As email providers give away more and more storage space, more and more personal information is being stored in those accounts. People are increasingly using their email accounts for more than just email – it has become their online document storage area with backup documents such as passwords, bank account numbers, account usernames, scans of correspondence and much more. Even if you don’t use your email for this purpose, you may still be inadvertantly revealing personal information in general conversation emails to family and close friends.
Sometimes it’s difficult to know if your email has been hacked, just ask John Podesta. However, you may have received emails from friend’s accounts that have been hacked. You know those emails that say your friend is stranded in a foreign country and lost their wallet or purse. Or, it could be as simple as an email from a friend urging you to check out an amazing page.
If your friends start reporting their receiving strange emails from you, or if you’re just concerned about the security of your email, he are steps for cleaning up or securing your email account.
Step #1: Change your password
The very first thing you should do is keep the hacker from getting back into your email account. Change your password to a strong password that is not related to your prior password; if your last password was billyjoe1, don’t pick billyjoe2—and if your name is actually BillyJoe, you shouldn’t have been using your name as your password in the first place.
Try using a meaningful sentence as the basis of your new password. For example, “I go to the gym in the morning” turns into “Ig2tGYMitm” using the first letter of each word in the sentence, mixing uppercase and lowercase letters and replacing the word “to” with “2.”
Step #2: Reclaim your account
If you’re lucky, the hacker only logged into your account to send a mass email to all of your contacts.
If you’re not so lucky, the hacker changed your password too, locking you out of your account. If that’s the case, you’ll need to reclaim your account, usually a matter of using the “forgot your password” link and answering your security questions or using your backup email address.
Check out the specific recommendations for reclaiming possession of your account for Gmail, Outlook.com and Hotmail, Yahoo! and AOL.
Step #3: Enable two-factor authentication
Set your email account to require a second form of authentication in addition to your password whenever you log into your email account from a new device. When you log in, you’ll also need to enter a special one-time use code the site will text to your phone or generated via an app.
Check out two-step authentication setup instructions for Gmail, Microsoft’s Outlook.com and Hotmail, AOL and Yahoo!.
Step #4: Check your email settings
Sometimes hackers might change your settings to forward a copy of every email you receive to themselves, so they can watch for any emails containing login information for other sites. Check your mail forwarding settings to ensure no unexpected email addresses have been added.
Next, check your email signature to see if the hacker added a spammy signature that will continue to peddle their dubious wares even after they’ve been locked out.
Last, check to make sure the hackers haven’t turned on an auto-responder, turning your out-of-office notification into a spam machine.
Step #5: Scan your computer for malware
Run a full scan with your anti-malware program. You do have an anti-malware program on your computer, right? If not, download the free version of Malwarebytes and run a full scan with it. Professionals recommend running Malwarebytes even if you already have another anti-malware program; if the problem is malware, your original program obviously didn’t stop it, and Malwarebytes can resolve problems even Symantec’s Norton Internet Security missed. Scan other computers you log in from, such as your work computer, as well.
If any of your scans detect malware, fix it and then go back and change your email password again (because when you changed it in step #1, the malware was still on your computer).
Step #6: Find out what else has been compromised
Some of you may follow the ill-advised practice of storing usernames and passwords for various accounts in an email folder called “Sign-ups,” or something similar. With this practice, once a hacker was in your email, they can easily discover numerous other logins. Most of us have emails buried somewhere that contain this type of information. Search for the word “password” in your mailbox to figure out what other accounts might have been compromised. Change these passwords immediately; if they include critical accounts such as bank or credit card accounts, check your statements to make sure there are no suspicious transactions.
It’s also a good idea to change any other accounts that use the same username and password as your compromised email. Spammers are savvy enough to know that most people reuse passwords for multiple accounts, so they may try your login info in other email applications and on PayPal and other common sites.
Step #7: Humbly beg for forgiveness from your friends
Let the folks in your contacts list know that your email was hacked and that they should not open any suspicious emails or click on any links in any email(s) that recently received from you. Most people will probably have already figured that out, but everyone has one or two friends who are a little slower to pick up on these things.
Step #8: Prevent it from happening again
While large-scale breaches are one way your login information could be stolen—last month, 500 million Yahoo accounts were hacked and there’s evidence the number could actually be more than 1 billion—they’re certainly not the only way. Many cases are due to careless creation or protection of login information.
A look at Splash Data’s worst passwords reveals people still choose common passwords and passwords based on readily available information, making their accounts hackable with a few educated guesses. Easy passwords make for easy hacking, and spammers use programs that can cycle through thousands of logins a second to identify weak accounts.
Picking a strong password is your best protection from this type of hacking. It also is prudent to use a different password for each site or account, or, at the very least, use a unique password for your email account, your bank account and any other sensitive accounts. If you’re concerned about keeping track of your passwords, find a password management program to do the work for you.
Limit the amount of personal information you share publicly on social media. Hackers use this publicly available personal information to help answer security questions that protect your accounts.
Bookmark websites that you use frequently to access personal information or input credit card information. This will prevent you from accidentally landing on a site that hackers set up to catch people mistyping the site address.
Here’s a final tip: Watch out when you sign in on unkown and public computers, for example computers in hotel lobbies and libraries. These are perfect locations for hackers to install key-logging programs. The computers are often poorly secured and get used by dozens of people every day. The best practice is to assume that any public computer is compromised and proceed accordingly.