Dear Client, An Open Letter to you. 

Yet again this month, three of my clients have had their e-mail accounts "hacked" into. The hacker did substantial damage and left these people feeling very vulnerable. Their questions are always the same. How and why did this happen to me. Here's a codified response that may help all of you at some point.

Dear Client,

Now that you tell me all of your old mail is gone forever, I have the last piece of the puzzle. Someone "hacked" into your email account and deleted everything. They then changed your password and made it impossible for you to get back in to your account immediately and perhaps forever. In all likelihood the hacker was never in your computer. On the other hand, if someone clicks on an email that the hacker sent in your name, they just might have this unwanted visitor. Read on.....

That happens a lot these days. It's my opinion that your email address was stolen by a hacker breaking into an on-line web site that has stored your email address with a less than best layered firewall. A firewall, as the name implies, is designed to keep hackers out. Another as likely possibility is that your  email address was in an address book of the person who got hacked just before you.

Now, armed with the list of legitimate email addresses just gleaned, the hacker will use these email address in combination with a rolling combination program. Such a program lets them efficiently run through every possible combination of your password in the same way an odometer in a car during its lifetime, rolls through every combination from 0000000 to 9999999. Just add every letter on the keyboard to every one of those odometer "wheels". One combination will certainly open the door, but the longer and more inordinate the password (upper case letters, numbers and symbols), the more time it will take to reach the right combination. It makes more sense for the hacker to take the lower hanging fruit. In this case the simpler passwords.

Let's pretend I'm the bad guy. Now if I were the bad guy, I'd only pick accounts to hack that end in @aol, @gmail, @hotmail, @yahoo, etc. Why? Because as a rule, these email account holders view their email on line in a browser window (IE www.gmail.com or www.aol.com ). So, as a bad guy, once I have your password I can log in and look at your mail; who knows what I might find? Some glint of account information for an on-line shop; maybe a password or two. If I can get an account number and I have your email address, I can sign in as you, maybe get something for nothing. Do you bank on-line? Use the same password? Keep your purchase and bank transaction confirmation emails? I also get a bonus with on-line email; all your email addresses are on-line too. I can capture them and add a few more accounts to the ones I can try to crack. Finally, before I log off your email account, let me delete all your email so you don't know what I've been privy to in my visit. As a parting shot I'll change your password, thereby further delaying the discovery of my terror and causing a little chaos as well.     

Our ISPs, the people who provide our internet connection, (@Verizion, @Optimum @Comcast) also provide us with webmail. As a group though, we are a mix; many, if not most picking up their email with Outlook or another Windows or MAC mail software program. This reduces the success rate of my crack program because even a successful crack might yield an empty cache; the mail having been picked with software and the address book not stored on line. My time is better spent with those first bunch of email addresses.

So, what's the solution? Firstly, make sure your password is strong. Next and as important, make sure that whoever is hosting your email, be it yahoo or another, has a cell phone number and an alternate email address for you. If things go awry they can reset your password by verifying who you are with a challenge response, that alternate address or by entering a code sent to you in a text.

Make yourself less of a target: if you're not going to delete you email regularly and you're not sure about the strength of that password, pick up your mail with software. Gmail, hotmail, yahoo mail all let you use software, an email client to get your mail and take it offline. Windows and MAC each have built in email clients (Outlook Express, Windows Mail and MAC mail). Thunderbird by Mozilla is a robust free email client. Of Course Microsoft Outlook is a great choice and easy to configure but it's a $100+. When you do use a client and configure that client as a POP, not an IMAP, which leaves email on line even after a client pick up (very important), all your email downloads to your computer. Move your address book down as well as every address book is exportable from your web based account and importable into any and all of the clients.

NB: If you are the recipient of an email with a click-able link from a friend, that comes without explanation, a spurious message or an out of character header, do not click on the link without first verifying the validity of the sender.

Footnotes:   

Say Goodbye to (even existing)Verizon unlimited data plans 

No more unlimited data plan. Verizon now offers "Share everything". Each smart phone costs $40 a month and includes unlimited voice and text. Data is purchased for the 'shared plan' and everybody under the plan's umbrella gets to use that data. Initial purchases are for 4 GIG monthly and costs $70. 6 GIG $80 and 8 GIG $90. If you exceed your monthly allocation you pay $15 for each GIG or part that's over the plan.

On that note, Verizon is selling your buying habits  

Verizon says that they will now use information they collect about the websites you visit, the apps you use and your location to "create business and marketing reports" and to "make the mobile ads you see more relevant." they will also share your location information with other companies so that these third parties can "create business and marketing reports" about things like the "number of mobile users who take a particular highway during rush hour." Thank you Verizon. Read the new privacy policy here. You will need to sign in to or create an account for yourself, but you can Opt out here.

I am. My sons' just turned 14 and are in their first year of high school, but apparently it's already time to start looking at colleges. Online help can make choosing a college and figuring out funding a lot easier. Here are some recommended sites.

• College Navigator covers thousands of colleges in the US.   

• College Board provides articles, videos and tools for finding a college. There's help for picking a career and life path as well as applying for financial aid.       

• College Prowler provides reviews, ratings as well as feedback from the students themselves. You will need to provide lots of information but the returned data is free and comprehensive.

        Looking for financial aid? The government has the best deals.  

        Here  are some sites to help:

• Student Aid is a government site. Set up a custom account and research schools and available scholarships.

• FAFSA "Free Application for Federal Student Aid"  is the starting point for all federal aid. If you want aid, you must submit an application here.   

• Merit refers to grants, scholarships and discounts that colleges offer admitted students based on achievement not need.     

• Finaid is great for helping you navigate and understand the complexities of student aid.