Anyone Can Get Hacked
Don’t Send Private Information by Email
If you take nothing else away from this blog post, embrace this: Don’t send any private information via email.
At the end of this article, we’ve listed things you can do to protect your private information. Sending sensitive information (Social Security numbers, tax information, etc.) by email is a terrible idea and we wanted to take a few moments to give you an example of why that is true.
We live in a connected world and, unfortunately, there are a lot of people who don’t respect personal boundaries. The current director of the Central Intelligence Agency (CIA) is finding that out the hard way.
Several news organizations recently reported that the AOL email account belonging to CIA Director John Brennan was taken over by hackers. According to the reports, all the emails and attached documents were downloaded and turned over to a government watchdog organization.
Personal Information Online Can Be Used Against You
Even without your password, hackers can use other information about you to get to your email. The hackers pretended to be Brennan, using information they had tricked AT&T into revealing, and convinced AOL to allow them to change the account password to one known by the hackers.
AOL allowed the password to be reset and the hackers gained access to all the emails in the account. The hacking group said that they found all the information they needed to convince AOL using commonly used online services and websites. They used the information about Brennan that they learned online to identify themselves as Brennan.
If this can be done to the director of the CIA, it can be done to you.
What Could I Possibly Have?
You might say, “I have only personal conversations in my email and perhaps some personal documents,” but even that can be used against you.
For most people, this might translate into sensitive information about you or your family being exposed such as:
- Medical test results
- Emails about medications you take
- Tax forms you prepared at work and sent to your personal email account
- School forms with your child’s Social Security number
Any of these by themselves could lead to identity theft and exposure of information you would otherwise want to keep confidential.
What Should I Do?
Don’t send sensitive information via email and, if someone sends such information to you, immediately delete it. If it is in your work emails, contact the Information Security Office.
Here are some tips to keep sensitive information safe:
- Do not send sensitive information by email.
- If you must send it via email, encrypt the files first. (For instructions, please give us a call at 325-942-2333.)
- Store your files only on storage you are certain is safe or encrypt them (see above).
- Use multi-factor logon security on your email accounts, if possible.
- Ask your friendly neighborhood information security guys for more information.