Oh no! You think your email's been hacked. What do you do?
Before we jump into what to do, we first need to start with how do you know for sure? What I mean by this is - how do you know for sure if your email account has been hacked? Finding out that your email account has been hacked is often harder than you might think. These days, hackers are pretty advanced and are very careful not to leave any trace. Often times, its nearly impossible to tell. And usually, it's because of not responding carefully when you first notice something.
That said, let's start off with four sure signs of suspicious activity and then we can move on to what to do once you know for sure...
1. YOUR PASSWORD HAS BEEN CHANGED
One of the most obvious signs of your email being hacked is discovering you cannot sign in to your account.
If all of a sudden your password doesn't work and you didn't change it, this is usually a tell-tale sign that it was changed by someone else. If a hacker accesses your account, he is able to change your password to prevent you from logging in and retaking control.
2. UNUSUAL INBOX ACTIVITY
Most of the time, hackers won’t change your password so you won’t notice that anything’s wrong. One way to see if something's going on is to look at your sent folder and see if there are messages there that you know you didn’t send. If you find some, then someone probably has access to your account. Also watch out for password reset emails that you haven't initiated. The hacker may have tried to change your password on other sites, using access to your email to perform password resets.
Unfortunately, the problem is that hackers often go into the sent folder and remove what they sent from there so that they don't leave a trace.
3. YOU'RE RECEIVING UNEXPECTED EMAILS
A hacker could also use the details they gather from your email account to try and trick you into handing over other sensitive information. Having access to your email could reveal all sorts of sensitive information like: who you bank with, who your credit card is with, and what your user name or account number is. If you get an email or phone call claiming to be from your bank which quotes the correct user name/account, it makes it a lot harder to tell if it is genuine or fraud.
4. INCORRECT IP ADDRESSES
Some email services can show you the when you accessed your account and the related IP address you used. If you see an IP listed in the logs that doesn’t belong to you, chances are it's because of unauthorized activity.
If you suspect that someone's gotten into your email account, don't panic. Here's what to do...
1. Do NOT start changing or deleting anything. If this is truly some sort of hack or CEO Fraud, you're going to want to retain the evidence and this means don't change anything. That said, the first (and perhaps) only thing you want to do is immediately change your password. And if you can, do this from a different computer than from the main one you normally work on (if this is possible). Taking this action would prevent the thief from capturing the new password if they've installed a keylogger program on your system. When you do this, make sure you don't change it to something you're using with another account. Make sure this is a unique password that you're not using anywhere else. If you do, this might mean you're still compromised because your info could be available on the Dark Web.
2. Before doing anything else, call an IT professional. Through a forensic investigation, they can review the situation to determine what, if anything has happened. But don’t stop there, the likelihood is that the organization has been further infiltrated and other accounts have been compromised. Have them run scans to find if any malware or other infections may be lurking to strike again.
3. If you have been hacked, immediately change your passwords on all of your other hosted accounts.
4. Reach out to your insurance carrier to see what coverage your cybersecurity insurance policy covers. Less than 4% of fraudulently transferred funds are recovered, so it's a good idea to make sure you have the proper insurance in place. While many organizations have taken out cyber-insurance, not all are specifically covered in the event of CEO fraud. This is a grey area in insurance and many refuse to pay up.
5. If your email account was actually compromised, you may want to send an e-mail to the contacts in your address book telling them this and that someone may have been pretending to be you and to ignore any recent emails from your account.
WHAT TO DO GOING FORWARD?
1. If you haven’t already done so, enable two-factor authentication on your email account. Dual factor authentication (dual-factor authentication or DFA), also known as two factor authentication (two-factor authentication or 2FA), is a form of multi-factor authentication (MFA) that requires multiple types of information to confirm that someone is an approved or authorized user. This verification process is significantly stronger than using traditional usernames and passwords alone.
Also, this is a good measure to enable on all of your hosted accounts - LinkedIn, Facebook, Instagram, etc. Certainly you should set this up for any online banking. Even the apps on your phone. Make sure 2FA is enabled wherever you can.
2. When the immediate consequences of the attack have been addressed and full data has been gathered about the attack, draw up a plan that encompasses adding technology (ie: an all encompassing managed security service program) and cybersecurity user awareness training to prevent the same kind of incident from repeating. Be sure to beef up staff awareness training as a vital part of this.
3. Consider using a password management system, such as Dashlane or any other. That will help prevent attackers from finding your password if they have hacked your computer, but it is not a guarantee if they are using a keylogger to record your passwords as you type them in. That's why the two-step verification is so necessary.
4. Make sure your system is patched and updated.
5. Make sure your anti-virus system is up-to-date.
Well there you have it. An action plan in case you were hit. Hopefully, there are some items here you can address now that will strengthen your system so that you won't get hit in the first place.
Have you or someone you know had your email account compromised? Did you know what to do when it happened? Please share your thoughts in the comments section below, or send me an email to continue this conversation more in-depth.