By Praveen Kannan and Anna Strokolyst The Hotspot Shield team believes the internet should be open and secure …
If your friends are getting emails from you with a link to an online Viagra store, your email account has probably been hacked. Email hacking happens more often than you think.
Follow the steps below to recover and protect yourself.
Step 1. Verifying that your email is hacked
First of all, let’s determine whether or not what you’re experiencing is truly an account breach, starting with email patterns. Check your sent mail folder. Are there emails present that you definitely did not send? Are you receiving emails from “mailer-daemon” that suggest you were trying to contact an unfamiliar email address? Are you receiving contact from your friends or family saying that they are receiving strange emails from you?
A yes to any of these questions can indicate a hack.
Additionally, more discrete changes can indicate tampering as well. Check your account settings. Has your email signature been changed? Is your email being forwarded to a strange address? Do you have an auto-reply email set up that you did not have before? Are there user IDs or reply-to addresses linked to your account that you do not recognize? These changes are an attempt to track password changes and maintain control.
Finally, there are obvious changes in user access. Does your password no longer work, even though you are certain that it is the correct password? Do you keep getting kicked out of your email while accessing it? Has your email provider blocked your account?
In each case, these point to the fact that your account is, indeed, compromised.
Step 2: Cutting Ties
Hackers do not break into email accounts to steal your coupons, they have bigger goals in mind that involve using your website logins or your financial information.
Malware is one of the hackers’ favorite weapons. Your system may be infected with malware that tracks your keystrokes or mines your passwords.
Since this software would allow the hacker to re-access your account even after cleansing it, start by removing these backdoors. If you do not currently have anti-malware software installed, several options are available. You should also consider using Hotspot Shield’s “Malware Protection” feature.
Next, lock down your account. Reset your password, change your password (if you can gain access to your settings), or, if necessary, contact your service provider for additional help. Assistance pages for several popular services are listed here:
Once you have access to your account again, contact anyone in your address book, and let them know that you’ve been attacked and not to click on any suspicious emails or links.
Next, enter the settings on your account and reset email forwards, signatures, send-to addresses, and linked IDs. Both of these steps will keep the mechanism that infiltrated your account from spreading, and keep ambitious hackers from regaining control.
The most tedious step comes next: securing everything connected to that account. Since most of us have personal, financial, and login information stored on our email addresses, that data becomes a high-priority for criminals.
Check online retailers for new payment methods or shipping addresses. Lock down your credit by calling credit reporting agencies and informing them of the intrusion.
Keep records and file a police report of all changes. Check all potential security holes everywhere you exist on the Internet and make sure they are sealed up tight by changing passwords, eliminating linked accounts, and, per Wired’s recommendation, de-authorizing apps linked to Twitter and Facebook.
Step 3: How to avoid future attacks
Okay. We plugged up the dam, so to speak. The next step is to take the necessary precautions in order to avoid future attacks.
Your first line of defense is a strong password. Studies have shown that the time needed to crack a 6-character, lowercase password is a measly 10 minutes. Passwords should be of substantial length, mixed case, including numbers and special characters, in a way that makes no grammatical sense. Avoid English phrases or words and instead consider replacing letters with numbers. In addition, avoid using the same password for multiple websites. Hackers are aware that this is common practice and will exploit the fact to maximum benefit.
Updated software is your next barrier. Many malicious attacks can come from security flaws in un-updated operating systems so install recommended and critical updates frequently. Keep virus and malware definitions updated for your anti-virus software and run regularly scheduled scans to detect potential threats.
At this point, Switched recommends creating three unique email addresses, each with a specific purpose. Use your provider’s built-in account recovery tools by registering an alternate email address and phone number. This will make account recovery and identity verification easier in the future.
Establish one of the addresses as your repository for sensitive information and make sure it has a strong password, changed regularly. Finally, establish the final email address as your “subscription” address. This is where coupons, newsletters, Twitter, and Facebook updates will go. The idea is to compartmentalize your digital life into specific areas so that hackers cannot simply mine your account for all useful information. Again, this may seem like overkill, but in the face of several thousand dollars in financial loss, the step may seem more reasonable.
Finally, and most importantly, fix your behavior and habits. A survey of email infiltration incidents revealed that user error is to blame for many security holes.
People are enticed by their offers and fall victim to identity thieves and hackers on a regular basis. Protect yourself by avoiding any suspicious emails or links. No reputable online entity is going to ask for your password over email or chat, so do not fall for these tricks.
Avoid becoming a target for these kinds of attacks by never list your email address publicly on forums, social networks, or blogs.
Lastly, remember that public computers are exactly that: public. Avoid checking email on public computers and, should you do so, make sure you log out of your account before closing the browser window. Remember, security begins, and ends, with you.
Email hacking is becoming a more common occurrence every day, and while there are tools available now to ward off successful hacking attempts, these attacks are growing more and more sophisticated by the day.
Protect yourself by maintaining secure passwords, up-to-date software, compartmentalized online identities, and good user behavior. Nothing hurts quite like a cyber-attack, especially when prevention is just a few clicks away.