In this article we tell you how to find out if your account has been compromised, what actions to take and how reduce the chances of being hacked in the future.
How can you tell if your email account has been compromised
1. Your email and password combination may stop working
This could mean that a hacker has locked you out of your account by changing your password.
You may be presented with a message asking you to enter your password (which does not work any more).
You may also see a notification of account error.
2. You are not receiving any new emails
This can happen if a hacker gains access to your account and has set up an email rule that divert all new emails to Trash or some other more obscure email folder. That is why it often may seem like the email account has stopped working. This means it will most likely take you longer to figure out what is going on, thus buying more time for the hacker to cause you harm. Once they have access to the information in your inbox and folders it is a race against time to minimise the damage caused.
For this reason, it is very important to act quickly to stop a hacker in their tracks.
3. There are emails in your inbox or sent folder that you did not send
Check your Sent Folder. You may see strange or suspicious emails in your inbox or sent folder. This could mean that the hacker is attempting to send further emails using your email contacts list.
Not all hackers lock you out of your account. In stead they may look through your emails to discover personal details about you, your contacts or to access other accounts by reseting their passwords. These could be financial account such as your bank or credit card.
The longer this goes unnoticed by you the more time they will have to do their work. This is why hackers will often try to cover their tracks.
4. Colleagues, work contacts or friends start telling you that they have received suspicious or unexpected emails from you.
This is a red flag so do not ignore it. A hacker does not want you to be alerted by these emails and it is the reason why they may divert further incoming emails to your account.
How can an email account become compromised?
1. Phishing Scams
You may accidentally click on a link contained in an email that appears to be from a genuine source.
It might ask you to confirm your login details or may present a link to a document that has been shared with you.
2. Data Breaches
You personal details might have been shared on the web because they were included in a larger data breach that impacted another service that you are signed up to.
3. Use of public Wifi or unsecured networks
Do not rely on the security associated with public and unsecured networks – it is usually weak.
Make sure your computer’s software Firewall is turned ON.
Your device should notify you if you are using an insecure network.
This type of network is vulnerable because it may use old, unsupported router equipment or has not applied vulnerability patches.
It might not have the router firewall turned on at all.
Routers come with a standard admin password which are freely available on the internet.
It is important to change this password when a router is first set up.
In reality, few cafe owners know how or bother to do this, which makes life easy for a hacker.
Fake, “Evil Twin” WiFi networks can be set up or “Man-in-the-middle” technology can be configured to intercept your data when you working in your favourite cafe or airport departure lounge.
4. Not logging out after using a public device
If you use of a public computer, perhaps in a library or shared space be sure to sign out after use.
It goes without saying that if left signed in your account becomes very vulnerable to being hacked.
Why do hackers want to access your email account?
Your email account is a potential treasure trove of valuable information for a hacker.
1. Access your contacts and send them further phishing emails
Hackers can gain access to your list of contacts, which can be used in turn for further phishing attempts by the hacker. They then to look for people that you have a lot of communication with, such as your manager, partner, colleagues etc.
2. Search your email Inboxes and send further phishing emails to your email recipients
Your email inbox can provide a hacker with a good idea about the websites you visit, the people you know and the different accounts you hold. They can use this information to try to steal money or obtain personal information that can be sold on the dark web.
3. Search your inboxes to in an attempt to extract details about your other online accounts
Your main email address is usually the primary account identifier for multiple logins.
Having access to your email inbox is an excellent first step for a hacker, who may then attempt to gain access to your other online accounts and reset their passwords.
What should you do if your email account is compromised
Once you are convinced that your email account may be compromised, act quickly.
It is usually a race against time to minimise any potential damage caused by a hacker.
1. Contact your IT support team
The first thing is to apply a Block Sign-in on your account. This will immediately block any new sign-in attempts and log-out everyone within 60 minutes. After this they will also be able to help you with a password reset.
Your IT team should take this seriously and they will also begin to investigate the sign-in activity on your account.
2. Revoke any admin rights
If you have admin rights for your company’s email and other systems as part of Microsoft 365 or Google workspace, it is important that your Admin status is revoked temporarily whilst the issue being rectified. The reason for this is that a hacker could make changes to the accounts of other users by resetting their passwords or turning off 2FA for example.
For this reason it is a good idea to have a separate, dedicated admin user that is the only one who can make such changes.
3. Run your antivirus software
It has long been assumed that Mac computers are protected from viruses. This is not the case even though Macs are considered to be pretty secure. If you bear in mind that Macs have a 16% market share, hackers will have the biggest impact by going after Windows devices instead.
Implicit is a managed service provider (MSP) for Malwarebytes anti-virus software.
4. Apply 2FA (Two-Factor Authentication)
If you have not already applied 2FA to your account, do it now.
2FA requires you to enter an additional piece of identifying information in addition to your email password. This is also referred to as MFA (Multi-factor Authentication). The most secure method is to use an authenticator app such as Microsoft Authenticator or Google Authenticator, but an OTP (One Time Passcode) via mobile phone SMS or an alternative email address are usually an option too.
