Your personal e-mail account is a potential treasure trove for cyber criminals, as it likely contains communications between you and your financial advisor, as well as e-mails from financial institutions and other organizations with which you do business. The clever thief could potentially use that information to impersonate you and steal your hard-earned money or even your identity.
If you believe that your personal e-mail account has been compromised, the following guidelines, which are recommended by security experts throughout the industry, can help you close the door on the hacker and protect you from further threats.
Change your password
As soon as you believe that your account has been hacked, change your password. We recommend using a strong password based on the following guidelines:
- Use a word (or words) not found in the dictionary. An unidentifiable variation of letters or even a word in a foreign language can be more difficult to crack.
- Use a random arrangement of capital and lowercase letters. Because passwords are case sensitive, a good mixture can help prevent decoding.
- Use a mixture of letters and numbers. Although numbers placed at the end of a password can make a password easier for a hacker to figure out—especially once the length of the password is determined—using numbers instead of letters in general is a good way to hide your password from a dictionary attack (i.e., an automated trial-and-error process using dictionary words to decode passwords).
If you use the same password for any other websites, be sure to change your password on those sites as well.
One more tip: Search your e-mail account for the word password, which will bring up any e-mails in which you may have sent or received a password. The hacker probably already did this, recording his findings in the process. If you find any additional passwords, be sure to change them.
Choose stronger security questions and answers
Although strong passwords are important, the security questions some websites use to verify your identity can be significant as well.
- Change the security questions on your e-mail account, and use strong answers to respond to them in the future.
- The hacker could have gained access to your account if you used easy, common, or searchable answers to your security questions. You need to choose new questions and make the answers more difficult or even impossible for a hacker to guess or find.
- Use an answer that cannot be searched. Hackers can easily use a search engine to look up your name or e-mail. Avoid using a question or answer that they could find by looking you up on Google.
- Use an answer that cannot be easily guessed. If you choose a question like “What was the first pet you had?” and you use the answer, “dog,” it probably won’t take very long for a hacker to guess the answer. But if you select something like “Ch. Palacegarden Malachy” (you get the idea), the hacker will have a much harder time.
Run antivirus software to check for malware
Running a full scan with your antivirus software will often detect malware. It will also help rid your computer of viruses that are already there—as long as you use an up-to-date version of the antivirus software.
- Malware that runs in the background of your computer can potentially transmit information to hackers or give them direct access to your computer or e-mail account. If your e-mail has been violated, it is possible that such a program has entered your system.
Chances are, your e-mail contacts may be solicited by the hacker posing as you.
- Be sure to contact everyone in your contacts list to let them know that your e-mail was hacked and to warn them to disregard any unsolicited or unusual e-mails from you. Also, be sure to warn them not to click any suspicious links that may have been in e-mails they received.
- Assume that the hacker looked through your entire e-mail account in search of sensitive information. You should do the same, looking through your inbox, sent items, and deleted items to identify any sensitive information the hacker may have seen in those e-mails and respond to them accordingly.
Review your e-mail account settings
The hacker may have edited your settings in one or more of the following ways:
- Auto-forwarded all e-mails to another account
- Changed the “sent from” e-mail address setting so that the e-mails appear to be from someone else
- Changed your footer or your vacation responder notifications
Protect yourself from further threats
- Delete any unused accounts that you may have.
- Idle accounts are prime targets for hackers. If you don’t use them, then you probably won’t even know that they have been hacked! It’s best to just delete them.
- Never check e-mail or other personal accounts on public computers.
- Never log in to any personal accounts over an unsecured Wi-Fi network, including free public Wi-Fi access common in airports, cafés, and bookstores.
- If you receive spam from someone you know, let the sender know that his or her account has been hacked.
Hackers can potentially obtain valuable information about you through your e-mail account. If your e-mail has been hacked, be sure to complete all of these steps to protect yourself from further harm. If your e-mail hasn’t been hacked, we still recommend that you double-check your passwords and security questions and answers to ensure that they follow the guidelines shared here.
These articles offer additional tips for what to do if your e-mail account has been hacked: