For many people, the first sign that their email has been hacked comes when a friend shoots them a text or an email saying, "Hey there. Uh… I think your email was hacked… unless you meant to send me that link to the Viagra store." Or you might figure it out because you can no longer log in to your account, or your smartphone can't retrieve your messages. Or maybe you can log in to your email, but find that your inbox is suddenly empty and all of your contacts have been deleted. No matter what tips you off, when your email is hacked (notice I say when, not if, here), the impact can be disastrous.
The fact is, despite Twitter, Facebook and texting, we still rely on email for most business and personal interactions. So it can be pretty disquieting when inexplicable things start to happen to our email accounts, or our access to email is blocked. When these things happen, we can't just will them away or delude ourselves into thinking that our computer is simply having a bad day. They could well be manifestations of email hijacking, which often is the prelude to identity theft. So your response should not be "Oh God," but rather, "Houston, we have a problem."
There are plenty of things you can do to minimize the risk of having your email hacked, as we've covered in the past. And if you're worried about how to spot suspicious emails in your inbox, there are plenty of telltale signs. Nevertheless, these days nothing is foolproof and nobody is perfect, so the likelihood that you will be exposed to a phishing scam at some point is relatively high. The question is what do you do when it does eventually happen, to keep both you and your friends safe. With that in mind, we offer these tips:
If the wizards who hacked into your account forgot to change your password and you can still log in – do it immediately and change that password. Oh, and make it stronger, stranger and less "you." That means no birthdays, addresses, kids' names, dogs' names, maiden names, favorite movie names, favorite band names, or anything else that you might otherwise feature on your Facebook page.
Can You Really Get Your Credit Score for Free?
If your access is blocked, follow the directions on the email site help center. Once you again become the master of your email kingdom, invent a very sophisticated password, change your security questions and get creative in your answers because the hacker may well have nailed those questions correctly in the first place. Trust me -- you want them out of your life and not as permanent pen pals.
Your email provider has seen this type of thing before and may be able to provide you with further details about the nature and source of the attack, as well as any tools they may have available to protect your information and get you back up and running. (You may also have access to identity protection services through your insurance company, bank, credit union or employer).
The Ultimate Guide to Credit Scores
Notify everyone on your contact list that you have been compromised and they should look at any communication from you with suspicion for the time being. Further, they should double down on their computer protection. If they have already been victimized, offer your condolences and support, and make sure they are following these steps, too. (Hey, maybe forward them THIS article!)
Don't think that sophisticated email hackers are in it for the fun of grabbing your email and then doing a spam conga line. Often their goal is much more insidious. Why crawl into a life unless you can truly monetize it? Therefore, beware of the Trojan. (As a Stanford guy, that has always been my motto when dealing with people from USC.)
In this case however, they may have inserted it into your system so that it can conduct recon and report back to them with all of your passwords or a treasure trove of your information. Get that program running and eliminate any and all viruses, spyware or malware that it discovers. If you don't have a new and sophisticated security software program now is not the time to cheap out. It's a reasonable investment that will ultimately show a serious return by keeping your information yours.
Make sure the cyber ninjas haven't created forwarding email addresses and if you find any delete them immediately. Also, look carefully at the signature block and make sure it's really yours. The hackers may have included some malicious links there too.
In the event you shared your email passwords or security questions with any other site, change them, too. Too often consumers opt for convenience (or simplicity) over security and use a single password for multiple websites -- including financial services, social media, retail or secondary email sites. Not a good idea. In fact it's a very bad idea. Change all of them and use different passwords for each.
5 Credit Rules Everyone Should Follow
Folks have a tendency to send financial or personally identifiable information to others via email and then archive the offending email in a file in their system. If so, immediately go to whatever account is identified and change the user ID and password.
Assuming that the hacker in question was able to find either your Social Security number or other valuable pieces of personally identifiable information, it will become important for you to monitor your credit and various financial accounts for suspicious activity. You can get a copy of each of your three major credit reports for free once a year at AnnualCreditReport.com, and you can use tools like Credit.com's free Credit Report Card for an easy to understand overview of your credit history, along with your credit scores. Finally, you might also wish to contact the fraud department of one of the big three credit reporting agencies and have a fraud alert put on your file, or you may even want to ask them to "freeze" your credit.
