Avoid password-checking sites
Hackers obtained a Twitter password for The Associated Press and sent out a false report about a White House attack. They'll wreak havoc with your passwords, too -- if you let them.
On Tuesday, when The Associated Press had its Twitter account hacked and the hacker used the platform to falsely report explosions at the White House (leading to a brief, sharp drop in the stock market), it was made plain again that even normally guarded professionals could be fooled into giving up information they shouldn't. In this case, a phishing attack apparently yielded the password to the hacker.
It appears that the attack came through an innocent-looking email about a story that staffers were asked to have a look at.
You could find yourself in a similar situation. Perhaps you receive an email that appears to be from Twitter or Facebook suggesting you should make sure your password meets certain security standards. Or you might see a post on a social networking site that appears to be from a friend suggesting you check your password.
But clicking on a link from an unknown source -- even if it seems as though it's from a friend or colleague -- is an invitation to disaster. You could end up downloading malware or a virus or, as happens in phishing attacks, get duped into providing information that could lead to identity theft or fraud.
The Web security firm Sophos highlighted a fake version of a Twitter password check site to draw attention to how easy it is to get fooled. Sophos recommends avoiding such sites unless you're a sophisticated enough Web user to be able to sort out the real ones (there are real ones) from the fakes.
One quick check you can do is to make sure you're on the domain you think you are. In other words, if you land on twitter.password.com you're not on Twitter, but if it's password.twitter.com, you are.
Or, if you do want to see how secure your passwords are, a legitimate password-checking site can be found here.
Given that most people still use simplistic passwords and use them across multiple sites -- as has been shown in a variety of data breaches and surveys -- there's a lot at stake when you give yours away. Imagine losing control of not only your social networks, but also access to your email, online banking and other personal and financial information.
Even if you catch the breach quickly, it will still be a colossal pain to get everything back to normal.
Here are some tips from Microsoft about password security to consider when creating -- or changing -- a password:
- Make your password at least eight characters long
- Mix up the characters with capitals, lower case, numbers, symbols and punctuation marks
- Change your passwords regularly
- Use different passwords on different sites
You can find more information about phishing scams and how to avoid them on the Federal Trade Commission's OnGuardOnline website.
More from MSN Money:
Copyright © 2014 Microsoft. All rights reserved.
ABOUT SMART SPENDING
LATEST BLOG POSTS
VIDEO ON MSN MONEY
BLOGS WE LIKE
MUST-SEE ON MSN
A charcuterie master shares his process for cold-smoking meat at home.
- Jetpacks about to go mainstream
- Weird things covered by home insurance
- Bing: 70 percent of adults report 'digital eye strain'