Here is another reason to change your password frequently. It has been reported that thousands of compromised online user accounts are being sold online in E-Shops. These accounts include Facebook, Twitter, PayPal, EBay, Google, Apple, Wal-Mart and others. Out of all these accounts, PayPal is the one selling the most because it is widely used to receive money which can be, transferred easily to another PayPal account, used to buy goods online, or transferred to a bank account.
Screenshot of the E-shops Selling Hacked Facebook Accounts
How do Hackers Gain Access to These Online Accounts?
There is a scam called Phishing. Phishing is used to trick online users into clicking on links that will take them to bogus website login pages impersonating legitimate websites. If the victims enter their usernames and passwords on these bogus websites, this information will be sent to the hackers or scammers who have set up these malicious websites.
The image below shows a fake website impersonating hotmail.com / live.com login page:
The website looks exactly like hotmail.com / live.com login page and would fool most persons. But, looking at the browser address bar, I was able to notice that the web address is www.softmisc.com instead of hotmail.com or live.com. This phishing website www.softmisc.com was set up to steal hotmail.com / live.com username and password.
These malicious phishing links are sent in e-mail messages, posted on social networking websites, or sent in text messages and are cleverly designed to look genuine.
Last month I received an e-mail that appeared as if it came from Facebook (it looked genuine) asking me to confirm my e-mail address. When I clicked on the link, it took me to a website (NOT facebook.com) looking exactly like Facebook.com login page. If I had entered my username and password in an attempt to login to Facebook, this information would have been sent to hackers or scammers behind these phishing e-mails and websites.
You can prevent Phishing by going directly to a website, instead of clicking on a link to go there.
For example:
If you receive an e-mail notification from a website that you need to verify some information, instead of clicking on the link in the e-mail message, go directly to the website by entering the name of the website (eg. google.com) in your web browser's address bar and clicking the "Go" button or pressing the "Enter" key on your keyboard.
Going directly to a website by typing the name of the website address in your web browser will ensure that you are on a legitimate website instead of bogus one. You can bookmark these links so do not have to keep retyping them every time you need to get to the same websites.