News
Open
Tuesday July 07, 2020
  • Site last updated at 11:44pm on Saturday 27th June 2020.

Recently a number of people have had their email accounts compromised.

The form this takes is that you will receive a message from one of your contacts with a link, this will mean that the contact has had their email compromised and if you click on the link on the email, your email will be compromised.

If you get this type of email the first thing you should do is check the time as sometimes the time, early in the morning, can give it away, otherwise get in touch with the contact and check directly with them. 

If you email is compromised below are details of how it should be dealt with

Email account theft is rampant. If it happens to you there are several steps you need to take not only to recover your account but prevent it from being easily hacked again.

Someone, somewhere, has gained access to your account and has started using it to send spam. Sometimes passwords are changed, sometimes not. Sometimes traces are left, sometimes not. Sometimes the everything in the account is erased, both contacts and saved email, and sometimes not.

But the one thing that all these events share is that suddenly several people, usually those on your contact list, start getting email from "you" that you didn't send at all.

Your email account has been hacked. Here's what you need to do next...

 

1. Recover Your Account

Login to your email account via your providers website.

If you can, consider yourself very lucky, and proceed to step 2 right away.

If you can't login even though you know you're using the correct password, then it's likely that the hacker has already changed your password. Use the "I forgot my password" or other account recovery options offered by your email service. This typically involves sendingpassword reset instructions to an alternate email address that you do have access to, or perhaps answering the "secret questions" that you set up when you created the account.

If the recovery methods don't work - perhaps because the hacker

has also altered all the recovery information that might be used (changed the alternate email address or answers to the secret questions), or perhaps because you don't recall the answers, didn't maintain the alternate account or didn't set up any recovery information in the first place, then you may be out of luck.           

If recovery options don't work - for whatever reason - your only recourse is to use the customer service options provided by that email service. For free email accounts there are usually no phone numbers or email addresses, - your options are usually limited to self-service recovery forms, knowledge base articles and official discussion forums where service representatives may, or may not, participate. For paid accounts there are typically additionalcustomer service options that are more likely to be able to help.                                                                                                                       

Important: If you cannot recover access to your account then it is now someone else's account. It is now the hackers account..                                                                                                      

Unless you've backed up, everything in it is gone forever and you can skip the next two items. You'll need to set up a new account, from scratch. 

 

2. Change Your Password                                                       

One you regain access to your account, or if you never lost it, you should immediately change your password.

As always, make sure that it's a good password: easy to remember, difficult to guess, and long. The longer the better in fact, but make sure your new password is at least 10 characters      or more, and ideally 12 or more if the service supports it.                                                                       

But don't stop here. Changing your password is not enough.       

        

3. Change Your Recovery Information                                   

While the hacker had access to your account they may elect to leave your password alone. That way chances are you won't notice that the account has been hacked for a while longer. 

But whether they changed you password or not, they may very well have gone in and changed the recovery information.

The reason is simple: when you finally do get around to changing your password the hacker can follow the  ”forgot my password" steps and reset the password out from underneath you using the recovery information that he collected or set.

Thus, you need to check all of it, and change much of it ... and right away.

Change the answers to your secret questions. The answers you choose don't have to match the questions (you might say your mother's maiden name is "Microsoft", for example) - all that matters is that the answers you give should you ever need to recover your account match the answers you set here.

Check your alternate email address or addresses associated with your account, and remove any that you don't recognize or are no longer accessible to you. The hacker could have added his own. Make sure that all alternate email addresses are accounts that belong to you and that you have access to.

Check any mobile or other phone numbers associated with the account. The hacker could have set their own. Remove any that you don't recognize and make sure that if a phone number is provided it's yours and no one else's.

These are the major items, but some email services have additional information that they can use for account recovery. Take the time now to research what that information might be, and if it's something that could have been altered while the hacker had access to your account.

Overlooking information that could be used for account recovery could allow the hacker to easily hack back in - make sure you take the time to carefully check and reset as appropriate.

 

4. Check Related Accounts

This is perhaps the scariest, and the most time consuming.

Fortunately it's not common, but the risks are high so understanding this is important.

While the hacker has access to your account they have access to your email, including both what is in your account now - past email - as well as what arrives in the future.

Let's say that the hacker sees you have a notification email from your Facebook account. The hacker now knows you have a Facebook account, and what email address you use for it. The hacker can then go to Facebook, enter your email address and then request a password reset. Be aware that if you have any critical information in your email  particularly banking passwords, it is safest to change them all. It is very time consuming but a must to ensure security.

Subscribe to our EBlast

Join our Facebook Group