The other day I saw a CBC news article warning about the dangers of email money transfers (or e-transfers) and that it isn’t as secure as most people think. Some people have lost the money they sent to someone because the recipient’s email had been hacked.
I may be wrong, but my understanding is that email money transfers are not a “thing” in the United States? In Canada, we have this service available to us through our banks and Interac. We enter the recipient’s email address, the amount, add a security question that they have to answer, and we add in the answer. There is also a box for a message or comments and we are instructed not to put the answer to the question in there.
It’s a quick and easy way to send money to friends or acquaintances you may be buying something from. I don’t use it for business transactions, but I have used it to send and receive smaller amounts of money for personal-related things. I’ve had the occasional client or prospect who has mentioned that they use it for business, so if you use email money transfer often or for significant amounts of money, please keep the warnings in mind.
- Make sure you use a question that only the recipient will know the answer to, that’s not easy to guess, and don’t enter the answer to the question in the message box.
- How are you going to tell the recipient what the answer is? Perhaps call or text it to them? One problem I’m thinking is that if their email is hacked and you don’t know it, and you send them the answer key in an email message, the hacker may be smart enough to check through recent messages to look for the answer.
- Use a secure email password that hasn’t been compromised (I’ll get to that more in a moment). Platforms aren’t kidding when they recommend using passwords of random letters and numbers at least 8 characters long, with at least one capital letter, at least one number, and at least one symbol.
If you’re sending money to someone, you have no way of knowing for sure whether the recipient’s email account is secure or whether it has been hacked, and whether they are using a secure password. That’s why a difficult security question and answer is important.
And the banks have stated that these transactions are not insured if an easy question/answer was used for the email money transfer or if a weak/compromised password was used for the email account and the email account was hacked.
There’s nothing the banks will do. You and the recipient are out that money. Tough cookies.
Are You Using Compromised Passwords?
This got me thinking again about my passwords. I’ve occasionally thought that I should be checking my passwords to find out if they’re compromised because I’ve used some on multiple platforms, and some of those platforms had security data breaches where I had to change my password. At the time, I wasn’t considering that I was still using that same password on other platforms. I mean, the breach only affected that website or platform, right?
Yes and no. (More no than yes.)
What happens is when a website or platform has a security breach, whether it’s Facebook, your email account, or anything else, if the hackers can access and read the passwords, they will do any of the following: use the passwords themselves, sell the passwords, and/or post them on websites on the internet for anyone to view and copy. The passwords may be posted along with your email or it could just be added to their password lists. These are used with bots, which scan websites and platforms and hammer them with different username and password options until they find weaknesses and are able to gain access to the accounts. That’s pretty scary, isn’t it?
Because I have a security plugin installed on my website and on my regular clients’ website, and I check the firewall results regularly, I can see this kind of thing happening on a daily basis. Bots are continuously targeting these sites trying to gain access with different usernames and passwords. They’re doing this to your email accounts and other platforms too. Be aware and be proactive.
So I wanted to be able to check my passwords in a database to see if they had been compromised, but I was worried about finding a reputable source because I didn’t want to naively be submitting my passwords to some hacker’s database!
I did some Googling and found a Forbes article on the subject, and the writer recommended “Have I Been Pwned” as a reputable source for checking not only compromised email accounts (meaning your email has been listed on website lists), but also compromised passwords. I’m trusting that they know what they’re talking about.
> You can check your emails here: https://haveibeenpwned.com
> You can check your passwords here: https://haveibeenpwned.com/Passwords
Some of my passwords were fine, but others were not. I was still using passwords that had been compromised on one platform (like Facebook or LinkedIn) on other platforms, which was risky.
I hate to admit it, but I was using one of my compromised passwords with my online banking. Cringe. Of course, I had security questions set up as part of the log-in process, but still very risky. I promptly changed it to something much more secure and a password that I don’t use on any other website or platform. Then I went about changing passwords in other places.
I also checked some clients’ passwords that I had. Some of those were compromised and needed to be changed.
Also, if you can set up a 2-step authentication log-in for anything, that is ideal. This may look like asking you a security question or texting you a code that you have to enter when you log in. Whatever you can do to make your accounts more secure, do it. It might be a pain in the butt, but if you end up getting hacked, you might wish you had done it.
It’s recommended to use a different difficult password for every website and platform you have an account for – because of the possibility of compromised passwords. I know what you’re thinking. I feel the same way too.
How am I supposed to remember hundreds of passwords?
- You can use LastPass (there is a free version)
- You can keep your passwords in a spreadsheet
- You can write them down in a notebook
- If you have a photographic memory, you can just store them all in your head. Wouldn’t that be nice?
Of course, there are always drawbacks to all of these. You could forget your LastPass master password (I worry about this, especially since I just changed it!). LastPass is encrypted and very secure, and it helps prevent keyboard logging or keylogging – which can happen if you have spyware on your computer (so make sure you have good internet security software and that it is up-to-date.). If you have sensitive passwords and you stay logged into LastPass all the time on your computer, and your computer gets hacked and they have remote access desktop control or someone else gets on your computer, they could possibly use LastPass to access your accounts.
If you keep sensitive passwords in a spreadsheet and your computer gets hacked or someone else gets on it, they could possibly open the spreadsheet and access your accounts. You can password protect the spreadsheet, which will make it more difficult to open, but then you could also forget the password. 🙂
You can write them down in a notebook, but if you have sensitive passwords (example, financial), an untrusted friend or family member, or even a burglar, could find it and use the passwords.
Anything is possible, but all of these options are more secure than using one or a few compromised passwords for everything!
So the moral of the story…
- Be cautious with using email money transfer and use a difficult question and answer that only the recipient will know.
- Always use complicated passwords, at least 8 characters long, a mix of letters and numbers, with at least one capital number and one symbol.
- Check to see if your passwords have been compromised and if so, STOP USING THEM. Change them right away.
- Use a different password with your financial account(s) than you use anywhere else. In fact, use a different password with every website and platform account you have for better security.
- Use a 2-factor authentication whenever possible.
- Store your password lists as safely as possible.
- Use something like LastPass, 1Password, or Dashlane to avoid keylogging issues in case you unknowingly acquire spyware on your computer.
- Use a good internet security software on your computer and make sure it is up-to-date. I’ve used many, and I like AVG Internet Security the best. It has caused me the least problems and has blocked or warned me of a lot of potential issues when I’m surfing the web or downloading something.
- If you have a WordPress website, use a good security plugin and configure/customize the settings for your site. I’ve found WordFence to be great.
I’d like to know, have you been using compromised passwords? Have you lost money through email money transfers? Do you have a hacked account horror story to share?
Let me know in the comments below!
Your Privacy is safe!