Independent news from the Indigenous Media Freedom Alliance

#NativeNerd column: Yikes I Got HACKED! What to do if it happens to you

Here are a few steps to take to thwart would be social media hackers, identity theft marauders & online predators

Yikes! I got hacked! This is definitely not something I would like to admit as I pride myself on being ahead of the technology curve, but I have to admit, they got me. And it wasn’t the first time in all honesty. I have been taken before, to the tune of someone actually using my credit card to buy pizza and clothes online.

The credit card incident happened a few years ago, and it rattled me to think that even though I am careful, I could fall prey to online identity thieves. Hey, I am not perfect, anyone can fall … perhaps you have heard the adage that applies to me in this case: “Hey, even monkeys fall from trees.”

The latest incident was this week. As I ventured to take a peek at my Twitter timeline, I noticed a series of bizarre “liked” YouTube videos that I had never watched. There were several videos on YouTube in different languages to include Chinese and Russian. The activity was odd, and I even had a follower send me a message that it looked like I had been hacked.

Above: Weird videos that got ‘liked’

Vincent Schilling

@VinceSchilling

Yikes – I got

Thanks for all the great advice.
I already employ some suggestions. (My fault, should have been clear.)

For the record I have /use:

Malware-bytes premium.
Last-pass password management.
Two-step verification.
Different passwords for all sites.

Vincent Schilling

@VinceSchilling

Yikes – I got … BUT I think I found the culprit

I looked into the Apps Tab to research apps I have granted Twitter access to.

An old App – Paper(dot)Li – the auto-generated Twitter newspaper from years ago – was granting access to an IP in France.

How Do You Get Hacked?

Getting hacked means someone breaks into your account. They either got your password, or found a backdoor in some way by using hidden computer codes or malware (virus-oriented software) to get your information. Sometimes if you are connected to an old third-party app in Twitter, there are faulty security measures that leave your information vulnerable and thus a way into your account that is easy for them to spot.

Sometimes, they do it the old-fashioned way, they ask you. I know many folks who gave out their information to a swift talker. They know exactly what to say to make you uncomfortable, or anxious, for example: “Your account has been hacked, we need your information now to stop them … or, it looks like your credit card is being used fraudulently, can I have your name and date of birth to verify?”

Reputable companies often issue a disclaimer, “We will never ask for your private information.” If you feel weird or uncomfortable ask a family member or friend to take the call or look at your email. 99 times out of 100, it is a scam. Trust your instincts.

But Wait, I’m Careful! How Did This Happen to Me?

I was perplexed. I use a lot of security measures to ensure I don’t fall victim to such things, but obviously not. They hacked into my Twitter and I had no idea how to go about figuring out how to fix the problem. Also they had “liked” YouTube videos, so I wasn’t even sure if my Twitter account of Google / YouTube account had been breached.

The Search Begins

I started by looking up all of my YouTube history. I also have several accounts that I have access to related to my Twitter account. Nothing. There wasn’t any history of watching or liking the videos, I even have my settings turned off to tell my Twitter followers I like a video.

I researched third-party apps on my Twitter account and eventually found the culprit.

What Is a Third-Party App?

Sometimes when we navigate to a new website and need to register an account, we have an option to log-in using Twitter, Google+ or Facebook. As part of the registration process, which seems a lot easier than entering in all of your personal info, you just have to click allow a few times. Click … Click … registered.

The problem: Not all third-party apps have the latest security measures and are a veritable open-door for hackers. This is exactly what happened to my Twitter account. I had granted access to the news generating website Paper.Li on Twitter. Someone from France was accessing my account using an app I hadn’t used in years.

This person stole my info, but I am still protecting their IP … go figure.

I looked in my third-party app history, and noticed a strange IP address was accessing my data at the same times those strange “liked” videos were appearing in my Twitter timeline.

I revoked ALL of the third-party app permissions in Twitter, especially Paper.Li and I haven’t had any problems since. But now, I needed to ensure I stayed protected. I also forced every device to log out.

