What to do If your Email Has Been Hijacked

You may have already experienced a case of email hijacking. You first were confused trying to figure out how it happened, then worried about whether your private data had fallen into the wrong hands, and finally downright mad that it happened to you. I want to give everyone a few hints how to protect yourself against what is becoming a very common target for hijackers. 

Email hijacking is when a hacker breaks into an email account and uses it to send spam or access private data. At the very least, if it happens to you, you will probably find out about it when your friends that are in your contact list ask why you are sending them ads for male enhancement products or asking them to check out some web page. Although this might put you in an embarrassing situation, it is more than likely your account wasn't actually compromised, but that your email account was only "spoofed". It is relatively easy to “spoof” an email address so that it appears a message is coming from one address when it was really sent from another. However, at worst, spammers can gain full access to your email account and major trouble ensues. Keylogger spyware installed on your computer can record every keystroke you type and send the results to a distant spammer who can then read your password from the log file . This form of spyware might even replicate itself into the computers belonging to people who are in your address book.. Your contacts may have received an email purportedly from you that contained an embedded virus or malware and/or your own computer's security compromised as well. You should take immediate steps to protect yourself and advise everyone in your address book to do the same. The following suggestions all apply both when you are compromised AND as prevention to deter any would-be hacker.

If you think your email has been compromised:

Step 1. Do a full virus scan using your anti-virus program. To be absolutely safe also run a scan with one of the online scanners available from programs other than your own anti-virus just in case something slipped by it. The best is Kapersky Online Scanner but it is offline right now. A couple of good ones available are:

 Eset online scanner http://www.eset.com/us/online-scanner/

F-Secure scanner http://www.f-secure.com/en/web/labs_global/removal/online-scanner

BitDefender http://quickscan.bitdefender.com/

(Be sure when using these online scanners that you do not "install" their Antivirus on top of the one you are already using. Just use the online scanner. Keep in mind that if an online scanner finds anything it will not remove it. This is just a "second opinion" to your own anti-virus program.)

Step 2. Update your Malwarebytes to its latest definitions and run the program using a full scan. If you don't have Malwarebytes see my other post on this blog titled "3 Free Programs...." and get it.

Step 3. If you access your bank accounts & credit cards online, check them out just to make sure nothing erroneous has happened.

4. Contact everyone in your address book advising them you may have been compromised and to run these same checks on their computers.

5. Immediately change your email password. Afterwards, change your security questions to new ones. If you cannot reset the password because the hijacker has already changed the security options as well, contact your email provider and ask them to reset the password to allow you access.

The most important thing you can do in preventing email high-jacking is to have a good password.
Make it at least 8 characters long using a combination of upper & lower case, numbers and symbols.
Don't use common words like the name of a pet.   DO NOT duplicate your passwords with those of your financial information sites. Make all your passwords more difficult to hack. This is a dangerous world we live in, folks. You have to take on-line security very serious and do everything you can to protect yourself.