How to prevent and handle Email ID / password thefts?
Some unscrupulous guys could gain access to your Email ID and password
and later put it to misuse or abuse causing you a lot of monetary loss or embarrassments. We
also need to know how stolen password may be used. We need to learn ways of preventing password
How do cyber crime thieves get at this sensitive info?
You may carelessly leave it in your wallet, or note in some text file on your disk. You might
have noted down such IDs and passwords in some diary and this may lie unguarded in your house.
You may read it aloud over mobile to your son / daughter or trusted friend asking him access
your own mail account for some urgent message.The guy who overhears will be clever enough to
jot it down, especially those who manage Paid Phone booths. You may transmit it via email to
You might be using your Email in a public PC say a cyber cafe. The PC in the cybercafe may be
installed with a simple program called "key board logger". This program will capture everything
that you type and what comes to be displayed by any program running on your PC and store
it in a secret hidden file. Analyzing the contents of such a hidden file, immediately after you
leave, will reveal your userid and passwords easily.
You may be signing up in a number of social networks, websites etc
asking for UserID & password. These are sent back to you for verification via Email. Email
messages are kept on your hard disk in text or other retrievable manner, if you are using
outlook, Pico, Thunderbird etc as mail client. Scrutinizing such files will yield a
good number of your passwords. Thereafter hacking your password for Email becomes much simpler.
Many social networking sites ask for your Yahoo / Hotmail / Gmail UserId & password to be
entered. Their idea is to help you automatically invite all your contacts to become your
friends on that network. Many times the system may show you all your contacts and ask
you you to choose whom you would like to invite. Facebook, Sulekha, Rediff are some examples.
There is no guarantee that both a) your email Id and password and b) the contacts lists that
are downloaded and displayed are nor intercepted and misuse it. It is very easy for
robots to be snooping around social network vicinity and capture unauthorized data.
Recently I allowed Sulekha to access and upload all my blog posts from my Blogger (Google)
account, little realizing that the same password is used for gaining access to all Google
services including Gmail. Uploaded blog posts appeared on Sulkha site for a few hours but later
disappeared totally. When I realized some damage is being done, I quickly changed all my
How do people put stolen password to misuse?
Once a thief gets your password it is very easy to cheat or impersonate you. Orders for
products and services may be placed online or via email with delivery to his own address under
COD / VPP basis.
He might send fake email requests for urgent help to your friend via some Yahoo or Google Group
in which you are a member. One such message usually says that you are out of the country, you
wallet is stolen, you are stranded in some hotel and that you need some money urgently
to be transferred to you c/o hotel manger. This is bogus and fake.
Some tips to prevent the situation:
1. Never leave your password unguarded anywhere in diaries, slips, purses etc.
2. Never say it out aloud over phone. If you must, change it
immediately as soon as your work is over.
3. Never store your passwords in your hard disk that may be accessed by others.
4. Be wary of all usages in cyber cafes. Delete history, temp internet
files etc after your use.
5. Be careful about what you store in your pen drives - especially
email message copies in text format.
6. Have a password for important applications quite different from
those you sign up in many "altu faltu" sites. Make the passwords very
difficult to break or even guess.
How to choose a good password - A suggestion
I wish to suggest a simple solution to assign passwords and also remember them.
I sugest that you write out a longish proverb or quotation in your
vernacular language, transliterate it into English.
For example, read the following tongue twister translierated from Tamil:
KadalOrathileOrural, uruludhu peraludhu (means: A stone mortar on the
sea shore is rolling and re-rolling). From the transliterated phrase
choose, say, any nine characters in sequence. Supposing you choose
nine letters starting from sixth character (6,9) you will get:
"OrathileO" This is your password. Just remember the phrase and 69 to
recollect the correct password. The password is not easy to guess. It
is a mixture of lower and uppercase. Does not resemble any known
dictionary word. The phrase itself is some that you normally cherish
You may change the password easily any number of times from the same
phrase choosing some other sequence of characters.
Hope you have a trouble free Internet interactions with no password
compromise at any time.