Your email is an important component of your identity portfolio. You must manage it like an investment. That means you minimize your risk of exposure by being smart, discrete and sophisticated in your security approach; keep a watchful eye for things that seem a bit "off," and know what your damage control options are before you need to control the damage.
Adam Levin is chairman and cofounder of Credit.com and Identity Theft 911. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit.
If you've ever wanted to spy on your boyfriend or girlfriend's email and social media accounts--or those of your boss--Dell has some tempting news for you. Not only is there a whole underground marketplace set up to help you do just that, it's becoming more professional all the time. Rather than send money and trust a criminal to fulfill your deal, you can make sure the job is done before it's paid for. You'll get excellent customer service. And it will cost a lot less than you think.
This dismaying news is part of Dell's third annual Underground Hacker Markets report. Dell security folks spend a lot of their time trolling the Dark Web learning about prices for various nefarious services. Though hacking is for sale all over the world, the Dell group focused their attention on the Russian underground and English-speaking marketplaces elsewhere.
Their investigation turned up pretty modest prices for hacking activities. For example, you can have a Gmail, Yahoo, or Hotmail account hacked for $129. The same goes for popular U.S. social media accounts. Corporate email accounts are available for hacking too, though that costs $500 per address. Most disturbingly, the hackers assure their prospective customers that they can get into victims' email accounts without changing their passwords or otherwise alerting them to the breach. "Complete confidentiality--the victim will not even notice that their email account has been hacked," boasts one offer.
Adding insult to injury, many of these hacking services promise they're available for contact from 11 a.m. to 11 p.m. on weekdays and additional hours on weekends--much better customer service than the email services they're attacking have. Some offer a free trial attack before you commit, and others offer to work with a "guarantor" who will accept payment but not release it to the hacker until the job is done to your satisfaction.
And the available services go way beyond hacking email and social media accounts. You can also order up a denial-of-service (DDoS) attack that will disable your target's servers for as little as $5 per hour--again with a free trial. Credentials for online bank accounts are for sale as well, priced according to what's in the account. (A $50,000 account will cost you $587, for instance.) They also will transfer funds to you from victims' online payment accounts, for instance $1,500 for a payment of $377.
What should you do about it?
What's a poor internet user to do? Dell offers a variety of suggestions, not all of which will be practical for all users. These range from never clicking on a link or attachment in an email unless you check with the sender first to using a dedicated computer for your banking that is never used for anything else, especially email.
You can see the full list of recommendations for both individuals and businesses in the report. In the meantime, do make sure to do the following:
1. Use two-factor authentication wherever you can.
Two-factor authentication adds a second step beyond entering a password and answer to a security question to gain access to email or other online accounts. Most often, it takes the form of a code number texted to your mobile phone or generated by a program such as Google Authenticator. Services ranging from Evernote to online banks to Google itself offer two-factor authentication as an optional security measure. Use that option whenever possible.
2. Keep your security software up to date.
Just because there's no such thing as perfect security doesn't mean you shouldn't do your best to be as secure as possible. So make sure you have antivirus and anti-spyware installed on your computer and on your mobile devices and that you keep that software up to date. You also need a firewall to keep intruders from getting access to your home or work network. Having security precautions in place may mean that would-be hackers decide to go pick on someone else.
3. Be careful where you browse, what you click, and especially what you download.
If you ever doubt for a moment that a link or attachment someone sent is actually from that person, don't hesitate to ask the person before you open the attachment or click on the link. Be conservative about downloading and installing software on your computer and mobile devices and only do so from known and trusted sources. (Don't assume because an app is in a company's app store or marketplace it's been tested and is safe--it may not be.)
4. Watch your online accounts carefully.
Some miscreants make small "test" withdrawals from victims' online accounts to see how closely they're being watched before going in after a large sum. So keep track of all your online accounts and check them regularly for new transactions. And if you see a small but inexplicable withdrawal, don't ignore it. Consider signing up for a service that alerts you to credit checks, which can be an early warning of identity theft.
5. Never assume anything you do on the internet is truly private.
Your email and social media accounts have probably never been hacked, but if they have you may have no way of knowing it. Your best course is to assume that others could conceivably be listening in--and act accordingly. You never know where information or sentiments you shared online might wind up. Your best defense is not to post, chat message, or email anything that would seriously hurt you if it were ever made public.