Steps to take when your e-mail account has been hacked

A colleague experienced a rather unsettling event today. Their e-mail account was compromised and used to send out scam messages asking for funds to be transferred abroad to most of the e-mail addresses they had ever used to send and receive e-mail.

When your e-mail account has been taken over, you’re in for a world of trouble. A quick reaction is most important, because your e-mail account is most likely used to request password resets for other accounts.

  1. If you still have access to your account, immediately change the password.
    If you no longer have access to your account (i.e. the hacker changed your password), immediately contact the provider. Providers will have special help lines or e-mail addresses you can use to report such incidents.

  2. When you get access to your e-mail account again, immediately check the following:
    • Has any forwarding e-mail address been set?
      Once in your account, hackers can forward your e-mail to another account. You might never know that they are still inside your e-mail account if you don’t explicitly check.
    • Change your security question and answer.
      Security questions/answers are used to reset passwords. Even if the question/answer has not been changed, the perpetrator had access to them and they are compromised.
    • Verify any other password reset methods.
      These could include mobile phone numbers, alternate e-mail addresses, etc.
  3. Send out notes to your contact list to let them know that you have regained control and to please not take any action (such as send money, etc.)
  4. Review your account for any account reset e-mails, including in your trash.
    Hackers will likely delete those e-mail messages, but they might have missed some. Your e-mail account is the key to many other accounts. Armed with access to your e-mail account, it’s often trivial to reset passwords on other sites.
    Of course, if you don’t find any such notification messages, it doesn’t mean that nothing happened to your other accounts. You should ideally have a list of accounts (yes, all 398 of them…). Organize them from high priority to low and verify that you can still log on to those. Most of the time, that should be sufficient: if you can’t log on anymore, it means your password was reset. You’ll have to go through whatever reset procedures exist at that site.
    However, some of the time, there are still sites today that will send your password in plain text to your e-mail account. If that happened, the hacker now has access to that account without you knowing. If the site provides a way to look at the last login time and origin, use that to check if it was abused.
  5. If you used the same password for any other account, immediately reset those also, to different passwords.

And just one more time: DO NOT EVER USE THE SAME PASSWORD FOR MULTIPLE ACCOUNTS – or if you do, approach it from a risk management perspective: your Twitter account is less valuable than your bank account which is less valuable (yes, really!) than your e-mail account. If you have accounts with different “risk profiles,” do not share passwords between them. And if this is over your head, that’s OK: DO NOT EVER USE THE SAME PASSWORD FOR MULTIPLE ACCOUNTS.

Use a password manager, there are lots of them out there. I prefer not to trust cloud providers, such as LastPass. These sites simply have too big of a target on them. I use an offline password database only: KeePass. I can still transfer my password database (just a file) between devices using a variety of methods.

It’s also best not to turn on auto-submitting password helpers. They’re very convenient, but there are ways in which web pages can be compromised to load (invisibly) login pages from other sites. Your password manager will dutifully fill out the username and password and let it be intercepted by scripts running on the compromised page you are visiting.

I tell my students that “the Internet is evil, or evil is on the Internet.” For all the benefits a large network such as the Internet offers, exercise caution to protect your accounts. Real damage can be done from a continent away!

by Sven Aelterman.

Another good source is here.

Let me know what you think, or ask a question...

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.