Friday the 13th seems like an appropriate day to tell my bad luck story.
On Tuesday, I got a link from my cousin on gChat. It said something like, “Check out this funny video.” I clicked it, and then – like a dumbass – I entered my password to the site. Yeah. You heard me: I entered my password to a site I didn’t trust.
Smooth move, Meghan. Smooth move.
I’d like to blame the fact that it was my first day back from a 5-day trip to Mexico with two young children. I was tired. My inbox was packed with over 500 emails and stuff was blowing up at work. I was stressed. But whatever the excuse reason, it was an incredibly stupid thing to do. I was even thinking, “This is stupid,” as I did it. BUT I STILL DID IT.
Once I entered my password, I got to a site with a video on it. A video that wasn’t even funny. To the right was a list of all my gChat contacts. There were checkboxes next to the names and a button to forward this dumb video to them. A-ha! I immediately unchecked all their names. Smart me, right?
Nope. Still dumb.
As soon as I entered my password, the site immediately sent an instant message to all my gChat contacts inviting THEM to watch this stupid video. How do I know it did this? Because I got an email from a friend that went something like this:
“I got a chat from you with a link that I followed, and it prompted me to put in my chat password to view it. I stupidly did it, and it was a video. Anyway, it also sent the video to other people as well – which I did not request. Looks like we’ve been hacked, my dear. Time for a password change, I’m guessing.
I know – I can’t believe I fell for it, too. It’s just that you never send me chats, so I figured it MUST have been something cool. I can’t believe I re-entered my e-mail password…DUH.
Anyway, this might be a really good question for the Geek Girls: What do I do now?”
Yes! Let’s make lemons from lemonade. What can you learn from my insane stupidity? Here’s what my friend and I did once we realized what had happened:
- Immediately changed our Google passwords
- Immediately changed the passwords on any other accounts we had that were using the same password. Security experts always say to use a different password for every site, but most of us in the real world end up using some more than once. Hackers know this, so don’t use the same password everywhere or you’ll be sorry someday. I think a happy (realistic) medium is to have 3-5 passwords that you use on different sites. Try to change them every so often and make them as nonsensical as possible. They’re harder to remember at first, but after you use the same jumble of numbers and letters a few times you’ll be amazed at how well you remember them.
- Sent a note (she emailed, I put a note in my gChat status) to our contacts letting them know not to click the link (in case they hadn’t already) and telling them we didn’t mean to send it.
- Felt dumb. And then we moved on. Everyone does stupid stuff once in a while, so don’t beat yourself up too hard.
- Then I found an article about the dude who did it. This guy gives anarchist transsexuals a bad name.
And that’s it. Luckily, in my case, this was a fairly low-level mistake. It wasn’t my bank account. But, it could have been. Next time, I’ll remember these important lessons:
Lesson #1: Don’t ever give your password to a site you don’t trust, and especially when you got to the site from a link. When in doubt, go to the site directly (e.g. if you receive a link to a bank site, go type in your bank URL directly, don’t follow the link).
Lesson #2: Follow Lesson #1.
Lesson #3: Take quick action to minimize damage if you are too tired or stressed to remember the first two actions.
Good luck out there.