Search This Blog

Monday, August 1, 2011

What To Do When Your Email Account is Compromised


More and more I see spam coming from friends when I open my e-mail. In addition to this, people are telling me that they think their e-mail accounts have been hacked. Signs can be friends receiving messages you did not send, mail is marked read that they never saw, settings are changed, or anything else out of the ordinary. In any case, the question is the same: “What do I do?”
While many Ghacks readers may know to follow these steps, having a guide handy for others is a useful thing. I can imagine many readers are resources for friends, family, and coworkers. These steps can serve as a checklist to ensure thoroughness.
This is a guide on how to reasonably secure your e-mail account. What to do if you lose access to your account is a different problem for another article. This article assumes you still have access, but strange things (as mentioned) are going on. It will cover the three most commonly used e-mail account types: GmailHotmail, and Yahoo Mail. While changing the settings is pretty easy, finding them can be less than obvious. Here are some screenshots to help you find the general settings page for your account.

Step 1 : Change Your Password

You need to do this immediately. This is akin to changing the locks on your doors. When you do not know exactly who has a key to your home, the locks are a liability. Count yourself lucky that you can get into your account. To change your password, log-in and go to Settings. Then follow the steps appropriate to your account.
  • In Gmail: Mail Settings > Accounts and Imports > Change Password
  • In Hotmail: More Options > Account Details (look for “Change” next to password)
  • In Yahoo Mail: Mail Options > Account Information > Change your password

Step 2 : Check Your Recovery E-mail Address

Your recovery e-mail address is the one that you use to reset/regain your password. However, if it was changed, it can be used to get the password to your account. Take a look to see if it is set to another account you own. If not, change it immediately. You also may want to follow these steps on that account.
  • In Gmail: Mail Settings > Accounts and Imports > Change Password Recovery Options
  • In Hotmail: More Options > Account Details (look for “Remove” next to an odd e-mail)
  • In Yahoo Mail: Mail Options > Account Information > Update password-reset info

Step 3 : Change Your Hints

Most people forget about this, but it is a good idea to change your hints. If the hacker knows the answer, they may be able to regain access. This usually requires the recovery e-mail address to be altered, but it is still better to change your hints. Since hints are usually used to reset passwords, they can be used to change your password.
  • In Gmail: Mail Settings > Accounts and Imports > Change Password Recovery Options
  • In Hotmail: More Options > Account Details (look for remove next to a question)
  • In Yahoo Mail: Mail Options > Account Information > Update password-reset info

Step 4 : Check Your Forwards

Checking your forwards is going to be a tedious process, but it is important. If you only have time to skim them over, then do so but make a thorough look your next priority. Your bank account may depend on it. Your e-mail account can be set up to send letters to other e-mail accounts. Most websites are set up to send new passwords to your e-mail address. That means that an unscrupulous person could ask the site for your password, set up your account to forward it to an account they have access to, and the get into the site. That could be a bank site, a blog, FaceBook, or anything else.
  • In Gmail: Mail Settings > Forwarding and POP/IMAP
  • In Hotmail: More Options > Email forwarding
  • In Yahoo Mail: Mail Options > POP & Forwarding (note: a premium service)

Step 5 : Change All Your Passwords on Connected Accounts

Sadly, you have to assume that your forwards are compromised. You are going to have to go through each site you used your e-mail account to sign up with and change the password and hint. You might even want to associate them with a separate account to isolate critical e-mails. Alternatively, you could just change your password and hint on sensitive sites. Your bank and any financial websites should be first. Social networking site like FaceBook and Twitter should be next.

Keep in Mind

You should always use a strong password for your accounts: one with uppercase, lowercase, numeric, and symbol characters. Ideally, you should have a different one for each account. At the very least your e-mail, financial, and social networking sites should have separate passwords. Security is not about absolutes, but about making it difficult for others to gain access to you account.
It is worth noting that each of these services has an extra security feature. You can actually set up your account to use your phone for e-mail recovery. As I have not used it, it is beyond the scope of this article, but is worth considering.

Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo

0 comments:

Post a Comment