It seems almost inevitable that we will have our email hacked into,
or some other violation of any that involves online services upon which we
depend on in this IT world.
If your account has been compromised (hacked) it means that
someone stole your password and might be using your account to access
your personal information or send junk email.
While it may be distressing and confusing, it is possible to take
back control, here are some simple precautions that can help
prevent from happening or fix if happens.
Firstly, we need to know how we were hacked? Hackers use the following techniques to get your account password and take control.
- Malware: If you install a program from the Internet that isn’t from a trusted publisher, it might include malware that logs your keystrokes or searches your PC for saved passwords.
- Attacking Internet sites: If hackers break into an Internet site and steal account info, they can check it against other sites to see if you've re-used your password.
- Phishing: Hackers often trick people into sending them their account data.
- XSS attack, SQL injection etc.
Steps to fix email account if hacked
1) Sign into your email account
The first step is to assess the damage. Go to the website of your email provider, and log into your email account.
If the password has been changed, then try the password reset mechanism by clicking on the link marked “Forgotten your password?” or similar.
If the password has been changed, then try the password reset mechanism by clicking on the link marked “Forgotten your password?” or similar.
Once you’re into your email account, the very first thing you should
do is change your password. Change it to something long and strong,
using multiple cases, numbers and special characters. Avoid using real
words. Remember to read my post on password security later.
2) Check your other accounts
Once you have changed the password for your email account it is
important to change the password of any other accounts with other
services such as social media (Facebook, Twitter, Instagram), online shopping site (Amazon, Konga, Payporte) or your internet banking that
may have had the same password.
This is important if you use your email address as the
username for these accounts, as the hackers now have both your username
and password for those services. Check both your inbox and trash for any password reset emails from other services or accounts linked to your email address not
instigated by you. The hacker could have attempted to change your
password on other sites, using access to your email to perform password
resets.
3) Check for spam
Some
hackers compromise email accounts in order to attack your friends or
contacts. They use your email address to send spam or phishing emails
attempting to trick them into thinking you need help, buy something or
into giving up personal information.
While it can be difficult to tell if your email account was abused in this way, a quick check of your sent email or your inbox for funny replies will help identify anyone who was targeted from your contacts list.
While it can be difficult to tell if your email account was abused in this way, a quick check of your sent email or your inbox for funny replies will help identify anyone who was targeted from your contacts list.
If you do find someone contacted by the hacker, let them know that
you didn't send the email to them via another communication method if
you can, or by email if that is your only contact with them.
4) Sort out your apps
Once you've secured your email account, and dealt with any potential
fallout from the violation, you need to make sure you can access your
email address in all your usual accounts.
If you use an email program, such as Gmail, Windows Mail,
Mac Mail or you get your email on a phone or tablet computer, you will
have to swap the compromised password on each device for your newly
created secure password.
Each program will be different, but as a general rule of thumb you have to go into the settings menu for your email account in the program and modify the account details to enter the new password.
Each program will be different, but as a general rule of thumb you have to go into the settings menu for your email account in the program and modify the account details to enter the new password.
Instructions for how to do that are listed on the help websites for Outlook, Windows Mail, Gmail and so on. On Blackberry or Android smartphones and tablets your password can be changed in the
accounts section of the settings app. For the iPhone and iPad, your
password can be changed under the mail, contacts and calendar section of
the settings app.
Steps to prevent email account from being hacked
Whenever possible, configure your Internet connection to always use HTTPS. This is the “https” that appears before the “www” in a Web address, and the https is preceded by a padlock icon.
For
Gmail, this works by clicking Settings in the top right; select the
General tab, then hit Always use HTTPS, then save this setting. This
option is not available for those who access email via Hotmail.
Do not open unfamiliar emails. If you open one you think is from someone you know but realize it’s not, delete immediately. Do not click any links in the message or send the sender personal or banking information. Once you open that link, your computer could become infected by a phishing scam and your information stolen. Never reply to email asking for your password.
Your email ID and its password are your own confidential information. No company's employee will ever ask you for your password in an
unsolicited phone call or email message. The sender is a hacker, no
doubt. He wants to gain access to your account and send spam emails,
like asking money from your contacts or make an unauthorized third party
send spam or fraudulent emails to your contact list.
Regularly checking for updates to your browser and operating system, as well as ensuring apps are also kept up to date with the latest version. Take the time to install those free updates and security patches when they’re released. You may also want to enable your system settings so that these updates are installed automatically.
Running regular antivirus and malware scans is
recommended to help avoid compromising your personal details to tools
such as keyloggers. Fortunately, most programs
can automatically update these signatures, so be sure the automatic
updating feature is enabled in your software. In addition, viruses can swiftly change and mutate, use a program
designed to detect newly created or mutated threats even before their
signature is part of the automatic updates.
Add security info to your account to make it easier to recover your account if it’s hacked. Because this info can help keep your account safe, it's a good idea to add as much as possible.
Every email service provider, be it Gmail, Yahoo, Hotmail, etc.
has different security measures. All of the above companies timely
provides security steps to protect user's account. They timely send
emails to their customers like your account is being attempted to
compromised from different IP addresses. So make use of this feature.
If you receive an email notifying you of unusual
activity, you can see when and where your account has been accessed,
including successful sign-ins and security challenges, on the recent
activity page of email service provider, such as Gmail, Yahoo, Hotmail, etc. So you will need to login to sign out unusual activity.
• The longer the password the better. The more characters there are in your password the longer it will take for a hacker to break it, making it less likely they will continue trying.
• Do not use real words in your passwords. The majority of hacking attacks cycle through dictionary words, which means if you use a real word in your password it is more likely to be broken.
• The best passwords are a randomly generated strings of characters numbering 16 or more. Of course, that makes them very difficult to remember.
• Try or never use a password twice.
To solve the issue of trying to remember long complex passwords, password managers like LastPass or 1Password can help and storing all your passwords in a secure place.
By using a password manager you are only as secure as the password to
your password manager. Remembering one really complex and long password
is a lot easier than remember 10 or 20 of them.
Also remember to log out your accounts if used from an untrusted computer
(e.g. cyber cafe, friends house, public place etc). Even if you trust your friends and
family, their computer could be infected by spyware.
In addition to passwords, a different type of security mechanism called two-factor authentication is becoming increasingly available.
In principle it is very simple. In addition to your username and
password you have another form of identification, normally consisting of
a code generated by a key fob or a smartphone app or token, that has to be put
in at the time of login and changes every minute or so.
It means you keep something the hacker cannot get to, securing your account with another layer of security. Banks have been using them for a while. Now most email providers and a variety of other online
services offer two-factor or two-step authentication for free, so it is
worth activating on your accounts if it is available.
No comments:
Post a Comment