Yesterday, I got an interesting email from my mother-in-law. The message, rife with grammatical errors, contained a link directing me to a Filipino-registered website with a pitch on how to make money working from home. Was this her way of telling me I should earn more money to support her grandchildren? No, just evidence that her email had been hacked.
When I called my mother-in-law, she already knew about the problem—the hacker's message had gone out to her entire address book—and was very concerned. So I walked her through the steps to get everything back in order.
Step #1 - Change your password
The very first thing you want to do is keep the hacker from getting back into your email account. So change your password, and be sure to use a strong password that is not related to your prior password. I.e., if your last password was "billyjoe1", don't pick "billyjoe2". And if your name is BillyJoe, you shouldn't have been using your name in your password in the first place.
Step #2 - Check you email settings
Sometimes hackers will change your settings to forward a copy of every email you receive to themselves. This way, they can monitor future emails that may contain login information for other sites. So check your mail forwarding settings to ensure no unexpected email addresses have been added.
Second, check your email signature to see if the hacker added a spammy signature that will continue to peddle their dubious wares even after they've been locked out.
Step #3 - Scan your computer for malware
Run a full scan with your anti-malware program. You do have an anti-malware program on your computer, right? If not, download the free version of Malwarebytes and run a full scan with it. I recommend running Malwarebytes even if you already have another anti-malware program. If the problem is malware, your original program obviously didn't stop it. And Malwarebytes has resolved problems for me that even Symantec's Norton Internet Security wasn't able to resolve. Scan other computers you log in from, such as your work computer, as well.
If malware is detected, fix it (obviously) and then go back and change your email password again (since when you changed it in step #1, the malware was still on your computer.).
Step #4 - Find out what else is compromised
My mother-in-law followed the ill-advised practice of storing usernames and passwords for her various accounts in an email folder called "sign-ups". So once the hacker was into her email, he could easily discover numerous other logins. But most of us have emails buried somewhere with this type of information. Do a search for "password" in your mailbox to figure out what other accounts you may have that could have been compromised. Change these passwords immediately and, god forbid, they are your bank, credit card or other critical accounts, check your statements to make sure there are no suspicious transactions.
It's also a good idea to change any other accounts that use the same user name and password as your compromised email. Spammers are savvy enough to know that most people reuse passwords for multiple accounts, so they may try your login info in other email applications, PayPal and other common sites.
Step #5 - Humbly beg forgiveness of your friends
Let the folks in your contact list know that your email was hacked and that they should not open any suspicious emails or click on any links in the email(s) that were recently sent from you. Most will probably have already figured out that you were not really the one recommending they buy their Viagra from an online pharmacy in India, but you know, everyone has one or two friends who are a little slower to pick up on these things.
Setp #6 - Stop it from happening again
While malware on your computer is one way your login information could be stolen, it is certainly not the only way. Many cases are due to carelessness with creating or protecting your login information.
In 2009, hackers stole and posted on the Internet 32 million passwords from a website called RockYou.com. An analysis of the data by security researchers showed that 20% used one of 5,000 common passwords, with 1% using "123456". Easy passwords make for easy hacking, as spammers have programs that can cycle through thousands of logins a second to identify weak accounts.
Picking a strong password is your best protection from this type of hacking. It also is prudent to use different passwords for each site. Or, at the very least, use a unique password for your email account that no other account uses. Likewise, for banking or other high-security accounts. If you're concerned about keeping track of the passwords, there are password management programs that can do the work for you.
In my mother-in-law's case, her passwords were pretty good and there was no malware on her computer. But she was careless about where she was logging in. On her trip to Morocco over the summer, she didn't want to lug a computer around. Instead, she used the computer in her hotel lobby to check her email.
That was a bad idea. Computers in hotel lobbies, libraries and other public places are perfect locations for hackers to install key-logging programs. The computers are often poorly secured and are used by dozens of people a day who don't think twice about logging into their email or bank account, or entering credit card information to make a purchase. The best advice is to assume that any public computer is compromised and proceed accordingly.