How to Tell If Your Email Has Been HACKED!

Most people run a lot of information through their email, and when it becomes compromised it can be inconvenient — or if it’s a business email account, both embarrassing and expensive. Often your contacts such as clients, customers, employees, or patients will start receiving junk emails from you, some of which can contain viruses or phishing scams.

That’s particularly dangerous since the email is coming from “you”, so some recipients may trust a link they otherwise wouldn’t click.

It’s important to remember that email is insecure by nature, mostly because it’s sending clear text through the internet that can be read by anyone that intercepts it. When you factor in all the places an email is duplicated, such as the sender’s PC, the mail server that actually sends it, the recipient’s machine and their mail server, it opens up more opportunities for trouble.

That last bit isn’t to scare you, but just to be clear about the technology involved and why it can be vulnerable.

Signs Your Email Might Be Compromised

Particularly if you’re using a free webmail like Gmail, Hotmail/Live, or Yahoo, an occasional check of your mail settings is helpful. This way if anything has been changed you’ll see it. A common change on webmail accounts that allow for external POP access is the activation of this feature that, by default, is usually off. If you haven’t been using POP to check your webmail, seeing this feature activated is a warning sign.

Your contacts can be another valuable sign. If your compromised email has been sending out junk to your contacts, sometimes one of them will reply letting you know or asking about the strange email they received. Since you know you didn’t send it, it’s another giveaway. If you’re curious, you can periodically review your sent items folder to see if there’s anything unusual.

Some mail platforms, like Gmail, actually monitor for this suspicious behavior. If a bunch of strange emails just went out, you’ll see a warning message the next time you log in. Gmail will tell you it either blocked a bunch of spam from being sent or that you should review it.

What You Can Do to Get It Under Control

Change your password immediately, and if you’ve used this password on other accounts that are in any way tied to this email you’ll want to change those as well. Some mail platforms ask for a secondary or backup email address, which can be handy if the spammer has changed your password before you can. This leaves another way to reset your password at a secondary address they don’t have access to.

If you’re using a native application like Outlook to check your mail, a thorough antivirus and antimalware sweep is a good idea. Some malware is designed specifically to affect email, so removing it is the only way to know the email won’t be hijacked again.

Email Best Practices

We are all about prevention, so let’s also talk about some of the things you can do to prevent any form of issues with your email.

Using some type of spam and virus filtering on your email is a must these days. If you’re using a native application like Outlook or Thunderbird to check email on your PC, your antivirus software usually has settings specific to email that you can activate and adjust. If you’re using services like Gmail or Windows Live, they come with pretty solid anti-spam and virus filters.

It’s a good idea to change your password at least every 90 days. This can be a tough habit to start if you have passwords you’ve used for a long time, but the longer you use the same passwords the greater the likelihood is that someone else will figure it out. Avoid using obvious passwords that contain kids’ or pets’ names, birthdays, or other personal information. Use a mixture of letters and numbers, as well as capital and lowercase letters.

Lastly, if you’re using email for business, never send sensitive information through an email. Because it’s un-encrypted, anyone with the right tools and know-how could intercept it and the information within. That’s why sending things like login information, account numbers, financial info, confidential client information, etc. can be a bad idea.

Heartbleed Bug: The bare facts, and the (mostly) simple solution.

Heartbleed is not a virus, but a software bug.

The Facts:

Heartbleed is an exploitable bug in the way that servers running OpenSSL with the heartbeat feature can securely communicate with devices requesting information over the internet.  The best simple description for Heartbleed that I’ve seen was done by Randall Munroe of XKCD.

Fixing Heartbleed is a two step process.  First, you patch the bug in the software, then you protect any potentially compromised information.

Who needs to patch their systems?

  • Workstations, laptops, tablets, and phones are mostly unaffected, with some exceptions:   Android version 4.1.1 phones, Cisco VOIP desk phones, some software products, including VPNs, VMware,Oracle,
  • Most servers will be fine, only servers using OpenSSL and the heartbeat feature should be affected.

If you think you are affected, or a vendor has sent you a notification that your equipment may be affected, then you need to immediately verify if your equipment is affected, and if so, ensure it has been patched.  One of the many tests available, will check your webpage for you. If you are not sure if you are affected, call or email us with questions.

 

The Fix:

Even if you don’t need to patch your systems,YOU ARE STILL AFFECTED.  Many large Internet businesses were affected, but they have since installed the patch.  To start to protect yourself, you need to change your account passwords for any affected sites.  Please remember the best practices for passwords.

1: Use separate passwords for each site

2: Make your passwords more complex  (longer is better)

3: Don’t use words found in a dictionary.

Affected Companies include:

  • Google / Gmail / Youtube
  • Yahoo / Yahoo Mail
  • AT&T webmail (hosted by Yahoo)
  • Facebook
  • Instagram
  • Pinterest
  • Tumblr
  • Reddit
  • Etsy
  • Godaddy
  • USAA
  • Flickr
  • Netflix
  • IFTTT
  • Github
  • OKCupid
  • Box
  • Dropbox
  • Wikipedia
  • SoundCloud
  • Minecraft
  • Wunderlist
  • Amazon Web Services (not Amazon.com)

The Future:

Security Experts are finding that this bug affects more systems than previously thought, there has already been another attack vector discovered called “Reverse Heartbleed”, which uses a malicious server to attack a client connecting to it.

Until all companies who have a web presence change their passwords, reconfigure their servers’ security credentials, and release updated mobile apps, DO NOT USE any mobile apps to connect to a compromised, or formerly compromised site.

Just to be on the safe side, plan to change all your passwords again in May or June 2014.