Hacked Email Account: What to do and how to prevent it

BACKGROUND
 
According to a study, 91% of cyber-attacks start with an email. Scammers hack email accounts so that they can send messages from a trusted email address in hopes of getting the recipients to take action. Their main goal is to get these email contacts to send money, reveal personal information, or click on a link that installs malware, spyware, or a virus.

IMPACT
 

•    A hacked email account can put you and your email contacts at risk of identity theft and other security and privacy intrusions, affecting finances and reputation. 
•    Your email account can act as a gateway into other accounts. The hacker can simply click “forgot password” at login and have a password reset link sent to your email inbox, which they now control. 
•    If a business email account is hacked, it is a data breach which can lead to revenue loss, damaged brand image and others.

HOW TO KNOW IF YOUR EMAIL HAS BEEN HACKED

•    Your contacts received suspicious emails from you which you did not send. 
•    You may have trouble logging into your email account and get an error message that your username or password is incorrect. 
•    Sent messages folder may contain strange emails that you did not compose. 
•    Strange messages appear on your social media accounts

WHAT TO DO IF YOUR EMAIL ACCOUNT IS HACKED

•    Take back control of your account.
•    If you have been locked out of your account, contact your email service provider.
•    Change your username and password
Use long, unique, and complex passwords or passphrases for different accounts.

•    Change security questions
Avoid choosing questions with answers that can easily be guessed or found online.

•    Turn on two-step verification
Also known as multifactor authentication, this extra security measure will require you to enter your username, password, and one-time passcode each time you login.

•    Perform a security scan
Run a FULL scan of your computer with your UPDATED anti-malware software - Don't just run a quick scan.

•    Warn your contacts
Inform your colleagues, friends, and family in your email contact list that your email has been hacked. Ask them to delete any suspicious messages that come from your account. Advise them not to open attachments, click on links, share any information, or send money. Check your email settings
Hackers may have made changes to ensure they have access to your emails even after you have taken back control.

1.    Make sure your emails are not being auto forwarded to someone else.
2.    Hackers may also change your "reply to" email address to one that looks similar to yours, so when someone replies to your email, it goes to the hacker's account instead.
3.    Check your email signature to make sure it does not contain any unfamiliar links.
4.    Check to make sure the hackers have not turned on an autoresponder, turning your out-of-office notification into a spam machine

PREVENTATIVE MEASURES
 
•    Beware of phishing scams
Never respond to an unexpected email or website that asks for your personal information or login details, no matter how professional it looks.

•    Use up-to-date internet security software
That includes anti-spyware and do keep it UPDATED! Spyware hides itself on your computer, collects personal information and passes on personal details without knowing.

•    Use secure and private networks
Never use unsecured or public wi-fi to login to any of your online accounts.

•    Do not use public computers
There is a high chance of spyware on untrusted computers, and they may have keylogging programs which monitor and record what you type.

•    Maintain strong passwords
Never share your passwords and change your passwords every 3 to 6 months. Use a different password for each site or account.

•    Beware what you share
Limit the amount of information shared on social media and to the public. Hackers and identity thieves are quick to gather personal information on social media so be careful and keep personal details private.

•    Bookmark your trusted websites
This will prevent you from accidentally landing on the wrong website where hackers could slip malicious code or phishing links.