Steps to Prevent and Fix a Hacked Email Account

It seems almost inevitable that we will have our email hacked into, or some other violation of any that involves online services upon which we depend on in this IT world. 

If your account has been compromised (hacked) it means that someone stole your password and might be using your account to access your personal information or send junk email.

While it may be distressing and confusing, it is possible to take back control, here are some simple precautions that can help prevent from happening or fix if happens.

Firstly, we need to know how we were hacked? Hackers use the following techniques to get your account password and take control.

• Malware: If you install a program from the Internet that isn’t from a trusted publisher, it might include malware that logs your keystrokes or searches your PC for saved passwords.

• Attacking Internet sites: If hackers break into an Internet site and steal account info, they can check it against other sites to see if you've re-used your password.

• Phishing: Hackers often trick people into sending them their account data.

• XSS attack, SQL injection etc.

Steps to fix email account if hacked 

 

1) Sign into your email account

The first step is to assess the damage. Go to the website of your email provider, and log into your email account.

If the password has been changed, then try the password reset mechanism by clicking on the link marked “Forgotten your password?” or similar. 

Once you’re into your email account, the very first thing you should do is change your password. Change it to something long and strong, using multiple cases, numbers and special characters. Avoid using real words. Remember to read my post on password security later. 

2) Check your other accounts

Once you have changed the password for your email account it is important to change the password of any other accounts with other services such as social media (Facebook, Twitter, Instagram), online shopping site (Amazon, Konga, Payporte) or your internet banking that may have had the same password.

This is important if you use your email address as the username for these accounts, as the hackers now have both your username and password for those services. Check both your inbox and trash for any password reset emails from other services or accounts linked to your email address not instigated by you. The hacker could have attempted to change your password on other sites, using access to your email to perform password resets. 

3) Check for spam

Some hackers compromise email accounts in order to attack your friends or contacts. They use your email address to send spam or phishing emails attempting to trick them into thinking you need help, buy something or into giving up personal information.

While it can be difficult to tell if your email account was abused in this way, a quick check of your sent email or your inbox for funny replies will help identify anyone who was targeted from your contacts list.

If you do find someone contacted by the hacker, let them know that you didn't send the email to them via another communication method if you can, or by email if that is your only contact with them. 

4) Sort out your apps

Once you've secured your email account, and dealt with any potential fallout from the violation, you need to make sure you can access your email address in all your usual accounts.

If you use an email program, such as Gmail, Windows Mail, Mac Mail or you get your email on a phone or tablet computer, you will have to swap the compromised password on each device for your newly created secure password.

Each program will be different, but as a general rule of thumb you have to go into the settings menu for your email account in the program and modify the account details to enter the new password.

Instructions for how to do that are listed on the help websites for Outlook, Windows Mail, Gmail and so on. On Blackberry or Android smartphones and tablets your password can be changed in the accounts section of the settings app. For the iPhone and iPad, your password can be changed under the mail, contacts and calendar section of the settings app. 

Steps to prevent email account from being hacked 

1) Configure your Internet connection 

Whenever possible, configure your Internet connection to always use HTTPS. This is the “https” that appears before the “www” in a Web address, and the https is preceded by a padlock icon.

For Gmail, this works by clicking Settings in the top right; select the General tab, then hit Always use HTTPS, then save this setting. This option is not available for those who access email via Hotmail. 

2) Be sure of emails before opening 
Do not open unfamiliar emails. If you open one you think is from someone you know but realize it’s not, delete immediately. Do not click any links in the message or send the sender personal or banking information. Once you open that link, your computer could become infected by a phishing scam and your information stolen. Never reply to email asking for your password. 

Your email ID and its password are your own confidential information. No company's employee will ever ask you for your password in an unsolicited phone call or email message. The sender is a hacker, no doubt. He wants to gain access to your account and send spam emails, like asking money from your contacts or make an unauthorized third party send spam or fraudulent emails to your contact list. 

3) Keep your computer or mobile device up to date 
Regularly checking for updates to your browser and operating system, as well as ensuring apps are also kept up to date with the latest version. Take the time to install those free updates and security patches when they’re released. You may also want to enable your system settings so that these updates are installed automatically.

Running regular antivirus and malware scans is recommended to help avoid compromising your personal details to tools such as keyloggers. Fortunately, most programs can automatically update these signatures, so be sure the automatic updating feature is enabled in your software. In addition, viruses can swiftly change and mutate, use a program designed to detect newly created or mutated threats even before their signature is part of the automatic updates. 

4) Make your account easier to recover
Add security info to your account to make it easier to recover your account if it’s hacked. Because this info can help keep your account safe, it's a good idea to add as much as possible. 

Every email service provider, be it Gmail, Yahoo, Hotmail, etc. has different security measures. All of the above companies timely provides security steps to protect user's account. They timely send emails to their customers like your account is being attempted to compromised from different IP addresses. So make use of this feature. 

5) Check your recent activity 

If you receive an email notifying you of unusual activity, you can see when and where your account has been accessed, including successful sign-ins and security challenges, on the recent activity page of email service provider, such as Gmail, Yahoo, Hotmail, etc. So you will need to login to sign out unusual activity.   

6) Use strong password  
• The longer the password the better. The more characters there are in your password the longer it will take for a hacker to break it, making it less likely they will continue trying. 
• Do not use real words in your passwords. The majority of hacking attacks cycle through dictionary words, which means if you use a real word in your password it is more likely to be broken. 
• The best passwords are a randomly generated strings of characters numbering 16 or more. Of course, that makes them very difficult to remember. 
• Try or never use a password twice.

To solve the issue of trying to remember long complex passwords, password managers like LastPass or 1Password can help and storing all your passwords in a secure place.

By using a password manager you are only as secure as the password to your password manager. Remembering one really complex and long password is a lot easier than remember 10 or 20 of them.

Also remember to log out your accounts if used from an untrusted computer (e.g. cyber cafe, friends house, public place etc). Even if you trust your friends and family, their computer could be infected by spyware. 

Note: 
In addition to passwords, a different type of security mechanism called two-factor authentication is becoming increasingly available.

In principle it is very simple. In addition to your username and password you have another form of identification, normally consisting of a code generated by a key fob or a smartphone app or token, that has to be put in at the time of login and changes every minute or so.

It means you keep something the hacker cannot get to, securing your account with another layer of security. Banks have been using them for a while. Now most email providers and a variety of other online services offer two-factor or two-step authentication for free, so it is worth activating on your accounts if it is available.