We’ve had a lot of support calls recently where the person’s email or other account has been hacked. In the case of email accounts, the hackers have copied the person’s contact list and is sending spam messages out to the contacts and forging their name and email address. After their account got hacked, people usually ask us how it happened. Below are usual ways that hackers are able to access accounts.
1. Guessing an insecure password to access your account.
2. Guessing the answer to your account security question, then resetting the password so that the account can be accessed.
3. Insecure web site databases are being hacked and the usernames and passwords are being used to log into accounts at the different web sites. For example, here’s a common scenario that could happen to you:
You register for an account at xyzrecipes.com so that you can get recipes on their website. To make it easy to remember, you simply use the same email address and password that you use to access your email. A few weeks later a hacker breaks into the xyzrecipes.com user database and copies all the information. The hacker then tries to access your email account using the same password that you used to register or login at xyzrecipes.com. If it’s the same password, they login and now have access to your email account, make a copy of your contact list and send spam messages to your contacts that look like they’re coming from you.
4. Sending an official-looking email asking for email login credentials. (See sample below)
What you should do if you’ve been hacked, and tips to prevent being hacked.
If your email account was hacked, immediately change your password. Below are a few things you can do to help prevent your email account(s) from being hacked.
1. Use a password system/pattern so that you have a unique memorable password for each web site. I recommend putting part of the letters of the website in the password. (See creating secure memorable passwords.)
2. Change your email password ASAP – remember to use a unique password with a combination of UPPERCASE and lowercase letters and numbers. (If your email address is the master account for AT&T DSL service, see note below*)
3. If the account has a password reset question (or account security question – ASQ), make sure that the answer to your question is something that a hacker would not know or easily guess.
4. Secure your email account with 2-step verification. This is an extra security measure offered by email providers such as Gmail, Yahoo, AOL and Outlook Mail.
* Note: If your email address is the master account for an AT&T DSL account, before changing your email password you need to call AT&T DSL at 877-722-3755 and have them give you your network password to program into your DSL modem or router before changing your password. Otherwise you could lose your connection to the internet.