Have you ever noticed that when you’re with a group of people outdoors, all the pesky mosquitos tend to target one person in the group?
The same phenomenon occurs in the author world. As you grow in prominence as an author, you attract pesky hackers.
The very act of publishing makes you easier to hack because you create dozens of new accounts in new places on the web.
What makes things worse is that everything you know about hacking and hackers is likely wrong. If you watch hackers on TV and in movies, it’s easy to believe they have magic keyboards, and if they press the keys with enough emotion, they can hack anything.
In this article, you’ll learn how hacking is actually done, and more importantly, you’ll learn some simple steps to protect yourself and your platform from hackers. Real-life hacking is surprisingly low-tech, as you are about to discover.
No matter what you write or how you publish, every author needs to learn about cyber security. In this article, you’ll learn which of your vectors are most vulnerable to attack and how you can protect them.
Special Thanks to James Rubart from Second Mile Studios for the voiceover work on this episode.
Vector #1: Your Email
Why Hackers Want to Get in Through Email
If a hacker can access your email address, he can use it to reset your passwords everywhere on the web. Your email address is the first thing a hacker will try to compromise. If you lose control of your email, you can quickly lose control of your life.
With access to your inbox, the hacker could also send malicious links to your friends to gain control of their email accounts as well. You may be a target simply because you’re a means to access one of your contacts.
How a Hacker Would Get Control of Your Email
When hackers hack a big website like LinkedIn or Adobe, they show off their accomplishments to their hacker friends by posting all the user passwords to the dark web. If you use the same handful of passwords on your online accounts, a hacker only needs to look up your common passwords on the dark web to hack your email. No magic keyboard is required.
How to Keep Hackers Out of Your Email
Just as you would use a different key for each lock in the real world, use a different password for each website where you create an account.
My bank recently notified me that they had been hacked, and they asked me to reset my password. Fortunately for me, I hadn’t reused that password on any other site, so once I reset it, the hackers had nothing, and I was safe again.
You probably have accounts on thousands of websites, and as you begin to build your platform, you’ll be signing up for dozens more.
How can you possibly remember that many passwords?
You use a password manager. A password manager is a safe, encrypted vault that can generate a strong, unique password for each website you use, store your passwords in a vault, and remember which passwords you use on different sites.
If you’re using a password manager, the next time Facebook gets hacked, the hacker will only get your Facebook password rather than your password to everything.
Both tools automatically remember and insert your passwords everywhere, even on your phone. The main difference between the two is privacy. LastPass tracks you through their app, and 1Password doesn’t.
How to Protect Your Email
- Use a strong, unique password on your email account.
- Use a strong, unique password on all other websites as well.
- Keep track of your passwords using a password vault like 1Password.
- Turn on two-factor authentication for your email.
Vector #2 Your Amazon Account
Why Hackers Want Your Amazon Account
If you are indie published, typically you control your Amazon and KDP accounts. Hackers are interested in your Amazon account because they know that the person who controls the KDP account controls where the royalty payments go and how the book pages look on Amazon.
How Hackers Get In
By trial and error, hackers enter your common passwords on Amazon to see if any of them work. If you use the same password for Amazon that you use anywhere else, the hacker may have an easy way in.
How to Keep Hackers Out of Your KDP Account
Turn on two-factor authentication. This adds a second hoop for hackers to jump through to crack your account.
Use a unique password. Even if you are not willing to pay for a password manager, at least use a unique password on your KDP account and your Email account. But really, you should use unique passwords everywhere.
Protect Your KDP Amazon Account
- Turn on two-factor authentication
- Use unique passwords
Vector #3 Your Website
Why Hackers Want Your Website
Once a hacker gains access to your website, they can use your website to install malware on other peoples’ computers. They can also use black hat Search Engine Optimization techniques to transfer your SEO points to other websites. They may also redirect your visitors to other websites altogether.
One author I know had a website hosted on GoDaddy. His website got hacked and redirected one-third of his visitors to adult websites, one-third to malware, and one-third saw the site normally, including anyone logged in. Since the author was logged in, he saw his site normally, but many of his visitors were sent to terrible places.
Eventually, Google put a block on his site so that anyone using Chrome got a big warning telling them not to go to his website.
How Hackers Get In
Target Insecure Plugins and Themes
Assuming you are on a good web host (GoDaddy is not a good host), hackers mainly get in through out-of-date plugins and templates. About a decade ago, there was a popular script called timthumb.php. Someone found a vulnerability with that script which allowed them to hack into any website using that script.
The developer community rallied and patched the security flaw within days, but many websites did not update their themes and plugins. They let that little red dot with a number linger. Author websites were hacked using this exploit for years.
Protect your website with regular maintenance.
- Keep everything up to date.
- As soon as you see a notification about a software update, install it.
- Turn on auto-updates where you can.
- Anytime you see an update, install it.
