Q: I have a problem. Recently my friends have been getting emails from me that are empty except for suspicious links in them. It looks like spam. I’m sure that I’m not the one sending them! What do I do?

A: You’re not alone here, Ashton. We’ve gotten strange emails from friends on numerous occasions with nothing but a link or just weird text in the message. It goes without saying that you should never click that link. If a friend unexpectedly sends you a link to a website that you aren’t familiar with, don’t assume it’s safe to click! Contact them through another method like Facebook or on the phone, and ask them if they really sent you that link and what it is.

Image credit: notoriousxl / Flickr

It sounds like you and your friends have found yourselves the victims of unscrupulous spammers. You see, spammers know people are much more likely to open an email from people they know, so what they try to do is make an email look like it’s from someone they know. There are several ways they can do this.

The first way is to somehow break into your account, and actually send spam emails from it. To do this, of course, they need your password. The way they are most likely to get this is to pose as a website you often visit and ask for your email address and password. You give it to them, thinking it’s legit, and then they can simply log in and go crazy with your inbox.

Another similar method is to infect your computer with a piece of malware that will take over your email. In either case, the first thing that you need to do is to change your password! That will lock them out.

We want to stress the need to be very careful about where you enter your email address and password. When you are about to enter that information on a website, pay close attention to the address bar at the top of your browser. There should be a lock icon visible next to the address, showing that this site is securely encrypted. In addition, the normal address for the website should show. For instance, if you’re logging into Yahoo Mail you should expect to see “us.mail.yahoo.com”.

Changing your password should stop spammers from sending spam directly from your account. Unfortunately, it won’t necessarily stop them from impersonating you. There’s a third type of email attack where spammers send emails that look like they come from you but don’t. This is harder to defend against, as your email account hasn’t actually been compromised. The good news is that usually the spam isn’t going to people you know because the spammers don’t have access to your address book. However, you may receive strange bounce back emails telling you that a message you never sent could not be delivered. That’s a clue that this is happening.

If you’re the victim of this type of spam, your best bet is to, well, wait. You’re only hope is that the spammers will get tired of using your address and just move on to a different one. If they don’t, your other option may be a painful one: changing your email address and updating your information on every other site you use that address to log into.

That can be a long and arduous process, so it’s a good idea to be proactive. Be wary of giving your primary email address to everyone who asks, and think about having a secondary address that you can use to sign up for new websites that you aren’t familiar with. That will keep your main email address from winding up on some list of emails for unscrupulous spammers. And, again, always double check the web address of a site before you enter your email and password to make sure it’s the real deal.

The big news in tech right now is a dangerous bug in the internet known as ‘Heartbleed’ which could be putting your personal information at risk. Here’s what you need to know about it and what you can do.

What is Heartbleed?

Heartbleed is a “vulnerability,” or a hole in the elaborate security systems in place around the web. Imagine if there was one company that made over half the locks on doors in the world. Now imagine that someone discovered that all those locks could be picked easily and without anyone noticing. That frightening situation is basically what has happened on the internet.

To put it simply, Heartbleed is basically a programming error that makes many secure websites less secure. When you visit a page that asks for private information, such as a password or a credit card number, that page almost always has a lock icon beside its web address. This means that the page uses SSL, the technology that secures web pages with sensitive information. A popular and widespread version of SSL is OpenSSL, which is used by almost 60 percent of all websites. OpenSSL is where this bug was found.

On some versions of this system a small but critical error made it possible for a hacker to “snoop” the encrypted data being passed back and forth without being detected. Experts estimate that this problem has existed for the past two years.

While some internet security threats are overblown, this one is real. World-renowned internet security expert and author Bruce Schneier recently stated that “on a scale of 1 to 10, this is an 11.”

What Can I Do About It?

The bad news is that there is not a lot that ordinary users can do about this. It is up to the companies that run the compromised websites to fix it. Patches are available, and IT administrators world-wide should be scrambling to implement them.

For the moment, the best thing you can do is to avoid compromised websites that have not yet been fixed. How do you know if a site is compromised? You can check it by entering the address of the site at this page: http://filippo.io/Heartbleed/

Major websites that are known to be SAFE and were UNAFFECTED include:

• Twitter
• Amazon
• Microsoft (and sub-sites)
• AOL
• Paypal
• Most banking websites

Major websites that are SAFE but had been PREVIOUSLY AFFECTED include:

• Google
• Gmail
• YouTube
• Facebook
• Yahoo!
• Instragram
• Pinterest
• OKCupid
• GoDaddy

Mashable has a long list of sites that were affected with up-to-date information about their security status.

Should I Change My Passwords?

Yes, as long as the website you are changing your password on has been fixed. If you change your password on a site that is still vulnerable, hackers can simply grab your new password! At this point, however, it should be safe to change your password virtually everywhere.

Your best bet to protect yourself is to use separate passwords for every website.

We have long preached the virtues of password managers. These are programs that can generate truly random passwords and remember which password goes with which website for you. It used to be just a good idea to use a password manager, but now you need to seriously consider using one.

The password managers we recommend are LastPass, DashLane and KeePass. LastPass and DashLane store your passwords in a very secure cloud so you can access them from all your computers and mobile devices. KeePass stores them on your hard drive. Use whichever feels more comfortable to you, but please use one!

If you are dead set against password managers, you should still try to use different passwords for different sites. Your Amazon password should be different from your email password, which should be different from your bank password. To help you remember these passwords, consider writing them down and storing them somewhere safe at home – like, maybe in a safe!

What Else Can I Do?

Become better educated about internet security! With so much of our lives now stored online, this is a topic that affects virtually everyone. Knowing good password practices, like how to make a hard-to-guess password and that you should have separate passwords for separate websites, is critical.

Check websites that you regularly visit for the Heartbleed vulnerability using the link above. If you find that one has problems, you could try emailing their IT administrators to inform them and find out what steps are being taken. In the meantime, stay off of that website. Once the hole is plugged, log in and change your password.

Keep an eye on bank statements and credit card information for unusual activity. Heartbleed was discovered by security researchers. We have no proof that hackers have been using it, but the possibility exists. That means you need to take precautions to protect yourself in the digital world.

If you have more questions, call us a 1-888-972-9868 or email us at questions@deemable.com.