[Updated 2020] Hacked Email Account: What to Do If It Happens to You or Your Business
So you think you have nothing valuable on your email? Think again.
We invite you to do a little exercise: open your email and take a look at everything that you keep on it, both sent and received conversations, on both personal and company accounts. Scan all of them, every attachment you ever sent or received, every personal and work conversation, every email draft. We keep it all there, in only one place: photos, contracts, invoices, tax forms, reset passwords for every other account, sometimes even passwords or credit card PINs. Plus: our emails are interconnected to all our other digital accounts, from bank accounts to social networks (LinkedIn, Twitter, Facebook, etc), cloud services (Google Drive, iCloud, Dropbox), online shops (Amazon, for example, where you most likely saved your credit card details as well) and so on. By simply breaching the email, a malicious hacker can easily get access to all these – do you really (still) think that a hacked email account would not represent a serious problem?
Hackers don’t just want your money. They want all the details they can possibly get, no matter if you’re the CEO of a top company, a celebrity or just someone with “nothing valuable” on their emails. Your data can be used to make financial operations in your name. Cybercriminals can use your credit card details, open bank accounts, take out loans, ruin your credit card’s rating and many others – not to mention that the hacked email account is a company one, we’re already talking about a data breach, whose consequences usually are revenue loss, time loss, brand damage and legal actions.
Hacked email account – what’s in it for the cyberattackers
Contracts almost always contain confidential information that you wouldn’t want anyone else to see – especially malicious hackers! Remember the Sony Pictures Entertainment hack, from a few years ago? A hacker group leaked personal information about the company, their employees, their families, their emails, executive salaries, copies of (then unreleased) movies and many others, including emails of its co-chairman, Amy Pascal. It was a very expensive hack, costing the company more than $100 million.
Ryan Holiday went through such a scandal, back in 2008. While he was the Marketing Manager of American Apparel, a former IT employee leaked the personal conversations between him and the CFO. The media outlets span them in order to appear as if the company was facing bankruptcy.
Photos – especially nude photos
It’s only been two years since the Fappening, when hundreds of nude photos, mostly with women, were leaked. Various celebrities were affected by this scandal, including Jennifer Lawrence, Kate Upton, Kirsten Dunst and many others. The attacker used a simple phishing technique in order to gain access to victims’ accounts: he sent them emails that appeared to look like they came from Google or Apple, warning them that their accounts might be compromised. He asked them for their passwords and that’s how he managed to get into their emails and iCloud backups.
Invoices, scanned IDs, insurances
Invoices usually contain many sensitive details about the recipient: name, phone, addresses. All these can be used by malicious hackers for identity theft.
Passwords, credit card pins or bank account information
This one’s easy: if you’re storing your passwords on your email, in case your email gets breached, so do all your other accounts. For safety reasons, you could either write them by hand and store them in a secure place, where only you have access, or you could use a password management software to keep them encrypted for you. You can find more tips on how to manage your passwords here.
“Reset your password” emails
“Reset your password” emails are another treasure that cybercriminals can find in a hacked email account. They’ll be able to see what other accounts you have, reset your passwords and take over those as well. It’s not hard for them to find them, but you could make their job harder by deleting all the emails you get from those accounts.
Travel itinerary and calendar
These are gold for thieves or scammers. Just think about it: they know precisely when you’re gonna leave home, when you will be on a plane (and most likely without network coverage), when you’ll be in a meeting, and when you’ll return back home – you could even end up with your house broken into. If you’re preparing to travel, here are some tips on how to how to have a cyber safe holiday.
Tax forms contain a crazy amount of information about us, that can be used by identity theft criminals. If you emailed them in the past, search for them and delete them.
Order confirmations from online shops
Such emails contain all the order details, from what you bought, to the delivery address, date, phone number and method of payment. From here, a cyber crook can also access your online shop profile and see your saved credit card details. Remember to delete all transactional emails after you received the orders. Also, do not save your credit card details on any shopping website. Instead, fill them in every time you want to buy something. Moreover, don’t save any credit card details or delivery addresses on your profiles – not on Google storage, not on Amazon, not on Dropbox, nowhere.
It’s not only your contact information that would be compromised in case of a hacked email account but also all of your contacts. They are also valuable to cyber attackers, as they can use them for identity theft as well or sell them on the dark web to spammers.
