My name is Dan. I’m attorney and I was the victim of hacking.
Not easy words coming from a lawyer trusted with client
confidences, documents and attorney work product. Fortunately, the hackers only
corrupted my email account (sending out a spam email) and did not breach my office
or legal system. I did, however, lose a half day of productivity cleaning up
the mess and feeling like my professional reputation had been tarnished.
On a positive note, the spam email did solicit one new client!
What did I learn from the incident? Hacking affects nearly everyone who is online. You can never be too
careful when it comes to computer security, and everyone, and I mean everyone,
is a target. I thought you had to click on a link or open a file to enable
unwanted intrusion into your computer or email system. As a former military
intelligence officer and attorney for over two decades, I thought of myself as knowledgeable
and disciplined relating to computer and Internet security. But I did something
wrong, as my entire email system was corrupted without any forewarning.
I do not know what I did to allow the hacking breach. But the fact
remains someone hacked my Outlook account, sent out a spam email to every address
I had sent an email to over the past three years which included a dummy
attachment that likely would have wreaked havoc on the recipient’s system had
they opened it. The hackers inserted a rule in my Outlook account which
auto-forwarded any replies directly to them, bypassing my inbox. The spoofed
account then auto-replied with another email stating that the original email was
not spam, and that it was okay to open the file. All this was done without my
knowledge. Fortunately, several recipients were alert, suspected spam, and
called to alert me. I quickly troubleshot the problem with my IT support staff;
however, the damage already had been done.
Don’t be me! Hopefully, you can learn from my experience and take proactive steps
prior to being victimized yourself. To minimize the likelihood of intrusion and
hacking of your email or computer systems::
- Change your passwords often. I know it is a pain having to change every password from your bank, to your computer systems, to your favorite club or organization, but doing so reduces your vulnerability to cyberattack.
- Choose a strong password. Use a password locker app to remember your various passwords rather than writing them down.
- Establish two-step verification. Passwords alone are not enough for important accounts, Following my hack, I enabled Microsoft’s two-step verification process which includes either a call or text when signing in from a different device or changing passwords. In only took two minutes to set up the protection.
- Only use trusted devices. Be very careful when using a public computer at a hotel business center, UPS/Fed-Ex store, etc.
- Never click on a link, open a file, or insert a disc or thumb drive from an unknown or suspect sender. As many persons did when they received my spam email, they reached out to me via email or phone to
confirm I had actually sent the email and file.
Hacking is similar to being burglarized. It leads to feelings of vulnerability and violation. But instead of being victims, we can fight back by continuing to raise the bar making it more difficult for hackers to be successful.