If you think your email account is hacked, and the hacker has access to your emails and has probably gotten hold of some important emails that are confidential, this step-by-step guide will show you how to react, and possibly regain control. In this article, we will deal with the issue of an “email account hacked”, especially if you have any suspicion.
We have created instructions with which you can quickly regain control of your accounts and your own data after a hacker attack and secure them better for the future.
It is worthy of note that in recent research, it was stated that phishing attacks in Nigeria have risen by 66%. This is worrisome.
What are the typical scenarios to be suspicious of, if email account is hacked?
- If you haven’t set up any forwarding rules, but you realize that there are rules set to external email addresses, you should be concerned.
- If you haven’t received any e-mails for days, but your account has sufficient storage space, that is an issue for concern.
- If messages that you have not opened are already marked as read, be concerned.
- If previously unknown emails can be found in the “Deleted” folder, you need to act now.
If any of the above has happened to you, keep calm, and focus to regain sovereignty over the hijacked email address and all other connected accounts. You’re to look for damage, learn from it and eliminate the weak points.
If, on the other hand, you cannot access your account at all even though you have not changed your password, be sure to contact the email service provider if the problem cannot be solved online. Do you now see why it is important to open email accounts with genuine personal data such as real name, telephone number, age, etc.? With these tools, the email provider can easily restore your account back to you.
First step with external email access if email account is hacked
- First of all: pull the plug! Access the email account from another, secure computer and change the password. This will prevent newly set passwords from being accessed by possible Trojans or keyloggers on the device previously used.
- Create a secure e-mail password to prevent the attacker from accessing the main account. Then check the filter rules and the forwarding settings – the attacker may have forwarded incoming e-mails to third-party accounts. You should also check the security settings very carefully in all services. On the one hand, this enables you to detect manipulation of protective functions, and on the other hand, new settings may increase the level of security significantly.
What you need to consider with a secure password:
- The password should be unique. No recycling of access data that has already been used!
- The password should have at least 10 characters. The longer the better.
- You can make donkey bridges, like acronymization. You think of a long-phrase and use both capital letters, symbols, and characters.
- If you can’t remember the passphrase at all, write it down. You should store the note in a safe place so that it is protected from unauthorized access. Sticky notes on the screen are a taboo!
In addition to a secure password, you can also secure your accounts with two-factor authentication (2FA). Further information and notes on passwords and 2FA can be found later in the preventive part of this article.
Check the data and services associated with the e-mail account
Which data can be leaked? What other accounts is the email account linked to? First, check accounts that could result in direct financial damage and assign new passwords.
This could include the following:
- Social media accounts such as Facebook, Instagram, Pinterest, TikTok, LinkedIn, etc.
- Online banking such as PayPal, Banks, Payoneer, etc.
- Online gaming platforms and portals such as Origin and Steam
- Cloud and streaming services such as Netflix, etc.
- Shopping accounts such as Amazon, eBay, etc.
- Online learning platforms
In addition, check that all registered devices have also been logged off in the course of backing up the respective account. At Amazon, for example, you can do this by clicking on “Account and Lists”, then on “Login and Security” and then to the “Secure your account” area.
Call your service providers and block your accounts to prevent the worse
If credit card data is affected, you should always keep an eye on the account movements and, if in doubt, block the card. Affected credit cards, whose data may now be haunted in the Darknet, can be blocked with just a call to your service provider.
Follow the tracks for traces if email account is hacked
It is also important to take a look at settings and logs to see whether the attacker has left any traces. Check whether the email hacker made purchases in online shops or placed auctions or classified ads on eBay. Check your messages too – the attacker may have texted other people on your behalf.
What else can be found in the mails?
What else can be found in the mails? Are there any important documents? Is there any critical data from other people who should perhaps know about the leak? Do you have to inform your employer if necessary? The above are pertinent questions and steps you need to take.
