Monday, November 4, 2013


More and more these days, we're hearing reports about hacked email accounts -- in which individuals' accounts are hijacked by crooks and used to spam their victims' contacts. An email goes out to your contacts seemingly from you often containing a link that leads either to a sales site or, worse, a malware download. Or they may be one of those spoof distress emails claiming the supposed sender is in trouble and needs money.
So how can you tell if your email account has been hacked and what can you do about it? The Federal Trade Commission (FTC) has recently issued guidance, which has been posted on the government's OnGuardOnline website.

How to Tell If You've Been Hacked

Usually, the first clue you get that someone is using your email address is when you get emails from your contacts about messages they say they've received from you and which you know for sure you didn't send. You might also check your "Sent" folder if you use an online email account and see messages there that you didn't send. Similarly, you may find your Facebook or other social network account has posts that you didn't write. You may not even be able to sign in to your social media or email accounts.
It's also possible, says the FTC, that people may be receiving emails that seem to come from you when your account hasn't been hacked at all. In that case, the crooks are spoofing your email address -- using their tech skills to "overlay" their real address with yours. But even then, you'll still want to take action to put things right.

How Did You Get Hacked?

There are several ways crooks can get hold of your email account info but the simplest way is that you gave it to them. They already know your email address. It'll be on hundreds or thousands of messages you sent out (including those on jokes you circulated or someone sent to you) or on other sites where you have accounts.
In fact, it's not hard to guess your address if, like most people, you use your first and last name followed by the mail service provider -- like Now, all they have to do is guess your password, which, depending on how wary you are, could take just seconds. Or they may get hold of it from company computers where you have an account, which they have previously also hacked. If you use the same password on multiple accounts, you're in big trouble.
Alternatively, you may have inadvertently installed malware on your PC, perhaps from the very same trick that's now being passed on to your contacts -- you clicked on a link you thought was sent to you by someone you know. The malware then goes through your PC, collects your password details, raids your contacts list and begins the whole process again.

What to Do If You've Been Hacked

You should take five key actions if you believe your email account has been hacked:
> First, check for and get rid of any malware on your PC. Update and run your internet security software for this. If nothing is found, visit the software company's website or search the Internet for more malware-scanning tools from reputable companies.

If you haven't found any malware, download the free scanner form Malwarebytes. Although this is NOT a substitute for full-blown Internet security (as the company will tell you), it does have a good reputation for tracking down and removing installed malware that other tools miss.

> Second, change you passwords. Again, check out our earlier reports on how to create strong passwords. And follow the two golden rules: Don't use the same password for different sites, and change all of your passwords regularly. Use a password manager.

> Third, check with your email provider or social networking site for guidance on restoring or resetting your account. You may find, for example, that the crooks have already changed your password and you can't log on to your own account. You'll find links from most of the big providers on's Hacked Accounts page.

> Next, check your account settings. Says the FTC: "Once you're back in your account, make sure your signature and 'away' message don't contain unfamiliar links, and that messages aren't being forwarded to someone else's address. On your social networking service, look for changes to the account since you last logged in -- say, a new 'friend'."

> Finally, make sure you tell all your contacts about what has happened, as soon as possible. If you email them, use the "bcc" address field so all their details remain hidden to the others.

How to Avoid Being Hacked

It would be better, of course, if you didn't get hacked in the first place.
You can reduce the risks by following our password guidance and keeping your passwords secret; using a difficult to identify address or at least adding numbers to your address name and keeping your security software up to date.

For more information on this FTC guidance, visit OnGuardOnline's Hacked Email page.
Based on article from 9/13/13.