? Make sure to contact him or her immediately and let ’em know.
• You may see some of these same tactics used on Facebook, Twitter, and other social networking sites, so careful with spammy-looking direct messages and wall posts.

The post 6 telltale signs that a friend’s email account’s been hacked appeared first on here's the thing.

Lucky for us, an online security expert has come forward with a free service that alerts you if it finds your email address among hundreds of thousands of compromised (and now public, thanks to the hackers) accounts.

The site, called “Should I Change My Password?,” was designed by Australian technology and security pro Daniel Grzelak, who tells the New York Times that he created the website to give concerned users “A, an easy way to check if they were affected and B, some simple advice on what to do if they were.”

The new site access more than a dozen databases of stolen account information that hackers released to the public.

The 800,000-plus entries in the various databases aren’t a comprehensive archive of anyone who’s ever been hacked, of course. But it does search pilfered data from recent security breaches at Sony, PBS, Fox.com, Gawker.com, and MySpace, among others.

To use the site, just type your email address into the form and press the “Check it!” button. You should get the result instantly: either a green “all clear” icon, or a scary red light warning you to change your passwords, pronto.

OK, so how do we know Grzelak himself isn’t a hacker trying to fool us into giving up our email addresses? In the site’s FAQ (“frequently asked questions”) page, Grzelak assures us that he’s been “vetted” by media sites ranging from the Times to Secure Computing Magazine, and he also lists his public Twitter account.

Grzelak also notes that doesn’t store any email addresses used in search queries.

I went ahead and entered a few of my email addresses into the site and came up clean—phew. If you want to see what a “you’ve been hacked” warning looks like, type “[email protected]” into the search form.

Source: NYT

Follow me on Twitter!

The post Do hackers have your password? Here’s how to find out appeared first on here's the thing.

“Tango down – cia.gov – for the lulz,” bragged LulzSec via Twitter on Wednesday afternoon.

A later tweet read:

Lulz Security, where the entertainment is always at your expense, whether you realize it or not. Wrecking your infrastructures since 2011.

By about 7 p.m. Eastern, the CIA site was loading again—albeit very, very slowly. Update: I may have spoken too soon; by about 7:45 p.m., CIA.gov was refusing to load again.

In a post justifying Tuesday’s breach of the U.S. Senate website, the LulzSec hackers wrote:

We don’t like the US government very much. Their boats are weak, their lulz are low, and their sites aren’t very secure. In an attempt to help them fix their issues, we’ve decided to donate additional lulz in the form of owning them some more!

here’s the thing: After the devastating attack on Sony’s PlayStation Network back in April, hackers seem to be smelling blood—and it appears they’re determined to hit one major online property after another.

If you’re worried about online security, make sure to change your passwords regularly and follow a few basic safety tips. For the most part, however, both corporations and governments alike need to beef up their online security—the sooner the better.

The post CIA website buckles, hacker group claims responsibility appeared first on here's the thing.

As Citi execs and federal regulators sort out this latest hack attack, which compromised the names, account numbers, contact info, and email addresses of about 200,000 customers (birth days, social security numbers, and card security codes weren’t pillaged, according to Reuters), now might be a good time to do a little something to strengthen your own online security.

Yep, you guessed it: time to change your online banking password—and ideally, to something a little stronger than “mydogspot” or my favorite, “password.”

Microsoft has an excellent how-to about creating a so-called “strong” password—and indeed, they’re not kidding around. The page recommends coming up with a password that’s no less than 14 characters long, complete with a jumble of letters (both upper- and lowercase), numerals, and symbols.

The site also links to a password checker that will tell you if the password you picked is long enough.

Now, here’s the most annoying part (and I admit, it’s advice that I have a hard time following myself): only use your new password for your online banking account. That way, if hackers manged to crack, say, your Amazon login (which seems increasingly likely, given all the big companies that have fallen prey to security breaches lately), the bad guys won’t be able to sneak into your checking account, too.

Will changing your passwords protect you from each new wave of hacker attacks? No, unfortunately—but why make life easier for ’em?

Anyway, just do it (and yes, I’ll do it myself today, too). It’ll take you five minutes.

The post Tip of the day: Change your online banking password (and make it a strong one) appeared first on here's the thing.

Greetings Nancy! Yes, you’re right: theoretically, any time you put data on a Net-connected server like Apple’s upcoming iCloud, it will be more susceptible to hackers than it would sitting on your PC’s hard disk—or, say, a USB thumb drive that’s stashed in a drawer.

But just because your personal data files are sitting on your home PC doesn’t mean they’re absolutely, positively safe and secure.

Consider this: If you’re using a Windows PC, there’s always a chance that your system could get infected with malware—that is, malicious software that sneaks its way onto your computer and does … well, any number of bad things, from keeping track of your keystrokes (usually with the intent of snagging usernames and passwords) to snooping around your files.

Or, here’s another (more likely) possibility. One fine day, you wake up, hit the power button on your PC, and…nothing. Why? Because your system’s hard drive failed—and yes, it happens. (The hard drive on my old Mac PowerBook gave up the ghost about five years ago, and while I’d backed up a few key files, I lost everything else. Not fun.)

