In this article Ill try to explain some basic security concepts and various schemes that intruders will use in an attempt to take advantage of carelessness.
Most victims of unauthorized access see their gallery deleted, their journals wiped out and often their password and email information is changed in order to lock out the rightful user. Many times the invaded account is used to break policy and wreak havoc about the site until it is banned.
In almost every case the victim has unwittingly helped the invader gain access through carelessness and poor habits. In those cases where a stranger has gained access it is usually due to poor log out habits or being caught in a phishing scheme.
Cases involving access by strangers is rare though- it is far more likely that a roommate, relative, friend or another trusted individual has decided to have fun at your expense.
The first thing that everyone must realize is that access to your deviantART account and your email account needs to be treated as an irreplaceable and unique treasure. While some of you may laugh at the notion it really should be treated that seriously.
I have to stress how important it is that you do not share the password to your account with anyone. YOU are ultimately held responsible for whatever actions are taken using your account. The more people who share access the greater the chance of the account getting out of your control.
Ive lost track of how many improvised club accounts have been vandalized simply because either so many people knew the password that it got out to the wrong people or because one of the members freaked out while logged in.
The strength of your password is also an important consideration. Everyone has probably heard the old joke of the important document protected by password or 12345 as the actual password.
If your account name is iloveharrypotterwoohoo then choosing a password of harryrules is just as stupid as choosing 12345 for your briefcase combination. An easy to guess password is useless.
Your password should preferably be a long string of numbers and letters mixed together such as 12ujh3plhgu56. Our password system is designed to prevent brute force attempts to get into your account so a strong password will definitely keep someone out; especially if you change it every once and awhile.
Many of our users access their accounts using a computer which is not exclusively their own. You may be accessing your deviantART account or your email account from a school computer, from the library, from a friends house, or any number of other publicly available computers. The computer may also be commonly used by anyone in your own household and laptops present just as big of a risk as any desktop.
Be very aware that you properly log out of your account before you leave any computer which is not exclusively your own. By leaving yourself logged in ANYONE who sits down at that computer can gain immediate access to your accounts. Weve even had one case where someone neglected to log out while using a public computer in an airport and had their account banned due to the behavior of a person who just waltzed into it freely.
Most account vandalisms occur because a classmate, little brother or visiting friend was able to sit down at the computer where you forgot to log out properly. Remember that logging out is the most simple precaution you can possibly take and the responsibility is entirely your own.
Now if you have a proper password and you have good logout habits youll be able to keep your accounts secure and the only way someone is going to gain access is by tricking you into giving away your secret information.
This practice is called PHISHING and the scams can be quite elaborate.
First be aware that we at deviantART have ABSOLUTELY NO REASON to contact you and ask for your password information. We will never do this so before you answer any email of this nature make certain you contact us here through the Helpdesk and confirm that it is for real.
To repeat for clarity: We will NEVER need you to reveal your password information.
This brings us to the second type of scam which is FAKE WEBSITES. Some phishers have gone through the trouble of mocking up a fake deviantART. You will usually receive links to the fake site, once again, through a scam email. These emails will encourage you to click or paste the link from the email into your browser thereby guaranteeing that you are brought to the fake site.
Once you are at the fake site youll be asked to login and enter your password which immediately puts your information in the hands of a scam artist.
Also be aware that some of these schemes will have deviantART partnered with another site which might sound reasonable. The latest such scam attempts to link you to a fake site to receive a deviantART sponsored American Greetings ecard. Of course once you get to the fake site you need to enter your deviantART information to get the fake ecard..
Please be aware that if we officially partner with anybody for any reason youll hear it from us on site in the News first and not just receive some random email out of the blue. Always manually type your URL destinations and always check with us before you accept any emails as real. There are plenty of troublesome people out there who would love to get access to your account.
Always come to us to check the validity of any email you receive which claims to have come from deviantART.
A third type of phishing scam is for an individual to send you an email as a warning that someone is going to try to hack your account. This supposed good Samaritan will then outline how this happened to them and how much damage was done and ultimately will suggest a solution.
Theyll explain how the hacking attempt relies on a certain kind of program or something similar and they will point out a loophole in the program or method; a magic invulnerable password which you should immediately put into effect so theyll never get you.
If you fall for this and change your password to this magic word or number youll lose control of your account within hours.
It seems like a stupid thing to do but if your account has been harassed and insulted for days or weeks through the use of dummy accounts made just to attack you it may almost seem reasonable and an inexperienced or younger user may fall into the trap.
Remember that your account security is entirely in your own hands- if you allow someone to gain access to your account by some sort of carelessness there is very little we can do after the fact.
Once control of your account is taken from you youll need to prove your identity and if your account has been trashed with deleted gallery or journal entries there is not much we can do to restore it to its original state.
The bottom line is that it is your account and it is ultimately your responsibility.