Recently I received an email from a friend suggesting me to check out a page. Along with a lot of grammatical errors, there was a link, its server residing somewhere in Russia from the looks of it. I instantly guessed that my friend’s email had been hacked most probably.
Later after contacting her otherwise, she confirmed my guess and revealed that the email had been sent to her entire contacts’ list. The best I could do was give her a walk-through regarding what she could now do to retrieve or at least prevent further damage. This is what you too should do should you find yourself in such a problem.
Change your password IMMEDIATELY
First things first. Don’t let the hacker get back into your account. Change your password ASAP. Make it stronger. Not related to your previous password. Don’t use the old password even if you make changes to it. Use a new password altogether. If you use your name in your password somewhere, stop it. Get a new password. NOW.
You could use the lyrics from your favorite song as your password. As in if your favorite song is Moves Like Jagger by Maroon 5, “I’ve got the moves like jagger” could make “iGtMlGM5”, which is a reasonable password made up by the first alphabet of every word.
Time to use your ‘Security Question’
You’re lucky if the hacker logged into your account only to send a mass email to your address book.
And if you’re not so lucky, he might have changed your password too, locking you out permanently. In such a case, you need to reclaim your account. This is usually done by clicking on the “forgot your password?” option provided by the respective website and answering the security question you chose when you created your account or otherwise using your backup email account.
Enable more than one ‘get-through’ passes
Set up a second pass in addition to your password and username for logging into your account whenever you do. Apart from password, this usually comprises of a one time use numerical code that the respective website texts to your very own phone, thereby eliminating any chances that someone else may use it.
Google’s Gmail, Microsoft’s Hotmail and Outlook and Yahoo! offer two way authentication process. Switch to one of these can also help.
Go back to your Email Settings
Go back to your email settings to ensure that your settings haven’t been changed to anything you didn’t personally set. At times, the hacker changes your email settings to receive a copy of every email that you get to look out for any emails that may require login information. Recheck your email address list to ensure no new unfamiliar email addresses have been added.
Check your signature to see if they’ve been changed in any way. If you do notice a change, change it to whatever suits you. Make sure it sends out a message to your contact that it really is you.
Last but not the least, see if the hacker has enabled the auto-responder thereby converting your “unavailable’ status to spam.
Scan your PC for malware
Run a thorough scan on your computer for detecting any malware. Everyone nowadays has a malware on their case. But even if you don’t, not a problem. Many different anti-malware softwares are available for free download. If you find a malware on your PC, your original anti-malware obviously didn’t help. Get a better software. Some are better than others. Also scan other computers you log in from i-e your workplace computer.
If any malwares are found, fix it and go back to your email to change your password (Because when you changed it in #1, the malware was still on you system).
Recheck if more than your email account has been compromised
Many people make the grave mistake of saving their usernames and passwords in a folder in the email accounts. This way once a hacker is in your email, he can easily find out numerous other credentials you use for different accounts.
To be honest, nearly all of us have such information, buried deep somewhere in your email account. Look up for the word “password” from your emails and check if any other accounts too have been compromised. Change the passwords for all such accounts right away. If it includes your bank account credentials, check to see and identify any suspicious transactions that might have been made.
Change the passwords of any and all accounts that use the same username or password as email account. Hackers are intelligent enough to know that most people use the same username and password for multiple accounts and can always attempt to log in to your other accounts and may be successful.
Formally apologize your contacts for the trouble
Let your friends, family and acquaintances know that your account has been hacked and that they should trust or open any emails or any links contained by the emails that they recently received from your email address. Many of them would probably have it figured out or might have hear of it from another friend but you should still publically announce it so as to not ignore the slow learners.
Prevent it from happening again
Most hacks result from mass breaches such as Russian hackers who stole nearly 1.2 billion usernames and passwords just last summer. But that may not necessarily be the case if your account gets hacked. Many hacks also result from care choice and protection of login credentials.
A recent study by Google revealed that most people use daily-life information for their login credentials therefore making it easy for the hackers to break in with just a few intelligent guesses. Easy credentials make for easy hacking. Hackers have programs with the ability to scan thousands of accounts within seconds to identify weaker ones.
A strong password is a good idea to prevent being a victim of such attacks. It is also advised that you use different passwords for all your accounts. Or at least use a unique password for accounts like email, bank and other crucial accounts. If you are having trouble managing different passwords for different accounts, a password management program can make it easy.
Computers on public places such as hotel lobbies and libraries are an ideal spot for hackers to install hacking programs such as keystroke recorder. The PCs are used by many people on a daily basis and they don’t think twice before entering any sensitive information such as credit card information to make a purchase or opening their account to check for emails. It is advised to assumed that these computers i-e ones in public places are already compromised and therefore should be avoided.