Clicky

badge

Saturday, March 01, 2008

FYI: eNidhi India Operational Policies

Recently the gmail id of one of ex classmate was hacked into and the hacker made maximum possible misuse of the account before corrective measures could be taken. (The hacker sent indecent images, chatted with all contacts, altered orkut profile and even made an attempt to change bank account password of my classmate (which was spoiled thanks to SMS alert system the bank has)) My classmate could identify the identity theft, trigger damage control initiatives and eventually was able to regain the control of gmail account but damage done in the interim period was permanent.

I am just trying to imagine what all a hacker can do if he/she manages to break into my Google account. I have a far greater presence on net than my classmate (blogger and several other Google services) and misuse can be dangerous.

While every precaution is being taken to avoid such a situation, this post is a preventive measure towards Business Continuity and aims to keep my readers informed how they can detect an identity theft.

Below are a set of Operational Policies this user (Shrinidhi Hande) will always be adhering to during his online activities. If you observe any deviation from these stated policies, it is extremely likely that something is wrong and you're advised to proceed with extreme caution.

I follow highest possible standards of personal and professional ethics and never ever indulge in any activity that can hamper my reputation/credibility and damage the general interests of self, my contacts and the society.

In particular:

1. I will never ask you for money. I'm adequately protected against possible financial crisis/situations and do not anticipate any possibility that I may have to ask my readers/contacts for money. Should you ever receive a request under my identity to transfer money to certain account, never ever entertain such communications without multiple verifications (such as contacting me or my family members to check if the request is genuine). I may not be able to compensate you for any loss you might suffer if you fall pray to such tricks.

2. I will never publish/circulate/solicit obscene content. If you ever see such content on this blog or receive it by mail, please notify Google of the suspicious activity

3. Sensitive personal communication will never be sent using email. If you receive love letters/hate mails under my identity which are not supported by a real life statements/approvals, please ignore them.

4. Usually I do not invite my contacts to visit/register at websites. Please use your discretion while visiting such sites. I will have no regrets if you don't join/visit. Repeated arrival of such mails are likely to be a spam activity.

5. I will not force/tempt my contacts to join under me in any sort of referral programs /memberships, chains etc. Never join/do something because I am asking you to. Use your own judgments.

6. I will not ask for your personal information such as photos, residence address etc unless there's a genuine reason. Any first meeting shall be in public place and you wont have to reveal unnecessary details.

7. Any criticism against any individual or organization shall be backed by strong analytical reasoning/evidence. There shall be no baseless allegations/accusations.

8. Abrupt changes (add/edit/delete) in this blog layout & content, side bar content, blogger/orkut profile content which can not easily be justified, can be due to a possible intruder activity.

9. I will never reveal confidential/sensitive information and never indulge in plagiarism.

What can you do if you spot a violation of above guidelines and suspect a hacking?
As I'll be online every day chances are that I will detect it in time to initiate damage control. If someone has hacked into my gmail account mailing me or writing comments at this blog will not serve the purpose.

Under such scenarios you can use following options:

  • Contact me through my mobile number if you have it
  • If you work in same company as I do use the corporate email ID
  • You can leave comments for me at any of the blogs in my blogroll. Chances are I will read it when I visit those blogs next time.
  • Please do not jump into conclusion that I have gone insane. Your support will be very crucial in recovering from such situations
All your thoughts are welcome.
An eNidhi India Business Continuity Initiative


Read Similar: New Year Resolutions | First Time visitor's Guide to this blog |

6 comments :

hari said...

most of these "hack" attempts are due to weak passwords. I would suggest precautions:

1. change your password regularly.

2. use numbers + text in your password and use uncommon words not found in the dictionary.

3. keep a back up e-mail account or set it up to receive a copy of all messages send by your primary account.

Shrinidhi Hande said...

Yes Hari,

I am following such steps.

sriram said...

Shri..
I find you as a very interesting guy!
Very innovative.. I have spent more than a week on your blogs but could not reply since its blocked in my office. I am a very frequent visitor of your blogs since most of them affect our daily lives.. Well.. enuf praises.. LOL!!
WRT to this particular topic.. is there any way that i can detect if my mail has been hacked??

-KG

Shrinidhi Hande said...

@ Sriram:

Thanks.

Answer to your question:

Simple steps to know if your account is hacked:
1. Password is changed
2. Your contacts receive emails under your identity when you didn't send them
3. Mails received are marked unread when you didn't read them

additionally you can try this as well:

http://labnol.blogspot.com/2005/12/is-anyone-else-reading-your-email.html

Anonymous said...

Thanks mate. My 'hijacking' of your MS profile was not in anyway intended to damage your reputation or any of the friendships you have developed on line. I hope that you have found this to be true. The fact is that MS have been far from truthful in the insinuations made in their comment to your post. I recieved all your account details on my pvt email when trying to retrieve my own details using their 'Forgot Password?' facility. They KNOW that as I had emailed those details to them long before Jasmine commented on your post. I think they are just trying to cover themselves. As yet they have NOT answered any emails I have sent them. I don't think they care much for their users when it comes to it....

Shrinidhi Hande said...

That's OK. I am thankful to you that you didn't misuse my MS account but only made an attempt to air your concerns.

Dont worry too much about it. Move on...