If your MySpace account was hacked or phished, there are a few easy steps you can take to recover it and prevent further compromises from happening again. My earlier entry documented the account lockout process and has since been a very sustainable source of traffic, so I suspect a lot of users are having their MySpace accounts compromised. I intend to answer general questions on this, but understand that I do not work for MySpace nor do I have any affiliation to them.
How did someone hack my MySpace account?
Two ways: you gave them your password unknowingly or they cracked your password. A lot of the hackers (I use the term loosely here) craft seemingly creative scams to lure unsuspecting users into divulging their login information to them. The likely scenario is they posted a link, you clicked it and had to “login” again with a look-a-like Web page. If they cracked it, it means you had a simple password and they guessed it, usually by means of running through the English dictionary against your login. Continue reading to learn the steps you need to take to prevent further account compromises.
Phishers don’t particularly care who they compromise. They just want an account to blast their spam and scams. Most of it is done via automated processes (“bots”), so don’t take it personal if someone hacked your account. Continue reading to learn the steps you need to take to prevent further account compromises.
Why did MySpace lock me out?
MySpace has detection mechanisms for unauthorized activity — like aggregating the posted hyperlinks into their database to identify spam or other potentially malicious Web sites. When an account posts a “blacklisted” hyperlink, likely the account gets locked out for phishing. Your account has been locked to prevent further abuse. Continue reading to learn the steps you need to take to prevent further account compromises.
How do I get back into my MySpace account?
MySpace has a considerably straightforward process. When you login with your [old] password, it forces you to clear a CAPTCHA and create a new password. However, if your computer has a virus or a trojan, you will likely have trouble accessing your account. Continue reading to learn the steps you need to take to prevent further account compromises.
WHAT TO IF YOUR MYSPACE ACCOUNT IS PHISHED/HACKED:
- Scan for Viruses, Trojans and Malware
This is probably the most important step if you use a Windows computer. A lot of phishers have become sophisticated in their attacks, where they use your computer without your knowledge to carry out attacks on Web sites like MySpace. Make sure that you update your anti-virus software before performing a scan so it uses the latest information to identify and delete any viruses found. If you don’t have anti-virus software, you can download AVG for free, or if you have an AOL account (free or paid), download McAfee.
McAfee (for AOL users): http://safety.aol.com/isc/
- Remove Spyware/Adware/Malware
For the same reasons mentioned above, you should scan for Spyware in the same fashion. AVG and McAfee scan for certain types of Spyware, but to truly be sure you don’t have any browser hijackers or similar, you really need to update and run Spybot. There’s a new version of Spybot available with a new detection engine.
Spybot Search & Destroy: http://www.spybot.info/en/mirrors/index.html
- Pick a Strong Password
Another very important step to prevent further account compromises, is to use a really strong password. A good password is one with random letters and numbers mixed in. It should not be something that a computer could [easily] guess. A good example would be “lwa4d2x,” since it is not a word, and the numbers are mixed in, preventing a computer from easily cracking it. You can generate your own secure passwords at either of the Web sites below. For the short term, write it down, get used to it, and never give it out.
Ultra High Security Password Generator - https://www.grc.com/passwords.htm
Security Guide Password Generator - http://www.pctools.com/guides/password/…
- Change Your E-Mail Account Passwords
Often if a phisher knows your MySpace password, they probably know your e-mail account password. It would be a good idea to also change your e-mail account’s password to be sure no one has access to your e-mail account. Many e-mail providers require an additional question to change your password, so it would be good practice to update that, too. I’ve included a list of common e-mail provider’s password reset help pages for your assistance:
Gmail – https://mail.google.com/support/…
Yahoo – http://help.yahoo.com/l/us/yahoo/…
AOL/AIM – http://help.aol.com/help/…
Hotmail/Live – http://help.live.com/…
Comcast – http://www.comcast.net/help/faq/…
Cox – http://support.cox.com/…
- Use Mozilla Firefox
Internet Explorer (IE) is vulnerable to a lot of security exploits that these phishers carry out. Use a Web browser that is safer and faster. As an additional benefit for switching, you can block most ads on the Web with Adblock Plus. Firefox is free, if you’re wondering.
Mozilla Firefox - http://www.mozilla.com/en-US/firefox/
- Remove Unwarranted/Unsafe Comments from your Profile
Login to MySpace, click on View My Comments and delete any comments that are soliciting to click on them. Examples might be “click here to check out this funny video” or similar. Anything that promotes “You’ve been tracked” or similar should also be removed. These are not only spam, but may also compromise your friends if they aren’t careful. You may opt to moderate your comments, but that’s up to you.
- Be Careful of Links that You Click!
Just because your friend posted a link doesn’t necessarily mean it is legitimate. Unfortunately, MySpace now filters all links, so you can’t look at the URL, but when you click on a link, you should never enter your MySpace password to view the content. If you do, it’s likely a scam. You can do your friend a favor and tell them that you think they got their MySpace hacked (and send them to this blog entry your reading).
- Be a Part of the Solution!
MySpace has many ways to report phishing and other abuse. Instead of rejecting friend requests from spammers, report them as Spam. This will help MySpace in closing spammer’s accounts. If you receive unsolicited messages, flag them as spam. MySpace’s “Tom” has advice and examples on common phishing scams so you can be aware.
That’s really all there is to preventing your account being hacked. While there are other possibilities, this will cover the most common ways phishers can hack your MySpace and send spam. Thanks to all of you with your comments on my earlier entry about the error message, Your Account Has Been Phished!, you can read more about the problem (and my thoughts on it) there.
If you have any other questions on keeping your account secure, feel free to ask them in the comments below.