1. What is a compromised (or hacked) email account?
Access to email accounts is mostly through the use of a username and password and/or PIN. A username and password are intended to be kept secret. However, should a hacker (unauthorized person) gain access to these credentials and use them to access your email account, your email is said to be compromised or hacked.
Upon gaining access to the email account, the hacker can then masquerade as the original user. He/she may also have access to folders or files in your online storage.
In this article, we will cover how to know whether your email account has been compromised, how it happened, what to do should your email be compromised, and how to prevent it from happening again.
2. How do I know whether my email has been compromised?
There are signs that would indicate that your email has been compromised, some more obvious than others. The most common are:-
- You are unable to log into your account. In this case, a hacker may have changed your password. This is one of the first steps hackers take after compromising your email account.
- Your colleagues or contacts are asking why you’re sending them spam (and you’re certain you did not).
- Other users may claim to have received emails from you. However, the corresponding email will be missing from your Sent Items folder. For example, Paul Simba may claim to have received an email from you. However, in your Sent Items folder, there is no such email to Paul Simba.
- Conversely, there may also be emails in your Sent Items folder that you did not send. This is a sign that someone gained access to your account and is using it to send potentially fraudulent messages.
- Some of your emails are missing (deleted).
- Your display name is changed in the global address book/contacts list.
- There are unusual changes to your profile such as name, number, or unusual signature.
- Your mailbox may be blocked from sending emails.
- The Sent or Deleted Items folders in your mailbox may contain common hacked-account messages such as “I need your help urgently!”
- There are unusual credential changes such as multiple password-change requests.
- There are new inbox rules that were not created by you or the administrator. These rules may for instance forward emails to unknown addresses or move them to the Junkmail folder.
- For more technical users, you will notice several different IP addresses in your IP log. These may be different from where you normally access your emails – your home or office network. Usually, hackers will be logging into your email from different locations.
If indeed your email has been compromised, you may be wondering, “How did it happen?” Well, let’s discuss a few possible scenarios.
3. How was my email account compromised?
It is important to know that:
There are other factors that go hand-in-hand with spam filtering and failure in any one of these aspects could lead to your email account(s) being compromised.
If your email account has been compromised, it was most likely for one or more of the following reasons:
- Your password was weak and therefore easily guessed by the hacker.
- You wrote down your password somewhere (for example, in your notes on your phone or even on a piece of paper) and it ended up in the wrong hands (or should I say, eyes!).
- You do not have security software installed on your computer/server or your security software is not updated, therefore, a hacker managed to install a keylogger on your system. This allowed the hacker to capture your password as you typed it in.
- You clicked on a malicious link in an email, chat conversation, social media, or on a website.
- You unknowingly downloaded software, an app, a game, video, song, or attachment with malicious scripts or files attached to it.
- Your email solution does not encrypt data in transit. This effectively means that a hacker can secretly intercept the communication between your computer and the server during authentication and capture your password.
4. My email account has been compromised. What should I do?
You’re probably wondering, “So what should I do if my email has been compromised?” Well, if your email account has been compromised, here are some steps you can take to fix the problem:-
i. Check (and update) your computer’s security
- Most hackers collect passwords using malware that has been installed on your server, computer, or other device (tablet, smartphone). Therefore, be sure your antivirus and antimalware software are up-to-date.
- Make sure your antivirus and antimalware software is set to automatically update when new security fixes are available. This will ensure you are protected from new attacks.
- Check to see that all operating system patches and updates are also installed.
- Set your computer to automatically download and update the operating system any time there are new security features. This will ensure you are protected from new attacks.
- Once your antivirus, antimalware, and operating system are updated, run a complete scan of your system.
ii. Change your password
- Next, you should change the password on your email account. This should stop the hacker from continuing to masquerade as you. It is important to do this after your antivirus, antimalware, and operating system have been updated; otherwise, hackers may collect your new password as well.
- Set strong passwords.
- Reset to a strong password with uppercase letters, lowercase letters, at least one number, and at least one special character.
- If new passwords are being set by an administrator, do not send the new password to the intended user through email as the attacker still has access to the mailbox at this point.
- Do not reuse any of your last five passwords – to ensure that it will not be something the hacker can still guess again.
- Do not use words that can be found in the dictionary. These are easily hacked even if spelled backward.
- Do not use common names of people.
- Avoid patterns, for example, 123123 or repetitions of numbers or letters such as aaaaa or 666666. Also, avoid numbers or letters that are next to each other on the keyboard like qwerty.
- Do not use information about yourself or someone close to you like name, date of birth, or age.
- Ensure your password is long – at least 10 or more characters.
- Text messaging short forms can help you make strong passwords and remember them. E.g., 1AmH@ppy
- Enable two-factor authentication (2FA) or multi-factor authentication (MFA). This will minimize the risk of compromise. This is particularly important for administrator accounts.
- If you are accessing your email via a third-party application such as Outlook, Thunderbird, etc., use app-specific passwords to protect your primary password. In Microsoft accounts, be sure to reset app passwords as these aren’t automatically revoked when a user account password is reset.
