I have had numerous friends, family, and coworkers asking me what they should do when their email account is suspected to be compromised. I sat down and started thinking about this, and while there are numerous things to look at depending on who your email provider is, they all share some features that should definitely be looked over. In this post, I am trying to create a checklist that any user could follow if their email account was hacked.
- Scan your computer for viruses or switch to another computer that you know is not infected.
- This is a precaution, as there are several different ways attackers can guess or retrieve your password, one of them is through viruses or keyloggers so it's always best to scan your computer before changing your password and giving the attacker your new password as well
- Change your email address password
- Change your security questions on your account
- Check any forwarding settings to verify that no emails are being forwarded that you have not set up
- Check any filters or rules that may interfere with certain types of emails
- Check your email signature and verify that no additional content has been added to it
- Verify there are no modifications to any automatic vacation responses
- Look through any additional settings that may be specific to your service provider not listed here
- Look through your deleted items and sent items and find any messages that may have been sent by the attacker or forwarded from your account to the attackers email address (highly unlikely but you never know)
- Send an email to everyone in your contact list, (most likely all were affected) notifying them that your account has been hacked and not to follow any links or instructions that was previously sent out
- Search your mail account for any emails that say "password" in it. You will need this in the next stage
- Write down all your accounts that used the same password as your email address above
- Include in this list the above emails that contained passwords to other accounts from above
- Every one of these passwords need to be changed and looked thoroughly through to verify that no security settings have been changed or modified
- It is best to use a different password for every account, and this can be easily tracked using third party software like 1Password. However, if you must remember every password, I would segregate into groups and separate passwords into the following three groups. This way, you only have to remember three passwords and if one of them gets hacked you are still safe from the other areas. Again, I do not recommend the grouping, but some people find it necessary to do it this way.
- Email Accounts
- Bank or Finance Accounts
- Other accounts (discussion boards, etc...)
- Start changing all your passwords and notify any vendors if you suspect suspicious activity with your account on their site. Especially any banking sites, like Paypal, or your Financial Institution.
- Email is not like what it used to be in the past, there are numerous other tools associated with it from the same company that uses your email address as its tool to access those. For instance, Google has a whole list of applications, like Picasa, Google Docs, Google Voice, etc…, and Live Mail has Skydrive, Mesh, Windows Live ID associated with EVERYTHING. This part is tedious, but the last step is to go through all these applications provided by your provider to see if anything looks like it might have been tampered with. For instance, if you have never used Picasa before, check to see that there are no pictures in there. If you use Google Docs or Office Web Apps, verify that there are no "sensitive data" that may have been compromised.