Brute Forcing the Login
A hacker may try to get into your website by programming his computer to enter thousands of passwords every second on your login page. This technique is called brute-forcing the login. Hackers have dictionaries of passwords from big breaches. If you came up with your password yourself, or, God forbid, you are using the same password on your website that you are using somewhere else, they may be able to get in by brute-forcing the login.
Protect your website by using a computer-generated and cryptic password. Both 1Password and LastPass can generate random and unique passwords for you.
Don’t use the username “admin” on your website. Brute force attempts usually attack the admin user, so don’t have a user on your website with that username. BlueHost (Affiliate Link), the host I recommend for authors, has no “admin” user by default. This is a nice security feature.
Targeting Your Email
One of my website clients was a prominent pro-life author and often appeared on Fox News as a commentator. She got threats from a pro-abortion hacker who threatened to hack her website because he disagreed with her political beliefs.
She contacted me right away, and we took steps to secure her website. As it turned out, the hacker wasn’t trying to hack her website. He was trying to hack her email account. He planned to get into her email account, reset her website passwords, gain control of her website, and lock her out.
We kept him out, but it was a poignant reminder of how important it is to have a secure password for your email.
How to Keep Hackers Out
- Don’t host with GoDaddy.
- Set your plugins to update automatically.
- Always update everything all the time.
- Keep backups. UpdraftPlus is a good tool for backing up your website to your Dropbox account. Jetpack (Affiliate Link) is another good backup solution. If you do get hacked, a good system of backups can get you back up and running quickly.
Vector #4 Your Computer
Why Hackers Want Your Computer
Hackers gain more power by controlling more computers. Hackers will combine thousands of remotely controlled computers into a botnet. If you control enough computers, you can take down an entire website. If thousands of computers all try to load a web page 100 times each minute, it will strain the server, and it can go down to what is called a Distributed Denial of Service (DDoS) attack.
A hacker might also use your computer to mine cryptocurrencies using your electricity. This can be hard to detect, but one sign of crypto mining is that your computer starts running slow, and your fan spins more often than usual.
To be the target of a ransom attack, you need to be wealthy enough to be worth targeting. Ransom attacks are more commonly unleashed on companies and organizations. In a ransom attack, the hacker locks you out of your computer and then charges you money to regain access to your computer.
How a Hacker Would Get In
A locked door is one of the best ways to protect your computer from hackers. Big hacks have an inside man working with the hackers.
How do hackers get an inside person to help hack a computer system? They trick them.
Most hacking is accomplished by hacking people rather than computers. This is what the movies get wrong. Hacking is not about typing on a magic keyboard. It’s about tricking people over the phone or through email with a technique called phishing.
Malicious Phone Numbers
In one common phishing attack, the hacker sends you a receipt from a company for a purchase you didn’t make. The purchase amount is large enough to scare you.
For example, you might get an email with a receipt for a $749 payment to Best Buy in New Jersey. The email includes a phone number to call if you have any questions or concerns. Naturally, you’re concerned. So what do you do? You call the phone number to get the charge reversed.
But the phone number leads you to a “customer service” company that is actually a team of hackers that will pepper you with questions that will help them access your computer. They will say they want to “verify your identity” when they actually want to steal it.
They may even ask you to visit a certain website to verify information, which may install remote control software so they can use your computer as if they were you.
Some hackers can do all their hacking from a prison telephone without ever touching a computer. Their tricks to get you on the phone vary.
Hackers also commonly use a fake virus warning, but no matter which technique they use, each is designed to make you afraid. Hackers must first make you fearful before they can take advantage of you.
Phishing attacks can also come through a link in the email. Email links don’t typically work as well for hackers because people are growing more suspicious of email links.
To bypass your suspicion, hackers send emails that appear to be from your boss or coworker, which requires a bit of research on the part of the hacker.
Hackers don’t have to be computer wizards. They only need to be convincing liars.
How to Keep Hackers Out
Switch to Mac
MacOS is based on Unix, which is arguably the most secure operating system in the world. Additionally, since Macs are less common, fewer hackers target them. If you already own a Mac, you are a smaller and more difficult target.
Don’t Call Phone Numbers in Emails
No stranger in the world wants to talk to you on the phone unless they are trying to sell you something or steal from you. If you get an email from your credit card company, do not call the phone number in the email. Call the phone number on the back of your credit card instead.
If you get an email from your bank, don’t click the link. Instead, type your bank’s web address into your browser. This way, you can be sure you are going to your bank’s real website and not a fake site that looks like your bank’s website.
Monitor Your Fear
Anytime you get scared, stop. Ask yourself:
- Why am I scared?
- Who is making me scared?
- Why am I in a rush?
Criminals try to get you into a panicked rush.
If you get an email from the FBI saying you are guilty of Social Security fraud, take a deep breath and ask yourself why you are afraid. Remember, hackers are liars who prey on your fears.
Once you calm down, remember that governments don’t communicate via email. They communicate through the postal service, especially if the message is regarding important, legal matters. If someone calls you saying the police are coming to arrest you if you don’t send a payment quickly, hang up the phone.