- Change the password of any other online accounts that use your email address, for instance, online banking.
iii. Change your security question(s)
Change your security questions to ensure they are not easily guessed.
If your email account was hacked from a device or location not matching your normal usage patterns, it is possible the hacker most likely had to correctly answer a security question. If your question and answer are common (for example, what is your dog’s name? Answer: Simba), that may not have been a difficult challenge.
iv. Warn those on your contact list that you have been hacked
Warn those on your contact list that your email account has been compromised. You can start by checking your sent items in your Sent folder to see if there are any emails you did not send appearing there. If so, start by informing these contacts that your email account was compromised. This might prevent them from opening fraudulent emails and clicking on potentially harmful links (containing malware). The attacker may have asked them for money, spoofing, for example, that you were stranded in a different country and needed money, or the attacker may send them a virus to also hijack their email or computers.
v. Notify your email provider or IT administrator
Let your email provider or IT administrator know that your account has been compromised. They may offer additional guidance on how else you can ensure security.
vi. Remove backdoor entries
Even after you’ve regained access to your account, the hacker may have added back-door entries that enable the hacker to regain control of the account. Perform the following steps to regain access to your account. The sooner the better to make sure that the hacker doesn’t regain control of your account. These steps help you remove any back-door entries that may have been added to your account.
- Remove any suspicious email forwarding addresses.
- Disable any suspicious inbox rules.
- If the suspected compromised email account was used to send spam, the mailbox has likely been blocked from sending mail. You will therefore need to unblock the user from sending mail.
- Block the suspected compromised account from signing in until you believe it is safe to re-enable access.
- Remove the suspected compromised account from all administrative role groups. Administrative role group membership can be restored after the account has been secured.
After you perform these steps, we recommend that you run a full virus scan to make sure that your computer isn’t compromised.
5. How do I prevent my email from being compromised again?
i. Use a reliable spam filtering service
If you aren’t already doing so,
This will ensure that your emails are filtered and spam is stopped before it ever gets to your server or network. See more reasons why you should consider a third-party provider for your spam filtering here.
However, as discussed above, third-party spam filtering on its own is not a silver bullet to preventing email hacking or compromise. Read more below on other important factors to put in place for added security.
ii. Smarten up about spam, phishing, spoofing, and online scams
Spam comes at us from various sources; in your email inbox, via instant messaging, social media, chats, forums, websites, and sadly, now also on your smartphone. It is important to be on your guard for phishing scams.
- You do not have a rich uncle you’ve never heard of in some foreign country trying to send you money. You have not won the lottery. No stranger is going to give you money for no reason, and if there was a miracle weight loss cure, it would be front-page news and on every TV station.
- You might see an email in your account that looks like it’s from your bank. If that email asks you to send your username and password to verify your account, stop. This is almost certainly a scam.
- Your bank or other financial institutions will never ask for your personal information via email. Before sending this information, call your bank or financial institution at their published customer service number to verify whether it requested this personal info.
- Don’t click on links in emails unless you know who sent the message to you and you’re expecting this person to send you a link. Don’t click even if you know the sender if you’re not expecting that link. These fraudulent links often lead to spoofed websites that look like they’re run by a bank or credit card provider. However, they are created by fraudsters to scam you out of your personal information. If you get an email with a link to one of these sites, don’t use it; instead, use your search engine to find the site yourself and then log in.
ii. Verify that content is legitimate before you download
Only download content that you have read good reviews about from sites you can trust. If the content is pirated, free, or comes to you anonymously, it is safer to assume it may contain malware.
A good antivirus software will be set to scan any downloads to your computer. This can serve as a warning should you accidentally download potentially malicious content.
iii. Turn on Multi-factor authentication (MFA)
If your email provider offers multi-factor authentication (MFA), enable it as an additional security measure. All MailSafi email hosting solutions offer two-factor authentication (2FA).
With MFA/2FA, you must first log into your email with your username and password and then wait for a code/PIN usually sent to your mobile phone. And then you have to enter that code/PIN to gain access to your account. Even though this adds an extra step to logging into your email account, it provides an extra layer of protection.
6. How can IT administrators help minimize cases of email compromise?
- Constantly educate your employees on email compromise causes and prevention. You can read more tips specifically about email security in our article on The Role of Employees in your Fight Against Spam. Additionally, keep your staff updated on new techniques or patterns that would help them identify these risks.
- Test staff with incident scenarios. Test controls and encourage staff to report any suspicious incidents.
- Review, refine, and retest your incident management and phishing reporting systems.
- Review existing processes, procedures, and separation of duties for financial transfers and other important transactions such as sending sensitive data in bulk to external entities. This is necessary to help you identify insider threats.
A good first step in protecting your email is to get the right email service provider and email security for your business. Contact us for more information on our cloud email hosting and email security services.
Our solutions are compatible with multiple applications, operating systems, as well as with Microsoft 365 and Google Workspace.