How to prevent and handle Email ID / password thefts?

Some unscrupulous guys could gain access to your Email ID and password 

and later put it to misuse or abuse causing you a lot of monetary loss or embarrassments. We 

also need to know how stolen password may be used. We need to learn ways of preventing password 

thefts.



How do cyber crime thieves get at this sensitive info?



You may carelessly leave it in your wallet, or note in some text file on your disk. You might 

have noted down such IDs and passwords in some diary and this may lie unguarded in your house. 

You may read it aloud over mobile to your son / daughter or trusted friend asking him access 

your own mail account for some urgent message.The guy who overhears will be clever enough to 

jot it down, especially those who manage Paid Phone booths. You may transmit it via email to 

some friend.



You might be using your Email in a public PC say a cyber cafe. The PC in the cybercafe may be 

installed with a simple program called "key board logger". This program will capture everything 

that you type and what comes to be displayed by any program running on your PC and store

it in a secret hidden file. Analyzing the contents of such a hidden file, immediately after you 

leave, will reveal your userid and passwords easily.



You may be signing up in a number of social networks, websites etc

asking for UserID & password. These are sent back to you for verification via Email. Email 

messages are kept on your hard disk in text or other retrievable manner, if you are using 

outlook, Pico, Thunderbird etc as mail client. Scrutinizing such files will yield a

good number of your passwords. Thereafter hacking your password for Email becomes much simpler.



Many social networking sites ask for your Yahoo / Hotmail / Gmail UserId & password to be 

entered. Their idea is to help you automatically invite all your contacts to become your 

friends on that network. Many times the system may show you all your contacts and ask

you you to choose whom you would like to invite. Facebook, Sulekha, Rediff are some examples. 

There is no guarantee that both a) your email Id and password and b) the contacts lists that 

are downloaded and displayed are nor intercepted and misuse it. It is very easy for

robots to be snooping around social network vicinity and capture unauthorized data.





Recently I allowed Sulekha to access and upload all my blog posts from my Blogger (Google) 

account, little realizing that the same password is used for gaining access to all Google 

services including Gmail. Uploaded blog posts appeared on Sulkha site for a few hours but later

disappeared totally. When I realized some damage is being done, I quickly changed all my 

passwords.



How do people put stolen password to misuse?



Once a thief gets your password it is very easy to cheat or impersonate you. Orders for 

products and services may be placed online or via email with delivery to his own address under 

COD / VPP basis.



He might send fake email requests for urgent help to your friend via some Yahoo or Google Group 

in which you are a member. One such message usually says that you are out of the country, you 

wallet is stolen, you are stranded in some hotel and that you need some money urgently

to be transferred to you c/o hotel manger. This is bogus and fake.



Some tips to prevent the situation:



1. Never leave your password unguarded anywhere in diaries, slips, purses etc.

2. Never say it out aloud over phone. If you must, change it

immediately as soon as your work is over.

3. Never store your passwords in your hard disk that may be accessed by others.

4. Be wary of all usages in cyber cafes. Delete history, temp internet

files etc after your use.

5. Be careful about what you store in your pen drives - especially

email message copies in text format.

6. Have a password for important applications quite different from

those you sign up in many "altu faltu" sites. Make the passwords very

difficult to break or even guess.



How to choose a good password - A suggestion



I wish to suggest a simple solution to assign passwords and also remember them.

I sugest that you write out a longish proverb or quotation in your

vernacular language, transliterate it into English.



For example, read the following tongue twister translierated from Tamil:

KadalOrathileOrural, uruludhu peraludhu (means: A stone mortar on the

sea shore is rolling and re-rolling). From the transliterated phrase

choose, say, any nine characters in sequence. Supposing you choose

nine letters starting from sixth character (6,9) you will get:

"OrathileO" This is your password. Just remember the phrase and 69 to

recollect the correct password. The password is not easy to guess. It

is a mixture of lower and uppercase. Does not resemble any known

dictionary word. The phrase itself is some that you normally cherish

to remember.

You may change the password easily any number of times from the same

phrase choosing some other sequence of characters.



Hope you have a trouble free Internet interactions with no password

compromise at any time.



==================