It happens to the best of us… You wake up one morning to a flood of text messages. Friends and family are saying that they’re getting emails containing weird links from you – or that they’re being spammed with messages containing urgent pleas to wire them money.
Then it dawns on you… Your email account has been hacked.
Now what? What do you do if your email gets hacked?
Rest assured, you are not alone! The likelihood of becoming a victim of cybercrime is at an all-time high, and email-related attacks (like phishing) are some of the most common types of attacks. Even though being hacked might be becoming more and more common, it isn’t getting any less stressful or confusing.
Today, we’re going to discuss the best course of action to take if/when your email gets hacked. Here are several steps that can help you take back your account and harden your security:
1. Contact your IT professional ASAP
If a hacker gets access to your business email account, the first thing you should do is notify your IT help desk and follow their instructions. If you don’t have an IT guy or your personal email got hacked, you can proceed to the following steps.
2. Report the hack
Like reporting theft to the police, you need to contact your email provider and report the hack. Filing a report helps your email provider track scam-based behavior. Your email provider may also be able to offer details about the origin or nature of the attack.
3. Change your password
If you can still get into your email, you should change your password as soon as possible. This action will help prevent the hacker from getting back into your account.
When picking out your new “hacker-proof” password, consider the following:
- Don’t tell your password to anyone!
- Use a mix of upper and lowercase letters
- Use long passwords
- Change your passwords for sensitive websites
- Do not use the same password for everything
For more reading on creating indestructible passwords, check out this blog on ten password rules EVERYBODY should follow.
4. Change any other accounts with the same password
To err on the side of caution, ensure you change any other account passwords that use the same username and/or password as your compromised email. Hackers like to take advantage of people who reuse the same passwords across different accounts.
5. Notify your contacts
A hacker will most likely use your email account to send phishing emails to your entire address book. As soon as possible, send a message to all of your email contacts. Tell them NOT to open any emails from you because they could potentially contain malware.
6. Set up two-factor authentication
Say yes to multi-factor authenticators! If your bank or webmail offers you these extra security features, use them. It’s a handy way to make sure only you can access your account.
7. Update your security questions
While a compromised password is a likely reason as to why your account got hacked, it’s also possible that hackers broke into your account via security questions. When it comes to security questions, your best bet is to be unique. Many users choose the same answer to common security questions. According to a Google study, nearly 20% of American users answered, “pizza,” to the question, “What is your favorite food.” When coming up with answers, make sure they aren’t guessable or researchable.
8. Consider creating a new email address
Depending on the level of damage, you may want to consider creating a new email address. But as tempting as it is, don’t delete your compromised email address. Most email providers will recycle your old email address, which could allow the hacker to claim the account as their own.
9. Brush up on your phishing knowledge
Lastly, take the time to educate yourself on spam and phishing emails.
Did you know that 90% of modern data breaches now involve a phishing attack? These attacks usually consist of fake emails designed to look like they’re coming from a brand or institution that you trust. Their goal is to entice you to click a link or download an attachment which, in turn, helps them gain access to your valuable data.
For example, let’s say you get an email saying it is from Your Bank, but the email address is strange. The address is YourBank@hotmail.com. That should be a red flag. The sender’s email, especially from a bank, should not be using a public account like Hotmail, Gmail, Yahoo, etc. In fact, no reputable bank or company is ever going to ask you to ’authenticate’ information online.
Getting hacked can be scary, but following the steps outlined in this blog post will help you secure your account and data.