Hooked on Strong Passwords: Making Sure Your Account Doesn’t Get Reel-y Hacked

Like my title? I put the following prompt into an AI site...”Write me a creative title for a blog post about passwords using Fish puns.”  Incredible.  My current post comes from personal experience (AI cannot write this, lol).

creepy blinds

In December, when I was doing lots of Christmas shopping, I was hacked in one of my personal accounts.  It was very creative on behalf of the hacker, and I’m sure I’m one of many in the scam.

It was a Tuesday at 4am, and multiple orders were placed at a popular store for same-day delivery on a store account of mine. Normally, I check my personal email in the morning before school. When I checked it that morning, I had hundreds of emails that were spam, that did not hit my spam folder for whatever reason. I was so confused. Spam never hits my inbox, it has always gone into the spam folder of my personal Gmail. There were so many emails sitting there. It took me so much time cleaning them out, and I was so perplexed, that I neglected to check my “promotions” or “updates” folders, plus I had to get to school. I shrugged it off.

Then once I was at work, at about 9am, my cell phone started ringing non-stop with spam numbers, which distracted me even more from thinking about my personal email. Off to a meeting, I left my personal email until later when I was done at school.  While in a meeting, my cellphone (and watch) buzzes with a picture, “Your items from popular store were delivered.”  

I quickly glance at the picture on my wrist, and it’s not my home.  I knew I hadn’t ordered the item (a bookcase).  That’s odd, I think, and quickly check my popular store account. Sure enough, it had not been just one, but four different orders placed with my account using my credit card on file.  Since they were same-day delivery orders, by 12pm most items had already been delivered.  I called popular store fraud department and since the items were delivered, there was nothing they could do. However, the did suggest removing my payment information, changing my password and contacting my credit card.  How did this happen? Well, honestly, I’m embarrassed to say it – but I can tell you exactly how and why it happened and let it be a lesson for you.

HACKED 😳

My popular store password was certainly one of the ones that had that ⬆️ famous pop-up appear. It was one of my run-of-the-mill passwords that I used for everything, and I knew it. Additionally, I had this password on this particular site FOREVER, and today it doesn’t even follow most password rules as it is too short. After contacting my credit card (yes, I got all my money back) and reporting the fraud, it was on to changing my passwords and ensuring my cyber safety.  It had nothing to do with storing my password, but had everything to do with the fact that I used this SAME password in so many places.

Password Manager 🔑

Do yourself a favor, and take a look at your password manager if you store your passwords.  It will show you what sites your password was used on that had a data breach. Warning – it’s not pretty! Also, just because you do not store your passwords does not mean they were not in a data breach.  Password managers actually come recommended for this purpose.

Password Tips 💡

THIS I generated from ChatGPT, and I couldn’t of said it better myself:

  1. Use a long password, ideally at least 12 characters.
  2. Use a mix of uppercase and lowercase letters, numbers, and special characters.
  3. Avoid using easily guessable information such as your name, address, or common words.
  4. Consider using a passphrase made up of multiple words separated by spaces or special characters.
  5. Avoid using the same password for multiple accounts.
  6. Use a password manager to store and generate secure passwords for you. (I like the free Google Chrome Password Manager).

2FA 👀

One tip, NOT given above, is 2-factor authentication.  As cyberattacks become more commonplace among schools, 2FA is gradually being rolled out as it now becomes required for cybersecurity insurance among schools.  What is 2FA? Anytime you are sent a text passcode to access a site, that is 2FA. It is an additional layer of protection, and I highly recommend it. Many financial sites offer it, and schools will start rolling it out eventually as well if they haven’t already.

Text Alerts 💬

In addition to changing my passwords, turning on 2FA, canceling my credit card that was compromised, removing stored financial information, I also turned on text alerts with my credit card. Had this been on previously, I would’ve had to approve the charge prior to it happening. I would’ve noticed the fraud BEFORE it hitting my card, thus saving me hours of phone calls (but not hours of changing passwords, lol).

Credit Report 📋

Lastly, and I know this because I am a banker’s daughter, you are entitled to one free credit report a year from the three big credit agencies.  So, upon seeing this fraud, I ran a report with the big three.  You can learn more about obtaining a free credit report here. 

In closing – How this relates to education:

According to Edweek (click here), it can be one leaked password that can lead to a cyberattack on a school, which can be a very serious matter (School Cyberattacks Explained).

Many of the passwords we use on our education accounts are the same we use on personal accounts. It may be an education site that was in a data breach and that same password may be the one you use for banking; conversely, it could be your banking password that was compromised, and you use that same password for school, all of which could lead to a cyberattack.

Secure passwords are a MUST for everything we sign in to. It’s not meant to scare you, only meant to assist in this world we live in! Be cautious with your passwords and also where you’re using them!

I truly hope that my experience and tips can help you. ☺️

 

Take care, everyone!

oFISHally yours,

Erin Fisher 🐟🐟🐟

One Reply to “Hooked on Strong Passwords: Making Sure Your Account Doesn’t Get Reel-y Hacked”

Leave a Reply

Your email address will not be published. Required fields are marked *