A few weeks ago, my main e-mail address was hacked. You know, the one that I have used for 20-plus years to connect me to everything in my life! How dare they? Yes, it was an invasion of privacy. Yes, it was frustrating. Yes, it was time-consuming to put out fires and do damage control to protect my accounts where I used that e-mail as my username.
The fact is, e-mail hacking is a billion-dollar business venture. But it is also a criminal offense. Even though there are many things that can happen to a person that are worse, it is nevertheless extremely frustrating. This was my first time to be hacked to this extreme because I have hundreds of contacts and all of them received a request from “me” that they needed a favor. That favor was to purchase i-tune cards and phone cards, specifically in $100 increments to assist my niece who was traveling and stranded without funds. Really?
The good thing about my contacts is that they know me well enough to know that it was not me, but they had to ask even though it didn’t sound like me, because if I really needed something from them, they were willing to help me, which I appreciate. But when my publisher, my broker, and my insurance people started calling, I felt totally compromised and invaded.
So now what? I did some research on the Internet, and fortunately there is a lot of information that may be significant to my Webstable Soup readers. Be aware that you do not need to pay for expensive fixes. Most Operating Systems have FREE scanners and solutions that will be helpful.
(The following information comprises excerpts from the Federal Trade Commission, the FBI, and the New York Times, with links to other helpful information. But please first read the rest of this blog before you begin clicking on the links that take you to other websites).
How Do You Know You’ve Been Hacked?
If a friend tells you that you’ve been sending them strange emails or spamming their social media pages with posts that you aren’t likely to send, you’re probably already aware what happened: your email account has been hacked. A hacked email account could lead to more serious problems, such as identity theft and other security and privacy intrusions, which could affect your finances and reputation. But before (or after) you panic, calm down, and realize that it happens to a lot of people, and there are logical technical steps to prevent it from happening again.
What to Do if Your Email Is Hacked
If a scammer has swiped your password and is using your account to spew spam, take action and add measures to help stop it from happening again.
If you still have access to the compromised account, changing the password is one of many steps you should take to protect yourself. If you are having trouble regaining control of the account, visit your mail provider’s site for instructions on recovering your account. Apple, Google, Microsoft and Yahoo all have guides on their sites, as should other email and internet service providers. Tell your friends that your account was hacked and to ignore any odd messages that appear to have come from you.
Your account may have been hacked through malicious software, so scan your computer for malware and viruses with a security program. If you do not have security software installed, you can use Microsoft’s built-in Windows Defender or Microsoft Security Essentials. Avast and AVG are among the many companies that make free basic antivirus software for Windows and Mac. Malwarebytes has free and trial versions of its malware-scanning program for Windows and Mac that can work alongside antivirus software. You should also update your computer and devices with the latest security updates.
Turning on an extra layer of protection for your email account, like Google’s two-step verification for Gmail, can help protect against hackers because you must confirm your identity with a smartphone app or text code after you enter your password.
While you are in your mail settings, set up two-factor authentication or two-step verification if you have not already and the feature is available from your mail provider. You will need to provide a code or acknowledge a login attempt on another device after you enter your password, but the extra step helps keep your account more secure.
If you have rescued your account and bolstered its defenses, you should be able to keep using the address as a login for other sites, but go in and change the password you used with it, along with all the other passwords for other sites where you used the address as your login. You should also update any site where you repeatedly used the same password as the one for the hacked mail account.
My personal choice was to create a new e-mail address to replace my old sm121 address. That one will eventually go away after I have made the appropriate connections to my new address.
The Federal Trade Commission has an online guide to dealing with a hacked mail account. And to avoid being hacked again, follow basic precautions like avoiding public wireless networks without using a virtual private network.
The Federal Bureau of Investigation has pertinent information about cyber bullying and reporting.
What To Do When You’ve Been Hacked
1. Update your system and delete any malware; Make sure your security software is up-to-date
If you don’t have security software, get it. But install security software only from reputable, well-known companies. Then, run it to scan your computer for viruses and spyware (aka malware). Delete any suspicious software and restart your computer.
Set your security software, internet browser, and operating system (like Windows or Mac OS) to update automatically
Software developers often release updates to patch security vulnerabilities. Keep your security software, your internet browser, and your operating system up-to-date to help your computer keep pace with the latest hack attacks.
2. Change your passwords
That’s IF you’re able to log into your email or social networking account. Someone may have gotten your old password and changed it. If you use similar passwords for other accounts, change them, too. Make sure you create strong passwords that will be hard to guess.
3. Check the advice your email provider or social networking site has about restoring your account
You can find helpful advice specific to the service. If your account has been taken over, you might need to fill out forms to prove it’s really you trying to get back into your account.
4. Check your account settings
Once you’re back in your account, make sure your signature and “away” message don’t contain unfamiliar links, and that messages aren’t being forwarded to someone else’s address. On your social networking service, look for changes to the account since you last logged in — say, a new “friend.”
5. Tell your friends
A quick email letting your friends know they might have gotten a malicious link or a fake plea for help can keep them from sending money they won’t get back or installing malware on their computers. Put your friends’ email addresses in the Bcc line to keep them confidential. You could copy and send this article, too.
What to Do Before You’re Hacked
Use unique passwords for important sites, like your bank and email
That way, someone who knows one of your passwords won’t suddenly have access to all your important accounts. Choose strong passwords that are harder to crack. Some people find password managers — software that stores and remembers your passwords for you — a helpful way to keep things straight. If you use a password manager, make sure to select a unique, strong password for it, too. Many password managers will let you know whether the master password you’ve created is strong enough.
Safeguard your usernames and passwords
Think twice when you’re asked to enter credentials like usernames and passwords. Never provide them in response to an email. If the email or text seems to be from your bank, for example, visit the bank website directly rather than clicking on any links or calling any numbers in the message. Scammers impersonate well-known businesses to trick people into giving out personal information.
Turn on two-factor authentication if your service provider offers it
A number of online services offer “two-factor authentication,” where getting into your account requires a password plus something else — say, a code sent to your smartphone — to prove it’s really you.
Don’t click on links or open attachments in emails unless you know who sent them and what they are
That link or attachment could install malware on your computer. Also do your part: don’t forward random links.
Download free software only from sites you know and trust
If you’re not sure who to trust, do some research before you download any software. Free games, file-sharing programs, and customized toolbars also could contain malware.
Don’t treat public computers like your personal computer
If it’s not your computer, don’t let a web browser remember your passwords, and make sure to log out of any accounts when you’re done. In fact, if you can help it, don’t access personal accounts — like email, or especially bank accounts — on public computers at all. (Also be careful any time you use public Wi-Fi.)
- Protect Your Computer from Malware
- Phishing Scams
- Computer Security
- How to Recognize and Avoid Phishing Scams
- Family Emergency Scams
- Identity Theft