One of the common posts I see from friends on Facebook is “my site has been hacked” when in fact a duplicate account has been created that looks like their account. This may seem like the same thing, but it’s very different. What has happened is they have been “spoofed”.
So, what are Hacking and Spoofing and why does it matter?
Hacking and spoofing can appear to be the similar but are quite different. The risks of hacking are much greater than those posed by spoofing. While neither is desirable and spoofing may be annoying, it will help if you know the differences and how to react to each situation.
What does it mean when your email account or social media account has been hacked and how do I know?
A hacked email account or social media account is something you should be very concerned with. If you’ve actually been hacked, they will have full access to your account and are actually posting FROM your account, not in a similar account that looks like yours.
How do I know? Are they changing posts on your account? Are they actually accessing your email?
Being hacked means that someone has managed to gain full access to your account. This may mean they have access to private information (in the case of social media) or very sensitive information in the case of your email account. There are a variety of ways to hack an account, including:
- Guessing your password (seems unlikely, but you would be surprised how simple many email passwords are, such as birthdays, anniversary dates, and other information easily obtained on social media). Most systems now have systems in place to keep this to a minimum, but it’s still possible.
- You used the same password on a different site and the site used it to access your email
- Viruses, malware, spyware or other undesirable software is on your computer and allowed a hacker to get your email password
- Answering your security questions correctly
- You entered information into a website or form (it may have been a phony website, one that offered you a free gift, or a site you visited from a link in an email)
If your accounts have been hacked it means you need to take immediate steps to correct the situation. The risks to your system and your company information vary based on the way that the email password was obtained. A hacker guessing the password is much less problematic than having viruses, spyware or malware on your computer. A guessed password simply needs to be changed, whereas an infected computer needs to be cleaned up before more compromises occur that may be even more damaging to your business.
Even if the hacker guessed the password, there is a real risk that he or she could use the email account to access other information or accounts. If you suspect your email account has been hacked you need to take immediate steps to remedy the situation, including:
The following are good “best practices” to make sure you keep people from hacking your system.
- Change your password frequently
- Use a more complex password
- Don’t write them down – this may seem helpful, but if someone has a personal grudge, it may be easy to get into your system.
- Update your system to the latest Operating System and update your security software
- Run your antivirus and malware detection programs
What does it mean when your account has been spoofed?
Although spoofing can look a lot like hacking, it is something completely different.
When your account (either email or social media) has been spoofed, it means that has created a copy of your account or email and is pretending to be you. There are usually subtle differences in the addresses or names and so someone is pretending to be you. They DO NOT have access to your accounts or computer and are just pretending to be you.
Doing this is not too complicated with the right software. They do not need access to your accounts to spoof your account.
However, what’s important to know is that your account is safe even if you have been spoofed. However, having your account spoofed can be quite concerning and annoying and people can use a spoofed account to gain access to your friends and try to get information from them. Or, someone could spoof your email and send a message to another employee at your company asking for sensitive company information.
Although this is hard to prevent, there are a few things you can do to deal with a spoofed email or social media account including:
- Do not click on links in posts, tweets or direct messages unless you are 100% certain you know what they are.
- Take time to consider your actions before responding to approaches on social media.
- Ask yourself if somebody genuine would really contact you in this way with this information.
- Recognize threats of financial issues or offers that seem too good to be true, for what they really are.
- If in doubt, call the correct number of the organization or individual from whom the post or tweet claims to be from, to check its authenticity.
- Even if the post or tweet seems to come from someone you trust, their account may have been hacked or spoofed. If it’s serious, reach out to this person or company another way to verify the approach.
- If the approach is on Social media they will never request login credentials.
- Also, check for the number of followers on the account. Genuine organizations – including their customer support handles – are likely to have a much larger following.