In general, in addition to access and business data, an attacker is primarily interested in:
- Name
- Address
- Phone number
- Date of birth
- Payment information and bank details
Such personal data are valuable for criminals as they can be used for identity fraud. Depending on the potential damage, you should therefore consider how to deal with it. Depending on which country you live in, you should do the needful and report to the appropriate department or agency immediately. In some countries, I know you can file an online complaint with the police on the Internet. You can of course also go to the nearest police station with this request, or just place a call to them.
The possibly compromised computer should be checked carefully before using it again. You should reach out to computer security experts to help you out.
If you need a software that protects both personal and business digital life at your fingertips, simply and securely, sign for a free account from LastPass
Effectively protect yourself from attacks and make their work difficult
Your e-mail address is secured, the passwords have been changed and the system is free of viruses and Trojans. Now it’s about protecting yourself so that it won’t be so easy for attackers in the future.
The following security services can be used to check whether your access data may have been tapped in:
- Go to the Hasso Plattner Institute portal and follow the steps given to check the status off your email. Enter your email and follow the prompts.
You can also go to the platform of Breachalarm and check as well.
If your email account is displayed as compromised, you’ll need to change your password, as well as for any associated services.
Set up a new secure password if email account is hacked
The choice of password is of central importance for a secure e-mail account. The more time-consuming and complex the password, the more difficult it is for a potential attacker. A good password is long, individually created for each service/website, and works according to a system that is only known to you. If you write it down, please keep it safe.
Use password managers like LastPass. The programs manage your access and save the passwords in encrypted form on various devices or, if you wish, in the cloud, so that you only have to remember the access password to the password manager yourself.
If you need a software that protects both personal and business digital life at your fingertips, simply and securely, sign for a free account from LastPass
Avoid recycling passwords. Only use each passphrase individually for one account – the convenient bad habit of using one password for different services can also be used by perpetrators. If you have saved certain safety questions as a memory aid, these should be stopped. After all, you have to expect that the hacker with access to the account will now also know the stored name of the first pet or the first career aspiration. The same applies here as with identical passwords: With this knowledge, he could take over other accounts that have not yet been affected.
If you have already saved your passwords in the browser, make sure at least that you use the main password for logging into the operating system or in the browser itself. This protects you from the prying eyes of other users who have access or unintentional access to your device. You can also store a main password in the browser for this purpose.
In Firefox, for example, you will find the function in Settings -> Data protection & security, and there, if you have activated the checkbox in the sub-item Use access data and passwords to the main password. The browsers Chrome, Edge, and Safari usually use the login password of the operating system, but individual passwords can also be entered.
Protection by means of two-factor authentication (2FA) is also basic, you should be doing. In addition to the correct passphrase, 2FA secured services require another hurdle such as SMS or entering an individual code for identification. It should be noted that tokens or services such as Google’s Authenticator are more secure than, for example, an SMS to a mobile phone, as the latter could be intercepted. Using the 2FA Directory website, you can easily find out by category which online offers support two-factor authentication.
Behavioral tips for secure emailing
Processes such as S/MIME and PGP are a bit old, but a well-encrypted email cannot be viewed by unauthorized eyes.
There are also some rules of conduct that you must observe when dealing with your email address. Phishing emails are getting more sophisticated. They differ from classic spam mails in that hackers, especially in the corporate environment, are increasingly sending targeted messages in perfect language. They use the names of real work colleagues or conversation partners, a known sender address, and address a process that happens every day in the corporate environment.
It is better to ask the sender if the email really came from them than to quickly click on the Internet link or the PDF and, in the worst case, be hacked.
Make sure that the email client does not load any external content. Also disable HTML content. Communication from the mail client to the mail server should also be encrypted for transport via TLS / Starttls. Keep the operating system, email software, virus scanner, browser, and all other relevant programs always up to date with updates.
If you take these tips to heart, you will be well-armed when it comes to IT security. Email and IT security are a game of cat and mouse in which conditions are constantly changing. In any case, such an attack is a reason to clean up and archive the mailbox. And for the future, it will be worthwhile to organize incoming mails with a system.
Because data economy in the mailbox is, regardless of everything else, always the best data protection. An attacker cannot access documents that are not stored in the email inbox – regardless of how good the password is.
1 comment
aeewwe