If your account has been compromised, a hacker might be able to add their own 2FA codes!
Check the security settings for your account and make sure that you recognise all of the 2FA/MFA devices & phone numbers.
Ask your IT team to assist if you are unsure how to do this.
5. Change your Password.
Before you change your password it is important to make sure that you are confident the account is now cleaned by logging out all devices and enforcing 2FA as described above.
Make sure the new password is unique & completely different to your last one with no repeated sequences of words, phrases or numbers.
Be sure to stay away from referencing personal information such as birthdays, names of children, street name etc.
Ensure your new password is at least 12 characters long with a mix of upper, lower case, special characters & numbers.
We have created a free passphrase generator that produces strong, long passwords in the form of three random words.
We encourage our clients and anyone else to use it.
If you struggle to manage your passwords, consider using a password manager. Apple have recently release the Passwords.app which is quite good but for business, consider Keeper password manager for which we are a Managed Service Provider.
6. Address Other Online Services that share the email & password combination
In the case where you suspect you may have used the same compromised email & password combination for other accounts the potential for further damage increases considerably. It is important to also change the passwords for these accounts too, making sure they are each replaced with a unique, strong password.
7. Notify People that you know.
8. Report it to NCSC
Report suspicious emails to The National Cyber Security Centre (NCSC) using [email protected].
The NCSC will analyse the suspect email and any website links too. They have the power to investigate and remove scam email addresses and websites so it is worth doing.
How to help prevent your email accounts being hacked in the future?
1. Password Hygiene
Using a strong, long & unique password is the most important factor if you want to protect your email account. Here are some of the factors to consider:
Password Length
Longer password help to protect against brute-force attacks. They are harder to crack or guess because there a greater number of possible combinations. The minimum recommended number of characters to use is 12 but 14 is better. Each additional character added will increase the amount of time and effort required for a brute-force attack to be successful.
Longer passwords are less likely to be included common word lists used by hackers as part of “dictionary attacks”.
Unique passwords
Avoid using the same emails address & password combination for multiple accounts – yes you!
A hacker will be sure to use your compromised password to try to gain access to your other accounts which can result in a domino effect.
Things to avoid:
– Do not include any personal information, such as birthdays, family names, street names etc.
– Do not re-use words
– Do not recycle the same password with a mix of ! $ * & characters appended to the end.
Complexity
Make each password difficult to guess by using a mix of uppercase and lowercase letters, numbers and special characters
Pass-Phrases
The obvious problem with long, unique and complex passwords is that they are hard for humans to remember.
For that reason pass-phrases are growing in popularity.
A pass-phrase is a password composed of say 3-4 random words plus other characters.
You can apply a system so, the words might be in Title Case, separated by a special character (hyphen) and ending with a number.
Here is an example of a secure pass-phrase: Game-Set-Match-4.
It is 16 characters long, contains upper, lower, special and numerical characters. The great thing is that once you stand a chance of remembering it.
We have built a simple free password generator for anyone to use. Why not give it a try here.
Sharing Passwords
Avoid sharing your password by email or messaging app.
Use a different medium to share passwords. e.g. if someone emails you to ask for a password, send the password via SMS or WhatsApp instead.
It is Ok to write down your passwords so long as they are stored in a safe place.
Consider the following for sharing passwords:
Verbal: It’s low tech but telling someone a password face to face or by phone is a good approach.
If you and your team adopt a standard format for your pass-phrases things get a lot easier.
In the example above you would just say “Game Set Match 4 “and your colleague would already know that it is in Title Case, separated by hyphens with a number at the end.
One-Time Share: Password Manager Apps such as Keeper allow you to share passwords by sending a one-time, expiring email or text message that contains a QR code to access the password.
2. Apply MFA/2FA
MFA requires you to enter an extra piece of identifying information in addition to your email password that can only come from you.
Most online services offer MFA in some form. It is important to apply MFA on all accounts where it is offered.
Microsoft and Google provide Popular Authenticator apps which allow you to set up passcodes and QR codes for multiple accounts.
3. Use a password Manager
Apple’s Passwords App via iCloud is very handy because it works across all your devices and web browsers. It also means that you have access to all your passwords on any device or even when logged into iCloud.com.
Requirement for managing passwords for a team is more complicated.
In this case we recommend using Keeper because it allows your organisation to share and manage access to passwords for your teams. Passwords are stored and retained centrally by an organisation.
It is possible to set up shared password “vaults” for specific teams or user groups. Access can be easily revoked if a staff member leaves.
We manage a growing number of Keeper account for our clients.
Do get in touch if you feel this might benefit your team.
4. Account Separation
Set up a single Administrator user account on your computer(s). Set up Standard user account(s) for all the users of the device. When logged into your Standard Account it is necessary to
Recent Comments