Get a Second Opinion
Ask a tech-savvy friend what they think of the message. If someone is rushing you, saying you don’t need a second opinion, hang up the phone.
Tech people cost money. It’s wise to have some kind of technical person who you pay for advice. A stitch in time saves nine, and paying a little for IT support now can prevent you from paying a lot to solve an IT disaster later.
If you don’t have an IT person to call, you can ask our community of authors on AuthorMedia.social.
Keep Your Computer Backed Up
Every ransom attack you hear about in the news could have been solved with solid offsite backups. With an offsite backup, a webmaster can restore the system to its prior state before the hackers locked it.
Pay for Your Software
If the software is free, you are not the customer. You are the product being sold to someone else. The only free software I trust is “freemium” software, where the free version promotes a paid version.
Stay Out of the Dark Web
The shadier the website, the more at risk you are. Don’t go to pirate websites or download pirated content. Stay away from pornographic websites. If you are in a place where you have the chance to do something shady to a company or person, you are in a place where someone can do something shady to you.
Watch for These Red Flags
- The US government doesn’t take Western Union payments.
- Democratic governments don’t employ foreign call centers. If a caller has an accent and claims to work for the government, they are lying.
- Antivirus companies don’t email to notify you about a virus. Websites don’t scan your computer for viruses. Anytime you see an antivirus popup on a website, close your browser.
Vector #5 Your Identity
Why Hackers Want Your Identity
The main reason hackers want your identity is to sign up for a credit card in your name and have it sent to their address. They can use the credit card, and you get stuck with the bill for a credit card you never signed up for. People who’ve had their identities hacked and stolen usually don’t find out about it until they get a call from collections.
People who follow Dave Ramsey’s get-out-of-debt approach are often particularly vulnerable to hackers because while they are getting out of debt, their credit gets better and better. People with good credit can be targeted by hackers who want to sign up for a credit card.
How Hackers Steal Your Identity
Whenever there is a large cyber security breach, passwords become available on the dark web. Those same breaches often exploit your other personal info as well. Sometimes the companies that get breached may not even be companies you have worked with.
The most famous example is the breach of Experian, the credit monitoring company. Experian gets hacked all the time. If you have ever applied for a credit card, Experian likely has your social security number on file. If they do, your social security number is potentially purchasable on the dark web.
Hackers don’t steal your identity as much as they buy it from a dark web broker.
How to Keep Your Identity Safe
Have Bad Credit
Some identities are more valuable than others. If your last name is Rockefeller or Bezos, more hackers will want to steal your identity. If you have bad credit or no credit, you are not likely to be a target. As King Solomon once said, “The rich can pay a ransom for their lives, but the poor won’t even get threatened.”
Sign up for Identity Monitoring
Credit monitoring services let you know when someone does a credit check on you. A hacker in the process of stealing your identity will trigger credit checks as they attempt to sign up for credit in your name. The warning will give you a chance to take action.
Lock and Freeze Your Credit
If you use the Dave Ramsey method to get out of debt, this is a good practice. Locking your credit prevents anyone from doing a credit check on you until you unlock your credit, and it makes your identity worth less to hackers.
Locking your credit also adds extra steps for you before you sign up for a new credit card, which could be a nice deterrent if you are trying to curb your credit card use.
- Use a unique and strong password for each website.
- Use a password manager to keep track of all those passwords.
- Install updates immediately.
- Don’t make decisions while afraid.
Learn how to build your amazing author website even if you are not a techie person. Best part? This course is 100% free, and you will learn to create the kind of website your readers will love.
Students who have never built a website before discover that their own website is live on the internet by the time they’ve completed this course. Sometimes they do it in a single day.
I hope you’ll use my affiliate links when building your website, but either way, the course is yours to keep at no cost to you.
In this course you will get:
- Step-by-step video guide on how to get started with Bluehost
- Step-by-step video guide on how to set up the Divi theme
- Video tour of the WordPress dashboard.
- 7 Secrets of Amazing Author Websites
This course gives you access to an exclusive space inside AuthorMedia.social where you can post website questions and share your website for feedback. Feel free to post a link to your updated About page for feedback after completing the course.
- Jimmie Kepler
- Keith Finney
- Jason Porterfield
- Dave Cohen
- Greta Picklesimer
- Sharon Carpenter
You can become a Novel Marketing Patron here.
If you can’t afford to become a patron but still want to help the show, you can! Just share this episode with your writer friends. If the author community gains a reputation for being cyber-savvy and secure, hackers will look elsewhere for targets. We want authors to have a reputation of being hard to hack.
As I record this episode, baby number three is still unborn. I would say the baby is chilling but, according to my wife, the baby is training for a marathon and is using her bladder as a treadmill. We will have re-run episodes for the next few weeks as I help with the kids while Margaret recovers. This Christmas, we will have a three-year-old, a one-year-old, and a newborn.