The Importance of Cyber Security
With cyber security and internet privacy growing as global topics, it’s more important than ever to educate and arm yourself against cyber threats. One of the easiest security standards to implement is two-step verification.
I think we sometimes take for granted the security of our personal information online. Your information is perfectly safe and locked away until something happens to shake your peace of mind.
Cybercriminals will target anyone or any organization. It’s good practice to always assume that someone is trying to breach your accounts or website and to be vigilant at all times. Some hackers will even use your own counter security measures against you.
What follows is an example of how hackers can get into our daily lives.
My Cyber Attack Experience
I personally had a hacker try to steal one of my gaming accounts. I was using Uplay (a Ubisoft web client that stores a user’s games) and noticed that an error message popped up proclaiming that someone else is playing a game in my account.
At first, I thought it was a family member since I share my account with my family. Shortly after I received this notification, my username was changed without my consent to an inappropriate name (I’ll spare you the details). I thought that it could be a family member pulling a mean-spirited prank, but I wanted to make sure it wasn’t a hacker.
I took a look into the account to try and see if there were any additional changes. There weren’t any further changes, so I quickly checked my emails and I was immediately made aware of a big red flag: I had received multiple two-step verification emails over the past week that I hadn’t requested.
Two-step verification provides a second layer of security when you log into an account. For example, when you sign in with your password, you may also need to input a code that you receive via a text message. Normally, I have two step verification on all of my accounts, however, I wasn’t informed that Uplay offered two-step verification for this specific account.
These were official Uplay emails and the links were legitimate. This hacker was trying to set up two-step verification in order to hijack my account. If I had clicked on any of the links in the emails, the hacker would’ve had complete control of my account.
I believe the hacker’s plan was to induce panic, which would then coerce me into opening up and following the two-step verification links.
What should you do if you’ve experienced a cyber attack?
The first step is to contact support and report the issue you have. Support will make sure your account is safe and help spread the word that a security threat exists.
If support is unavailable, here are the steps I conducted to regain control over my account.
One of the first courses of action that I took in response to this attack was to change my password. Make sure your new password is at least 12 characters long with a mix of punctuation and non-dictionary words. I recommend using Norton’s password generator and store your password somewhere safe (physically write down your password and store it somewhere safe inside your local machines directory or a secure password bank).
Once I had changed my password, I changed my email. I realized that the hacker could see my old email in the account settings, but the hacker didn’t have access to my emails since I had a different password on my Uplay account. This reason alone is why it’s a good practice to have different passwords for each service you use.
If my email password was the same as my Uplay account, the cybercriminal could’ve logged into my email and taken note of which services I’m signed up to. This could range from my Netflix/Hulu account to my personal banking/credit card accounts. You could imagine the damage if I had kept the same password for all of those services.
In this case, the hacker was using software that automatically inputs the leaked passwords so the hacker didn’t know my actual password. It’s always a good practice to never use the same password for any two services.
The next step was to delete all of the old two-step verification emails and laugh at the hacker’s misfortune as I clearly avoided their ill-fated trap.
Once those emails were deleted, I went through the process of setting up two-step verification. I recommend contacting support (if it’s available) once you have your account back safely and report what happened. Also, check the news to see if there has been a widespread attack.
Preventing Future Attacks
To prevent future attacks, regularly update your account passwords, set up two-step verification for all of the accounts you can, and always be on the lookout for suspicious activity in your accounts.