What To Do If Your Email Is Hacked
I think I could count on my hand the people I know who have NOT had their email hacked. Maybe they found a four-leaf clover when they were kids!
Email hacking is one of the very unfortunate downsides to living in our connected, digital world. And It’s often a situation that even the savviest tech experts find themselves in. In August this year, over 700 million email addresses (and a large number of passwords) were leaked publicly courtesy of a misconfigured spambot (a program designed to collect email addresses). Many savvy tech types were caught up in the hack including Troy Hunt, a leading Australian computer security expert and creator of Have I Been Pwned?.
Just this month it was confirmed that every single Yahoo email account was compromised in the 2013 data breach. A whopping 3 billion accounts with stolen data including names, email addresses, phone numbers and birth dates. And recent reports have confirmed that thousands of Australian Government Officials including high-profile politicians, Defence Officials, judges and members of the Australian Federal Police were among the victims.
So, in short – it can happen to anyone…
But Why Should I Worry? I Have Nothing Valuable in My Email
If you have an identity and email address you are very valuable to a hacker – no exceptions! Even if you don’t consider yourself to have Kim Kardashian’s celebrity status or the CEO power of James Packer, a hacker is still very keen to collect every piece of information they can about you.
Remember, hackers want to get their hands on your data. Why – I hear you ask? So, they can cash in! Some will keep the juicy stuff for themselves – passwords or logins to government departments or large companies they may want to ’target’. But the more sophisticated ones will sell your details including name, telephone, email address and credit card details and cash in on The Dark Web. They often do this in batches. Some experts believe they can get as much as AU$140 for a full set of details including credit cards.
So, you can see why they’d be interested in you!
How Big Is the Problem?
There is a plethora of statistics on just how big this issue is – all of them concerning!
According to IDCARE – a support service for Australian and New Zealand victims of identity fraud – about 1 million Australian have their identity stolen each year at a cost of about $1 billion.
The Australian Competition and Consumer Commission (ACCC) recently revealed that hacking scams cost Australian businesses close to $3 million during 2016 with the number of people reporting scams activity at record levels.
The Australian Cyber Security Centre nominates $20 million as the fallout from ‘phony emails’ aka phishing in 2016/7.
Regardless of which statistic you choose to focus on, we have a big issue on our hands!
So, What Do I Do If My Email Is Hacked?
If you find yourself a victim of email hacking there are a few very important steps you need to take. But the key here is to act FAST!!
1. Change Your Password
This is the very first thing you must do to ensure the hacker can’t get back into your account. It is essential that your new password is complex and totally unrelated to previous passwords. Always use at least 8-10 characters with a variety of upper and lower case and throw in some symbols and numbers. I really like the idea of a crazy, nonsensical sentence – easier to remember and harder to crack!
If you find the hacker has locked you out of your account by changing your password, you will need to rest the password to by clicking on the Forgot My Password link.
2. Let Your Email Contacts Know
A big part of the hacker’s strategy is to ‘get their claws’ into your address book with the aim of hooking others as well. Send a message to all your email contacts as soon as possible so they know to avoid opening any emails (most likely loaded with malware) that have come from you.
3. Change Your Security Question
If you have a security questions associated with your email account, please change this too. And please make it unpredictable and niche! It is possible that this was how the hackers broke into your account in the first place. When Yahoo had 500 million accounts hacked in 2014, not only were the passwords stolen but the security questions too. If you have a security question associated with your account, make up a response that makes no sense. This is the perfect opportunity to tell a lie!
4. Commit to Multi Factor Authentication
Yes, multi-factor authentication adds another step to your login but it also adds another layer of protection. Enabling this will mean that in addition to your password, you will need a special one-time use code to login. This is usually sent to your mobile phone. So worthwhile!
5. Check Your Email Settings
It is not uncommon for hackers to modify your email settings so that a copy of every email you receive is automatically forwarded to them. Not only can they monitor your logins for other sites but they’ll keep a watchful eye over any particularly juicy personal information! So, check your mail forwarding settings to ensure no unexpected email addresses have been added.
Don’t forget to check your email signature to ensure nothing spammy has been added. And also ensure your ‘reply to’ email address is actually yours! Hackers have been known to create an email address here that looks similar to yours – when someone replies, it goes straight to their account, not yours!
6. Scan Your Computer for Malware and Viruses
This is essential also. If you find anything, please ensure it is addressed and then change your email password again. And if you don’t have it – please invest. Comprehensive security software will provide you with a digital shield for your online life. McAfee Total Protection lets you protect all your devices – including your smartphone – from viruses and malware. It also contains a password manager to help you remember and generate unique passwords for all your accounts.
7. Change Any Other Accounts with the Same Password
Time consuming but very worthwhile! Ensure you change any other accounts that use the same username and password as your compromised email. Hackers love the fact that many of us use the same logins for multiple accounts, so it is guaranteed they will try your info in other email application and sites such as PayPal, Amazon, Netflix – you name it!
8. Consider Creating a New Email Address
If you have been hacked several times and your email provider isn’t mitigating the amount of spam you are receiving, then consider starting afresh but don’t delete your email address! Many experts do warn against deleting email accounts as most email providers will recycle your old email address. This could mean a hacker could spam every site they can find with ‘forgot my password’ request and try to impersonate you – identity theft!
Your email is an important part of your online identity so being vigilant and addressing any fallout from hacking is essential for your digital reputation. And even though it may feel that ‘getting hacked’ is inevitable, you can definitely reduce your risk by installing some good quality security software on all your devices. Comprehensive security software such as McAfee Total Protection will alert you when visiting risky websites, warn you know when a download looks ‘dodgy’ and will block annoying and dangerous emails with anti-spam technology.
It makes sense really – if don’t receive the ‘dodgy’ phishing email – you can’t click on it! Smart!
And finally, don’t forget that hackers love social media – particularly those of us who overshare on it. So, before you post details of your adorable new kitten, remember it may just provide the perfect clue for a hacker trying to guess your email password!
More antivirus and malware news?
- Houdini Worm Gets Posted to Paste Sites
- Cybercriminals target Silverlight users with new exploit kit
- Jimmy Wales threatens to encrypt Wikipedia if UK passes snooping bill
- EyePyramid and a Lesson on the Perils of Attribution
- Resolved: Scheduled Maintenance – UPS replacement at Pattee/Paterno Library hub site
- Microsoft due in court over warrant for emails stored in Irish data centre
- Waratek upgrades Java protection
- In depth: What does APT really mean?
- Tanium’s fast-acting endpoint management tool grows up
- Microsoft Windows CVE-2016-3332 Local Privilege Escalation Vulnerability