This has happened to two clients in the past week or so and caused no end of inconvenience and embarrassment. Suddenly loads of spam emails are being sent without your knowledge or consent to all your carefully nurtured prospects, suppliers and clients.
So if a scammer has swiped your password and is using your account to send out spam, here what you need to do to take action and add measures to help stop it from happening again.
How does it happen?
Your computer or smartphone was most likely compromised in one of four ways:
- You do not have up-to-date security software installed.
- Your passwords are weak and easily hacked.
- You clicked on a malicious link in an email, IM conversation, or on a social networking site, or webpage.
- You downloaded a game, video, song, or attachment with malicious scripts or files attached
What to do after your email is hacked
When your email account is hacked, there are several steps you need to take to fix the problem and prevent it from happening again:
1. Check (and update) your computer’s security
Most hackers collect passwords using malware that has been installed on your computer (or mobile phone if you have a smartphone). No matter which operating system you use, be sure your anti-virus and anti-malware programs are up to date. Choose the setting that will automatically update your computer when new security fixes are available. If you’re already using an antivirus program, run an end-to-end scan of your computer. Set your computer to update automatically so that you get protection from new attacks as soon as possible
2. Change your password and make it stronger
Do this after your anti-virus and anti-malware programs are updated or the hackers may collect your new password as well.
- Strong passwords do not have to be hard to remember, they just have to be hard to guess.
- Make your password at least 10 characters long, and use capital letters, lower case letters, numbers, and symbols.
- Do not use information about yourself or someone close to you (including your dog or cat!) like name, age, or city.
- Do not use words that can be found in a dictionary, these are easy for hackers to break, even if you spell them backward.
- Text messaging shortcuts can help make strong, memorable password creation easier. For example L8rL8rNot2Day! translates to later, later, not today.
- Studies show that the average email account has 130 password-protected accounts linked to it, so it’s no wonder passwords often aren’t as secure as they should be. A password manager can help you keep them in order and encrypted. There are lots of these available – the suggested password and storage feature on google chrome is very good or I also use a secure password vault app.
3. Send an email to your contacts saying you were hacked
When an email comes from someone you know you are more likely to open it and click on links within it – even if the subject is weird. Help stop the spread of the malware by warning those in your contact list to be cautious of any email sent by you that doesn’t seem right and to not click on the links.
4. Be alert to spam, phishing, and scams
Spam comes at us from all angles; in the mailbox in front of your home (junk mail) in your email inbox, social networking sites, chats, forums, websites, and also on your phone. Now more than ever, it is important to be on the lookout for phishing scams. No stranger is going to give you money to help them out, you haven’t won the lottery, there is no miracle weight loss cure. No reputable bank or company is ever going to ask you to ’authenticate’ information online. And if you get an email with a link to one of these sites, don’t use it; instead, use your search engine to find the site yourself, and then log in. If the message was legitimate, the message will be waiting for you in your account.
5. Change your security question(s)
If your email account was hacked from a device or location not matching your normal usage patterns, it’s possible the cybercriminal needed to correctly answer a security question. If your question and answer are common (Question: What is your dog’s name? Answer: Spot), that may not have been a difficult challenge.
6. Consider adopting two-factor authentication
Many email providers offer two-factor authentication (2FA) as an additional security measure. This method requires both a password and some other form of identification, such as a biometric or a mobile phone number, to access an account.