These days, it’s becoming common for people to become the victims of email hacking. It’s happened to me and many of my associates, and maybe it’s happened to you, too. Usually, you find out that your email is hacked after your contacts inform you that they’ve received suspicious emails from you that you’ve never actually sent. Usually, these hacks are more of an annoyance than a direct threat. Here are 10 things you can do when your email is hacked to regain the security that you need to stay protected.
1. Keep a level head
First and foremost, this kind of email hacking is specifically designed to distribute bad links to as many people as possible. What likely happened, is that an automated program bombarded your account with password attempts until a successful login occurred, where then it automated a message to send to everyone in your address book. Or, perhaps somebody breached your security questions to perform a password reset. Now that your email has been hacked, you should follow the steps below to ensure that you are protected across all of your accounts.
With that in mind, take this time to restructure your security protocols across the entire web.
2. Reset your passwords
Even though ground zero is the actual site where your email is hacked, you’ll want to change all of your passwords as soon as possible. Your email was hacked because your password wasn’t strong enough to withstand the attack before being discovered, and its likely your other passwords are also at risk. Give yourself a password with symbols, numbers and letters to be the most safe, and make your password different for each site that requires a password. While this gives you a lot of passwords to remember, you can simplify it a little bit by using a standard password for every site, and adding a suffix to the end of it signifying the site it belongs to.
For example, you may choose the random password “$eBl-0a” for your sites. Now, to keep it simple, memorize that password and for each site, add the domain to the suffix (i.e., “$eBl-0aamazon”, “$eBl-0agmail”, etc.) That makes it a little easier to remember, while keeping secure across all of your sites so that these automated programs won’t breach your accounts.
3. Check your financial accounts
While you are changing your passwords, run a quick check on all of your financial accounts to make sure there’s no illicit activity. Remember from step 1, you have a level head and you know it’s very unlikely that these accounts have been breached. But do your due diligence, and see for yourself. You’ll be changing these passwords anyway, so just take a look at the last few days of activity to be safe.
4. Disconnect your connected accounts
Many email providers ask for a secondary email to use in the event of a password loss. This practice should be avoided. If the site gives you the option of using a mobile phone to text you when you need a password reset, then that should be the option you choose. Also, do not connect your financial accounts to any email account. You’ll want each account to be an island unto itself, and use your mobile device as a restore option whenever possible, so that you are alerted when a password reset is initiated.
5. Remove connected accounts from mobile apps
If you play games on your phone that connect to Facebook or Google, stop. There are many mobile apps out there, and many have access to the vital data in your phone. Your phone will auto-login to many different sites. You’ll want to remove that capability for third-party apps, and keep any app from having access to your accounts.
6. Two-Factor authentication
Here’s where true security comes into play. Some sites allow you to not only require a password, but also type in a code that is sent to your mobile device. Alternatively, some accounts don’t offer mobile authentication but do have an additional pin in order to log on. Always enable this. Statistics show that this makes your account up to 400% safer.
7. Update your security questions
This is a tough one, because you need to know the answers to these questions, but you don’t want them to be guessable. The best way to institute tough security question answers is to answer them correctly, but follow them with a couple of symbols. “Name of my first school” could be “Proctor#$%” instead of just “Proctor”. Then, even if people can find the answer, they won’t type it correctly or get in that way. So much information about us is available online, so add a few symbols to make the answers secure.
8. Update your phone and your PC
Most hacking comes from finding vulnerabilities in out-of-date software. Specifically, Flash, Java, Windows, and Android has a host of security issues which are patched regularly. Take this time to update everything you can right now, and keep it on your radar to perform the updates recommended for each of your programs or operating systems. An out-of-date piece of software is a prime target for automated malware infections.
9. Scan everything you own for viruses
Use something like MalwareBytes or Hitman to scan your PCs. You might be surprised at what it will find. Many carriers of viruses or malware don’t even know they have a problem, because they think antivirus is enough. Your email is hacked when you practice the set-it-and-forget-it model of security – it doesn’t work. Run a scan now, and repeat every month or so just to be sure. If you have an automated virus scanner on your system, make sure not only that it will run a full scan periodically, but that it will email you the results.
10. Tell your contacts what happened
Email everyone in your address book that your email was hacked. Keep a positive vibe, and try not to scare anyone. Simply, let them know to disregard any messages that seem suspicious, and that you’ve taken steps to secure your email account.