Here is what I did, and here is what I suggest others do. If this gets too technical for you, you can always ask a young person, they are brilliant with this technology stuff. I ask my 16-year-old nephew all the time with things and I have no problem telling you the kid is a whiz at this stuff. I may know a lot, but at the rate technology is changing everyday, he helps me to keep in the loop.

What to Do if You Are Hacked, or Steps to Take to Keep You Safer

Credit Cards

If someone uses your credit card, don’t panic, although it REALLY stinks to feel vulnerable, there are laws in place where banks will cover any questionable charges on your account and you won’t be responsible. But you need to take action as soon as you find out. Yes, you have to get new credit or debit cards, but safety is most important.

Emails

If someone gains access to your email account, the best first step is to change your password. In the settings of your email, which is usually under security or privacy, you can also force your email to logout of all devices connected to your email. DO NOT use the same password for everything. Also try to refrain from the popular passwords Love, God, Password, your first name or 1234 or 4321. That is the first thing a hacker will try. More on passwords in a moment.

Social Media Accounts – Two-Step Verification Is a Huge Deterrent

As with most suggestions, logout and change your password. With social media and other registration accounts such as Amazon, it is a great idea to set up a two-step verification process. This means every time you attempt to login to your account, the company will send you a verification text to ensure it is you. This is a huge deterrent to hackers and online predators. Gmail has been making great strides – as are so many other companies, in alerting you every time someone, hopefully you, tries to log into your account.

Malwarebytes is a great and free tool that is one of the most up-to-date online fighters against malware or other malicious software meant to steal your information. You can set it up to scan websites automatically that phish (try to get info without you knowing) for your information.

Disable Third Party Apps You Aren’t Sure About

I went into my Twitter settings and navigated to “Apps and Devices” and revoked access to everything. Some folks may be using third-party apps to tweet directly from that app, or perhaps use another app to automatically schedule tweets and more. I decided I would go ‘completely manual’ for now as I was recently targeted. I have to be honest in saying I don’t think I’ll be going back. By going back I mean to using third-party. I am addicted to Twitter.

Avoid Using Wi-Fi in Public

This can be a pretty tough measure to employ, but public wi-fi is known to be a huge issue for vulnerability. Since you are logged into your computer and on an open network, your computer’s files are open to the public. If you have a phone, it is better to use your device’s hotspot.

Use The HTTPS Everywhere Browser Extension

Encrypt all websites! Imagine if you were an english-speaking hacker and suddenly everything was written in Mohawk or Navajo. This is similar to what this extension does.

According to the Chrome store – HTTPS Everywhere is described as such:

HTTPS Everywhere is an extension created by EFF and the Tor Project which automatically switches thousands of sites from insecure “http” to secure “https”. It will protect you against many forms of surveillance and account hijacking, and some forms of censorship.

It’s available for Google Chrome here. Their website is www.eff.org

Install A Password Manager

I use LastPass password management to keep track of my encrypted and extensive multi-character passwords. It also helps me keep different passwords for everything.

As it is an extension – meaning something added to your web browser – you use it in tandem with browsing. After you download LastPass, you’ll find the LastPass button . There’s one for every browser.

#1 Password Manager, Vault, & Digital Wallet App | LastPass

Here are a few more steps my friends of social media suggested:

Make Sure Your Firewall Is Active

Make Sure Adobe Flash Is Updated

Log Out Of Everything

Change All Of Your Passwords

Don’t Give Anyone Your Personal Information

I hope this helps. Happy online navigating!


Follow fellow Native Nerd, Vincent Schilling associate editor for Indian Country Today at @VinceSchilling – Make sure to use the Hashtag #NativeNerd

Contributing Writer

Buffalo's Fire collaborates with other content producers, such as AP Storyshare, independent news organizations, freelance journalists, opinion writers, community members, and academic outlets. We also appreciate ICT for sharing their stories.