The Chronicle Herald
How to Survive a Zombie Hack Attack
I was sitting at my parents’ cottage checking my iPhone when digital disaster struck.
First, I couldn’t sign into my email. Next, my husband’s phone made that annoying “You’ve got mail” Apple sound.
“Did you just send me an email?” he asked.
“No,” I said. (I’d been doing very important Facebooking, definitely no emailing.)
“Ding!” (or however else one would phonetically describe an Apple email chime.)
“I just got something from you, too,” my friend Lia warned, looking at her phone.
Moments later, I’d reset my Hotmail password (yes, I still use Hotmail for some things), but nothing could stop the flood of spam pouring like hot, infected lava from my email account directly into the inboxes of everyone in my address book.
Current business associates, clients, former co-workers, friends and even people best left far, far in the past received spam — allegedly from me — containing a mysterious, nefarious link.
I’d been hacked! The horror! (Full disclosure: In the end, it wasn’t that horrific as I now had an idea for this column.)
Shaken and invaded, I shot off emails to my big-brained co-workers at T4G looking for answers.
“The world of hacking has changed from pranking to financial gain and hacktivism,” explained Jakov Zaidman, T4G’s security-focused principal consultant.
“Most of the mass hacking attacks are undertaken through phishing emails carrying a link to infected websites that are used to harvest tens or hundreds of thousands of PCs (personal computers) into botnets.”
Imagine my surprise to learn zombies were behind the attack. (Well, sort of.)
“These infected ‘zombie’ PCs fall under the control of a single entity who then sells this capability to others who may want to use these PCs to attack websites, send mass spam, generate revenue though pay-per-click, or harvest usernames, passwords, credit card numbers and other personal information,” Zaidman said.
“Everything has a price on the black market, and email accounts are just one of these commodity items.”
But why me? The agony!
“Typical user accounts are compromised by first getting a piece of malware onto the user’s computer that would record their usernames and password for email and other services,” Zaidman explained.
The malware can dive into your machine through a variety of ways, including:
- Receiving an email with an infected attachment and opening the attachment.
- Receiving an email with a legitimate-looking link to a rogue website. Once you click on that link, the website installs the malware on your computer. (This technique is similar to the sorts of spam/hacking we see on Twitter and is probably the most effective and popular method today.)
- Receiving infected storage media, such as USB memory sticks and CD disks.
- Downloading music, movies and software from underground sites.
If the dreaded hacking happens to you, clean your computer using a solid antivirus program or have an expert do it for you. When you know the coast is clear, log in and change your email password to a new, more complicated password.
If you aren’t a victim of the Internet zombie apocalypse yet, stay safe. Come up with an email password that’s a minimum of eight characters and includes upper- and lower-case letters, numbers and special characters. For example: [email protected]
Also protect yourself by using different passwords for different online services, installing an antivirus program and enabling the Windows firewall.
Oh, and if you get some random, inexplicable link emailed to you from a friend, do NOT open it.
My final piece of wisdom? Be kind to others, and if you do get corrupted by zombies, alert your contacts to the impending doom. I posted an “I’ve been hacked, don’t click on links from me” haiku on Facebook:
Spicy summer night
Evil email arrives
Old account compromised.
Take that, digital zombie apocalypse.
Stephanie McGrath is a digital content strategist at T4G Ltd. in Halifax.