Hacked email account – how do you know it happened?
You have probably understood by now how valuable your email accounts could be for a malicious actor. If you’re wondering how could you tell that your account has been compromised, have a look at the tell-tale signs below:
You’re told that your password is incorrect
If you’re told that your password is wrong, it has probably been changed by a malicious player.
You notice strange emails in the Sent folder
Not all hackers’ goal is to completely lock you out of your email account. They might just want to be able to access it whenever it suits them, to send spam or just to collect information. If your contacts complain that they have received abnormal emails from you, you might deal with a hacked email account.
You receive unexpected password reset emails
Unexpected password reset emails are a clear sign of someone messing up with one of your email accounts. This kind of email is usually sent to secondary email addresses, just like the ones which confirm a password modification.
You notice unusual IP addresses, devices, or browsers
Many email services allow you to check your login activity and the locations where your accounts have been accessed from. If you notice unknown IP addresses, devices or browsers, most probably someone is trying to take over your account.
Hacked email account – what now?
Change your password
If you suspect someone is tampering with your account, the first security step is to change the password. If that is not possible, try the recovery process. If that fails too, don’t hesitate to contact your email provider’s customer service as soon as possible.
Add two-factor authentication
This is the second most important step you should take. Activate two-factor authentication (also called multiple-factor verification) everywhere you can. Almost all major companies offer this option and some even impose it by default. From bank accounts to email providers, big social networks, cloud services and so on, you should keep it enabled everywhere it’s available. It works as an extra protection layer, besides passwords. The second factor usually consists of a unique passcode that’s time-sensitive and you can only receive it through your mobile phone or some other physical object that you have. You can see how this can be an impediment for malicious hackers, lowering their chances to succeed. Even if they somehow manage to find out your passwords, they’ll only be able to access your account if they also get past this second security layer.
Double-check account recovery information
If you manage to regain access to your account, don’t relax just yet – check all your account recovery information. If you don’t recognize the phone numbers and email addresses listed there, change them immediately.
Check account forwarding and auto-replies
Cybercriminals might use auto-forwarding to get copies of the emails you receive and auto-replies to automatically send spam to your contacts. Make sure you check these sections after you get access to your account again.
Check if other accounts were affected
We use emails to secure other accounts, so you have to make sure that nothing else was compromised. Make sure you can log in and consider changing the other accounts’ passwords anyway. If you can’t access the accounts you use the hacked email account for, try to reset their passwords immediately or contact customer service.
Alert friends and family
If you’re dealing with a hacked email account, it is recommended to alert your friends and family that they might receive spam emails or that someone might try to steal information from them too. Advice your contacts to be on the lookout for suspicious emails or even phone calls and give them a safe email address where they can reach you.
Clean up your device
After recovering your hacked email account, make sure that you run an antivirus scan to check for any type of malware. Make sure that your browsers and applications are up to date and, if you do not have backups already, now would be the perfect moment to start compiling them.
HEIMDAL™ ENDPOINT PREVENTION
- DETECTION AND CONTROL
Hacked email account – but what if it’s a business email account?
A business email compromise (BEC) is also called a Man-in-the-middle attack and it can have much more unpleasant consequences than the hacking of a personal email account. If you notice something unusual with your business email account, try taking the following steps to avoid spreading phishing schemes or even malware to other employees of the company:
Lock down your accounts
As in the case of a personal hacked email account, it’s important to check all other accounts and information linked to the compromised one and cut off the access to them. Notify the bank or other financial institutions you work with about the breach and check the settings of the company’s social media accounts. Don’t forget to make sure that your email account has strong security questions and two-factor authentication.
Notify necessary parties
If your business email account gets hacked, it’s important to notify your business associates that might work with sensitive information. If the email is linked to a subscriber list, consider writing a social media post and a paragraph on your website to explain the situation to your followers and apologize.
Prepare to contact Customer Service
If you cannot recover your account by hitting the “forgot password” button, you might have to talk to your company’s IT department. Another option to get control over your email account is to contact the Customer Service of your email provider.
