5 key actions to heal your hacked email account: Internet Scambusters #561
Hacked email -- the takeover and misuse of other people's email accounts -- is on the rise.
Oftentimes, victims don't know their account has been hijacked until it's too late, when their own contacts have been targeted and perhaps compromised.
What can you do to protect yourself or respond if you're already a victim? This week, we have the latest guidance from government sources.
Let's get started...
Are You a Victim of Hacked Email?
More and more these days, we're hearing reports about hacked email accounts -- in which individuals' accounts are hijacked by crooks and used to spam their victims' contacts.
Some members of our own team have been getting these types of messages, which appear to come from people they know.
Often they contain a link that leads either to a sales site or, worse, a malware download.
Or they may be one of those spoof distress emails claiming the supposed sender is in trouble and needs money. For more on this type of scam see the article: How Distress Scam Storylines Aim To Win Your Sympathy.
So how can you tell if your email account has been hacked and what can you do about it?
The Federal Trade Commission (FTC) has recently issued guidance, which has been posted on the government's OnGuardOnline website.
Here's what they want you to know, with some additional information from the Scambusters team:
How to Tell If You've Been Hacked
Usually, the first clue you get that someone is using your email address is when you get emails from your contacts about messages they say they've received from you and which you know for sure you didn't send.
You might also check your "Sent" folder if you use an online email account and see messages there that you didn't send.
Similarly, you may find your Facebook or other social network account has posts that you didn't write. You may not even be able to sign in to your social media or email accounts.
It's also possible, says the FTC, that people may be receiving emails that seem to come from you when your account hasn't been hacked at all.
In that case, the crooks are spoofing your email address -- using their tech skills to "overlay" their real address with yours.
But even then, you'll still want to take action to put things right.
How Did You Get Hacked?
There are several ways crooks can get hold of your email account info but the simplest way is that you gave it to them.
They already know your email address. It'll be on hundreds or thousands of messages you sent out (including those on jokes you circulated or someone sent to you) or on other sites where you have accounts.
In fact, it's not hard to guess your address if, like most people, you use your first and last name followed by the mail service provider -- like JohnDoe@somemailservice.com.
Now, all they have to do is guess your password, which, depending on how wary you are, could take just seconds.
Or they may get hold of it from company computers where you have an account, which they have previously also hacked.
If you use the same password on multiple accounts, you're in big trouble. See these Scambusters issues for more about passwords.
Alternatively, you may have inadvertently installed malware on your PC, perhaps from the very same trick that's now being passed on to your contacts -- you clicked on a link you thought was sent to you by someone you know.
The malware then goes through your PC, collects your password details, raids your contacts list and begins the whole process again.
What to Do If You've Been Hacked
You should take five key actions if you believe your email account has been hacked:
- First, check for and get rid of any malware on your PC. Update and run your Internet security software for this.If nothing is found, visit the software company's website or search the Internet for more malware-scanning tools from reputable companies.If you haven't found any malware, download the free scanner from Malwarebytes. Although this is NOT a substitute for full-blown Internet security (as the company will tell you), it does have a good reputation for tracking down and removing installed malware that other tools miss.
- Second, change you passwords. Again, check out our earlier reports on how to create strong passwords.And follow the two golden rules: Don't use the same password for different sites, and change all of your passwords regularly. Use a password manager.
- Third, check with your email provider or social networking site for guidance on restoring or resetting your account.You may find, for example, that the crooks have already changed your password and you can't log on to your own account.You'll find links from most of the big providers on StaySafeOnline.org's Hacked Accounts page.
- Next, check your account settings.Says the FTC: "Once you're back in your account, make sure your signature and 'away' message don't contain unfamiliar links, and that messages aren't being forwarded to someone else's address.On your social networking service, look for changes to the account since you last logged in -- say, a new 'friend'."
- Finally, make sure you tell all your contacts about what has happened, as soon as possible.If you email them, use the "bcc" address field so all their details remain hidden to the others.
How to Avoid Being Hacked
It would be better, of course, if you didn't get hacked in the first place.
You can reduce the risks by following our password guidance and keeping your passwords secret; using a difficult to identify address or at least adding numbers to your address name and keeping your security software up to date.
For more information on this FTC guidance, visit OnGuardOnline's Hacked Email page.
Before we sign off, there's just time to alert you to another useful set of guidelines from the OnGuardOnline site.
This explains how to stay safe and avoid being hacked or spied on when you're using public wi-fi spots.
Check it out at Tips for Using Public Wi-Fi Networks.
Put both sets of guidelines together and you've got a great basic formula for protecting yourself from hacked email and other hijacking tricks.
That's all for today -- we'll see you next week.