The insecurity of web-based emails leads to identity theft

I recently appeared on fox and friends to talk about email hacking. Dave Briggs, a FOX and friends weekend co-host, he lost access to his Hotmail email account when hackers were able to guess his password or qualifying question. (He admitted that his password was not as secure as it should have been.) The hackers blocked Briggs from his own account and spammed all of his contacts with a fraudulent email that appeared to be written by Briggs himself, claiming that he was trapped. in Malaysia and requesting someone to help you by transferring money via W. Union. Only after persistently contacting Hotmail administrators was Briggs able to regain control of his own email account.

Twitter was targeted by a similar hack, leading to a data breach. The hacker likely guessed the answer to a Twitter employee’s security question and reset the employee’s password. On Wednesday, Twitter co-founder Biz Stone wrote on his blog: “About a month ago, an administrative employee here at Twitter was attacked and his personal email account was hacked. From the personal account, we believe the hacker was able to obtain information that allowed access.” to this employee’s Google Apps account that contained Google documents, calendars, and other apps that Twitter relies on to share notes, spreadsheets, ideas, financial details, and more within the company.”

And, of course, Sarah Palin’s Yahoo email account was hacked last year, during the presidential campaign. The hacker explained how easy it was in cabling.

Web-based email is great! Since you’re no longer tied to a PC-based client, you can access your email from anywhere. And all the data saved in your email account will be safe if your PC crashes. Many web-based email providers offer gigabytes of free storage and other useful tools like documents, RSS readers, and calendars. Life in the cloud is easier and more comfortable. But it’s sure?

PC Pro reported on a study conducted by Microsoft Research and Carnegie Mellon University, which measured the reliability and security of problems that the four most popular webmail providers use to reset account passwords. AOL, Google, Microsoft, and Yahoo all rely on personal questions to authenticate users who have forgotten their passwords. The study found that the “secret questions” used by the four webmail providers were not sufficiently reliable authenticators, and that the security of personal questions appears much weaker than the passwords themselves. Yahoo claims to have updated all of its personal questions in response to this study, but AOL, Google, and Microsoft have yet to make any changes.

Once a hacker has your email address, they can simply go to the “Forgot Password” section of your email provider’s website and answer a pre-selected personal question that you answered when signing up for the account. With a little digging, the hacker has a good chance of finding the correct answer.

Some of today’s questions might be answered using information found in a user’s social networking profile, or through a website such as or Some answers can be found in the user’s trash can. Some questions seek opinions, rather than facts. For example, “Who is your favorite aunt?” it requires an opinion as an answer, but if a hacker knew the names of all your aunts, he could enter them all one by one. Some questions would be more difficult to answer. Unfortunately, if you signed up for your web-based email account more than a year ago, before these email attacks became more common, your questions may be even easier to answer.

The current Gmail personal questions are:

  • What is your frequent flyer number?
  • What is your library card number?
  • What was your first phone number?
  • What was the name of your first teacher?
  • write my own question

Yahoo’s current personal questions are:

  • What is the first name of your favorite uncle?
  • Where did you meet your spouse?
  • What is your oldest cousin’s name?
  • What is your eldest son’s nickname?
  • What is your eldest niece’s first name?
  • What is your eldest nephew’s first name?
  • What is the first name of your favorite aunt?
  • Where did you spend your honeymoon?

I suggest you check the “Forgot Password” section in your own web-based email account, for your current personal question. If it’s easy to answer, or just requires a bit of research to figure out, please update the question with one that you believe based on your opinion, rather than fact. And keep in mind that most people list “pizza” as their favorite food and “liver” as their least favorite. So be creative. You should also strengthen your password. Combines uppercase and lowercase letters, as well as numbers. Do not use consecutive numbers, and never use the names of pets, family members, or close friends.

1. Get a credit freeze. Go online now and search for “credit freeze” or “security freeze” and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This renders the SSN useless to the thief.

2. Invest in prevention and protection against identity theft. While not all forms of identity theft can be prevented, you can effectively manage your personally identifiable information by knowing what you’re hearing about YOU.

Leave a Reply

Your email address will not be published. Required fields are marked *