Most people run a lot of information through their email, and when it becomes compromised it can be inconvenient — or if it’s a business email account, both embarrassing and expensive. Often your contacts such as clients, customers, employees, or patients will start receiving junk emails from you, some of which can contain viruses or phishing scams.
That’s particularly dangerous since the email is coming from “you”, so some recipients may trust a link they otherwise wouldn’t click.
It’s important to remember that email is insecure by nature, mostly because it’s sending clear text through the internet that can be read by anyone that intercepts it. When you factor in all the places an email is duplicated, such as the sender’s PC, the mail server that actually sends it, the recipient’s machine and their mail server, it opens up more opportunities for trouble.
That last bit isn’t to scare you, but just to be clear about the technology involved and why it can be vulnerable.
Signs Your Email Might Be Compromised
Particularly if you’re using a free webmail like Gmail, Hotmail/Live, or Yahoo, an occasional check of your mail settings is helpful. This way if anything has been changed you’ll see it. A common change on webmail accounts that allow for external POP access is the activation of this feature that, by default, is usually off. If you haven’t been using POP to check your webmail, seeing this feature activated is a warning sign.
Your contacts can be another valuable sign. If your compromised email has been sending out junk to your contacts, sometimes one of them will reply letting you know or asking about the strange email they received. Since you know you didn’t send it, it’s another giveaway. If you’re curious, you can periodically review your sent items folder to see if there’s anything unusual.
Some mail platforms, like Gmail, actually monitor for this suspicious behavior. If a bunch of strange emails just went out, you’ll see a warning message the next time you log in. Gmail will tell you it either blocked a bunch of spam from being sent or that you should review it.
What You Can Do to Get It Under Control
Change your password immediately, and if you’ve used this password on other accounts that are in any way tied to this email you’ll want to change those as well. Some mail platforms ask for a secondary or backup email address, which can be handy if the spammer has changed your password before you can. This leaves another way to reset your password at a secondary address they don’t have access to.
If you’re using a native application like Outlook to check your mail, a thorough antivirus and antimalware sweep is a good idea. Some malware is designed specifically to affect email, so removing it is the only way to know the email won’t be hijacked again.
Email Best Practices
We are all about prevention, so let’s also talk about some of the things you can do to prevent any form of issues with your email.
Using some type of spam and virus filtering on your email is a must these days. If you’re using a native application like Outlook or Thunderbird to check email on your PC, your antivirus software usually has settings specific to email that you can activate and adjust. If you’re using services like Gmail or Windows Live, they come with pretty solid anti-spam and virus filters.
It’s a good idea to change your password at least every 90 days. This can be a tough habit to start if you have passwords you’ve used for a long time, but the longer you use the same passwords the greater the likelihood is that someone else will figure it out. Avoid using obvious passwords that contain kids’ or pets’ names, birthdays, or other personal information. Use a mixture of letters and numbers, as well as capital and lowercase letters.
Lastly, if you’re using email for business, never send sensitive information through an email. Because it’s un-encrypted, anyone with the right tools and know-how could intercept it and the information within. That’s why sending things like login information, account numbers, financial info, confidential client information, etc. can be a bad idea.