Or, how about this: Your house burns down. (Yikes!) Or gets soaked in a flood. Or pummeled by a “Wizard of Oz”-style tornado. Beyond the damage to your home, you may well lose your PC, all its data, and even any backup drives you had squirreled away in the closet.

Sorry to be laying all these scary scenarios on you. (Hopefully, you’ve already had your morning coffee.) I’m just trying to make the point that there are risks to everything, including keeping your data “safe” on your desktop.

Some easy ways to minimize your risk? For your PC at home, back up your data religiously. (I’ll go into detail about how to back up your system in a future post.) If you can, keep a copy of your most precious data on a portable drive in a location other than your house—like your safe-deposit box. Don’t open email attachments from strangers. And if you’re a Windows user, make sure you have malware and anti-virus protection (like Microsoft’s free Security Essentials software) installed, updated and running.

When you’re dealing with your online accounts in the cloud, make sure you don’t use the same password everywhere. Make sure to use a credit card—and not your debit card—while shopping online. And never give out your account passwords to anyone. (Click here for more online security tips.)

And in general, the key to being smart with your data is the same as for handling an investment portfolio: diversity. Or, put another way, don’t put all your eggs in one basket.

After all, a cloud server could be hacked, and your hard drive might fail, but it’s highly unlikely that both would happen at the same time. (Fingers crossed.)

Anyway, I hope I haven’t scared you off from ever touching a computer again. Just remember: if you’re conscientious, both your PC- and cloud-based data should be relatively safe—and if you’ve been backing up your data and careful with your passwords, you’ll be able to deal with almost any bump in the online road.

Did this advice help? Have more questions? Let me know!

The post Reader mail: Isn’t the “cloud” an easy target for hackers? appeared first on here's the thing.

The bad news is that online hack attacks and phishing attemps are getting more and more sophisticated every day. The good news, however, is that you can foil most hackers—or at least keep the damage to a minimum—by following a few simple steps.

1. Never give your password(s) to anyone.
Just get an email from the likes of Citibank, Paypal, or Amazon asking you to verify your username and password? Beware. You may be the target of a phisher—that is, someone who’s trying to steal your login credentials through an official-looking email or website.

First of all, remember that no reputable customer service rep or IT staffer would ever ask for your account password via email or over the phone. Also, never log into one of your online accounts after clicking a (possibly bogus) link in an email message unless you’re convinced the email is legit; instead, type the URL of the account you need to access directly into your web browser.

2. Never open links or attachments in an email from a stranger.
Another favorite tactic of hackers is to trick unsuspecting victims into opening a malicious email attachment or click a link to a Trojan-infested website. Some phishing emails may look incredibly obvious, while others are far more devious—and indeed, in the most recent White House attack, the messages were written in flawless English and referenced projects that the recipients were actually working on, and even appeared to be sent by friends and colleagues. (Such personalized, highly targeting attacks have been dubbed “spear phishing,” according to the New York Times, and unfortunately they’re very tough to spot.) Sneaky, right? In any case, when in doubt, don’t click.

3. Don’t be fooled by anti-virus pop-ups.
You’ve seen ’em—those annoying pop-up ads that purport to have detected a virus in your PC or Mac and promising to clean your system if you just tap the big flashing button. Careful: there’s a good chance that by clicking that ever-tempting link, you’re opening up your computer to a trunk full of malware.

4. Don’t use the same password for all your accounts.
It’s great advice that’s tough to follow—after all, who wants to remember 20 different passwords? The reality, though, is that if you use a single password for all your online accounts and hackers manage to break into one of them, you’ve essentially given them the key to unlocking all the others. Not good.

5. Don’t use a debit card for your online transactions.
If the worst happens and a hacker does manage to snag your address, phone number, and credit card info, you can always dispute any suspicious—and potentially massive—charges with your (typically agreeable) credit card company without dealing with any cash-flow problems. But if the bad guys nab your debit card and manage to drain your checking and savings accounts, you may have to figure out how to cover your rent and groceries while dealing with the authorities. Better to spare yourself any headaches and keep your debit card stowed while shopping online.

The post 5 easy tips for thwarting online hackers appeared first on here's the thing.

Performance on the store, which Sony closed up in the wake of last month’s thorough sacking of the PlayStation Network by hackers, was a tad sluggish Thrusday morning; when I tried to download the new demo for Infamous 2, for example, a few of my button presses took up to a minute or more to register, and the store quit unexpectedly at one point when the server connection failed.

Sony resuscitated much of the beleaguered PlayStation Network in mid-May, but it kept the store on ice until now to install additional security “enhancements” and complete “testing of the payment process and commerce functions.”

here’s the thing: I’ll cut Sony a little slack as it irons out the early kinks, at least as far as free game demo downloads are concerned. That said, I’m not quite ready to trust Sony with my credit card numbers again … or at least not yet. (Check out how to buy downloadable goodies on the PSN without a credit card, and how to sign up for Sony’s offer of free identity-theft protection.)

The post Sony’s PlayStation Store re-opens, dusts itself off after hack attack appeared first on here's the thing.