Not for a long time have our email accounts simply been used for sending and receiving email; our email addresses are a crucial part of verifying our online identity. When we sign up for online services, we no longer pick a username but instead hand over our email addresses. We confirm the veracity of our online requests by responding to the authentication emails that companies send to our inboxes.
But sometimes the worst happens, and we discover that our main email address — the gateway identifier to our online identity — has been compromised. It can happen to anyone. As hackers get more sophisticated, no one can be too complacent — not even tech journalists. Here’s what to do if it happens to you.
1. Keep calm and recover your account.
The first thing you need to do is regain access to your account, usually by contacting your email provider. Some providers like Gmail have account recovery pages you can use to recover your email address. You’ll need to answer some security questions, but as one tech journalist discovered, even this system isn’t foolproof.
2. Make your account more secure.
Once you’ve recovered your email account, the real work begins. First, change your password! Make it at least eight characters, avoiding single words that can be found in the dictionary. Alternatively, download a program like LastPass to manage your passwords for you.
3. Check your sent folder.
Next, check your sent items to see if the hackers sent any emails while you were locked out of your account. Of course, clever hackers clean up the sent items folder, but it’s worth checking your outbox in case they’ve forgotten to clean up in there as well. If you do find evidence that someone has sent out emails from your compromised account, it’s polite to send an email to everyone the hacker spammed, apologizing for any inconvenience the hack may have caused them and reassuring them that the account is now safe.
4. Try to find out how you were hacked.
Finally, try to establish if the hacker was someone you know or whether your email account was compromised because someone stole an entire database of usernames and passwords. If the hacker has left emails in the sent items folder, check that content. If the emails were sent out indiscriminately and are full of links to dubious sites, your email was probably used as part of a larger spam network; you probably weren’t targeted individually. However, if the hacker’s emails in your sent items folder were rude or malicious and were sent only to specific groups of people, then it may be that the email hacker is known to you.
Large database breaches are normally reported on technology news websites such as Tecca. Responsible companies will contact you if it’s possible that your private information may have been stolen. We’ll go through how to protect yourself from both types of hack.
There are two basic types of hacks that could happen to your email account. The first type is the one you see in the movies: a stranger in a dark shirt hunched over a screen with thousands of green numbers streaming down his monitor — or something like that. Hacks in which the hacker is not known to you usually come about after hackers target big companies and steal millions of usernames and passwords. The hackers then have to decipher all the passwords before they can get into people’s accounts.
Unfortunately, lots of software exists to automate the hackers’ decryption process by trying every word in the dictionary and millions of number combinations against the encrypted password until it breaks. This is why you should never have a simple, one-word password. They’re very easy to crack. These hackers don’t target your information specifically; they just want theoretical access to as many accounts as possible. If your password is too hard to crack, they probably won’t waste time on it. They have plenty of other compromised accounts available to them.
The second type of hack that could compromise your email account is likely to come from people you know (or at the very least, people with physical access to your computer). This is a very different sort of hack that depends on the trustworthiness of the people around you.
Just remember, if you don’t share your email password with anyone and don’t keep your passwords written down on a list near your computer, you’re already doing a lot to prevent this type of hack. Similarly, if you’re not the only person who has access to your computer, don’t let your web browser automatically log you into your email. Simple steps but they may save your online identity.
If you’ve created a password that isn’t a single dictionary word and you haven’t shared it with anyone, what else can you do? One smart safety strategy is to have (at least) two separate email addresses, one for normal email purposes and one just for online banking and payment. If you have just one email address that you use to keep in touch with friends, your social networks use, and your online financial service providers, losing control of that account compromises the security of all three things.
But if you have keep one email address exclusively for online banking and only give it to a small number of trusted sites, if your regular email gets hacked, you’ll know your financial details are still safe. If your banking email gets hacked, you’ll be able to lock down the small number of services associated with it and won’t have to worry about the security of your main email and social network logins.
For other great online safety tips, check out Tecca’s guide to internet security.
Do you have any tips for recovering from an email hack — or avoiding one in the first place? Let us know in the comments!
Sarah Gilbert is a columnist for Tecca. She has been playing with technology since a young age and learned reboot and repair Apple Mac computers via the command line at the age of 7 (thanks Dad!) She has a passion for dead languages and spends rather a lot of time writing about medieval theology, science and medicine. She believes in the good use of statistics and always remembers to carry a towel. Sarah loves working for Tecca as she gets to combine her enthusiasm for the Android operating system with her belief in making useful information as accessible as possible. You can follow her @sarahxgilbert. Tecca is a next-generation personal electronics information and shopping service. We bring together the web’s leading content, commerce, and community features to provide comprehensive solutions for consumers’ ever-growing technology needs. Think of us as that tech savvy friend who helps you when you have questions about what to buy, what to pay, how to make the most of you already have, and when it’s time to upgrade. Get to know us on YouTube, Twitter, and Facebook.