Clean up your system and email
After regaining your email account, it is recommended to check your system for any suspicious software or files that might have led to the attack in the first place. If you have been the victim of a phishing attack, you might have malware in your system, so you might even need to restore the computer or reinstall the OS.
Hacked email account – prevention strategies
Set strong and unique passwords
This should be the first and foremost step taken. The two main characteristics of a good password are its strength and uniqueness. A strong password should be long enough (go for at least 14 characters), include upper and lower cases, numbers and symbols. Don’t use your name or nickname, your birth date or birthplace, nor the birth date, birthplace or name of any of your family members or friends (pets included as well). Also, stay away from any variation of the word “password” or common passwords such as “qwerty”, “0000”, “1111”, “12345”. Here’s a longer list of bad passwords. “Unique” means that you shouldn’t reuse your passwords on any other accounts. Don’t set the same password for Facebook, Twitter, email, cloud storage and so on. Otherwise, in case one of those services gets hacked, all the rest of your accounts will be vulnerable. Learn from the recent mega data breaches that affected hundreds of millions of users. Databases with passwords from LinkedIn, MySpace and Tumblr accounts led to many more breaches. Celebrities were just as affected: Mark Zuckerberg’s Twitter and Facebook profiles were hacked because he was using the same (extremely weak) password he had on LinkedIn. Katy Perry and Drake weren’t spared either. If you can’t keep track of all your passwords by memory, you can make your life easier by using a password management software. It will keep all your passwords encrypted and warn you if you try to set a password that’s neither strong nor unique. This way you’ll only have to remember the master password, the one that you use for the software. Here are more tips on managing your passwords.
Activate two-factor authentication
As we’ve previously mentioned, two-factor authentication is one of the most effective security measures. It is secure and it will not take a lot of time to get through it – you won’t need to authenticate yourself every time you open your browser or mobile app and want to check your account. You can save the devices and browsers you use most often, and you’ll only be prompted to insert the second-authentication factor if you want to log in from a new device. Here’s how and why you should activate two-factor authentication.
Set a lock code to your devices
It is a bit surprising how many people leave their devices unprotected by not setting an automated lock. We can’t always guard our laptop, mobile phone, or tablet and make sure that nobody else accesses them. A lock code is one of the easiest ways to keep intruders away. Here are more tips on how to keep your mobile phone secure.
Install security software
Install security software on all your devices. It is recommended to have: – A strong, reliable antivirus You could try our very own Endpoint Security Suite. Its modules DarkLayer Guard and VectorN Detection will help you prevent data leaks and ransomware and spot hidden threats, and its powerful firewall will prevent incoming attacks and even let you isolate a device when necessary. Endpoint Security Suite offers local & real-time scanning and continuous monitoring of processes and changes through heuristic, behavior engines. – An email security solution If you want more than a simple spam filter for your email, Heimdal™ Email Fraud Prevention is the perfect choice for you – with over 120 detection vectors, it can help you prevent business email compromise and discover imposter threats and advanced malware emails. Moreover, a team of experts would be there for you 24 hours / 7 days a week, to analyze possibly dangerous isolated emails in order to avoid false positives.
Heimdal™ Email Fraud Prevention
Learn how to detect and prevent phishing attacks
Phishing isn’t a new technique, but it’s still an efficient one: 23% of email recipients open phishing messages, and 11% click on attachments! Cybercriminals can use phishing attacks to withdraw money, steal your identity, open credit card accounts in your name, and further trade all that information about you, so be careful with what emails and attachments you open or what links you click on.
Declutter & Backup
Stop keeping things that you don’t need anymore in your inbox. Delete all useless emails and backup everything else, every important email or attachment. Encrypt them and store them in a safe place (it can be cloud storage or a separate hard disk). Here’s a simple guide to backup.
Hacked email account – wrapping up
Email accounts are important because nowadays everyone who’s on the Internet has at least one. Their cybersecurity is important because any detail about the owner, no matter how insignificant it may seem, has great value for a malicious actor and can be used for ill purposes.
Whatever method you choose for protecting your email accounts, please remember that Heimdal™ Security always has your back and that our team is here to help you protect your home and your company and to create a cybersecurity culture to the benefit of anyone who wants to learn more about it.
Drop a line below if you have any comments, questions, or suggestions – we are all ears and can’t wait to hear your opinion!