Tell-tale signs that your email has been hacked

“Email shmeemail — what’s the big deal if mine gets hacked? Good luck scrounging up anything worth stealing in my sent folder,” we tell those would-be hackers in our heads.

Unfortunately, hackers have found a way to prey on people with a nonchalant attitude toward email. Think about it. Beyond using it for work and for contacting friends and family, your email is probably tied to your accounts for online shopping, internet banking, social media, and countless mobile and desktop apps. Plus, for the sake of mobility, we now sync all of our devices, which means your private messages can usually be viewed from your desktop, laptop, tablet, and smartphone. And what do we usually use to bind them all together? That’s right — it’s email.

Files and data derived from your emails are more precious than you think. Digital contracts and private email threads are valuable to corporate spies and saboteurs. Personal information can be used to blackmail you into doing something you don't want to. And emails containing insurance policies, invoices, and scanned documents and IDs enable hackers to create bank accounts, apply for loans, make illicit purchases, and run their victims' credit ratings into the ground.

A successful hacker gains more than mere access to email folders — he or she can virtually destroy a victim's life.

If you take email security for granted, it’s possible that your email account has already been broken into. How can you find out if you've been hacked, and what can you do about it? Here’s a brief guide to help identify and deal with hacked emails.

How to tell if your account has been hacked

Symptom #1: You can’t sign in to your own account

Once a hacker logs into your email, he or she can change its password so that you’ll be locked out and unable to regain control. To confirm if your account has indeed been hacked, contact your email provider to check if the email service is up and running in the first place.

Symptom #2: You don’t recognize emails in your inbox or sent folders

A stealthier hacker won’t change the password to your email but will most likely attempt to change your passwords to accounts that are associated with it. Password reset emails that you did not initiate is a clear sign that you’ve been hacked.

You might also encounter “phishing” emails — messages from fraudsters pretending they’re from your bank or another organization you associate with. A typical email scam will ask you to log onto a fake-yet-legitimate-looking website and submit account numbers and other sensitive personal information. The scammer will then have what he needs to appropriate your identity and steal your savings.

Remote login alerts that indicate that you logged in from unfamiliar locations also signify hacking activity. Be especially worried if you receive such alerts but can’t find them later. This means that the hacker is covering his or her tracks and is definitely up to no good.

Also, if you find messages in your sent folder, which you’re certain that you didn’t send, then someone is definitely using your account for malicious purposes.

Symptom #3: The same virus keeps showing up in your computer scans

Aside from stealing your identity or account logins, a hacker may also want to compromise your email to distribute malware. For as long as you access your compromised email account on a device, an email hacker can repeatedly infect it with the same malware after every system restore. This malware can then be used to steal data, monitor your activity, and corrupt entire networks.

What to do when your email has been hacked

1. Alert your IT department

Do not wait a second longer — have a technician run the whole gamut of diagnostics, security, and recovery protocols to minimize the damage wrought by the hacker and get you back to regular programming (so to speak) as soon as possible.

Moreover, disclose as accurately as possible which files and directories you have access to — a hacked email might be a sign that your device or network was breached first. Let responders go as wide and deep as they need to a) pinpoint the source of the breach; b) determine if proprietary company files, client information, or other sensitive data was compromised; and c) find other gaps in security that need closing up. In some cases, you may be required to notify your clients or a government office about the breach.

2. Warn co-workers and contacts

Tell them that they might receive phish-y emails from you and that they must not open messages they weren’t expecting from you, much less click the links contained inside.

3. Scour all your devices for malware

Have everything cleaned and consider executing a disaster recovery plan. Once your devices are in the clear, only then must you do the following:

1. Change passwords to accounts that are linked to your email. This will reduce your exposure to the email intruder. However, changing your passwords while your device is still infected might prove futile, as the malware can just transmit them to the hacker.
2. Enable multi-factor authentication wherever security is crucial, such as during logins and password resets. This feature will force users to verify their identity with more than just a password (usually by entering a single-use code that’s sent to another email account or device owned by the account holder). This means that even if you leave your email open, another person can't just change your password because the verifying account or device is with you.

4. Make sure it never happens again

Apply preventive protocols so hackers can never break into your account again.

1. Delete suspicious emails and never click on the attachments or links they contain.
2. Only connect to the internet via private and secure networks. Public wifi usually does not have the sophisticated security measures needed to ward off cybercriminals.
3. Limit the amount of information you share online. Fraudsters and identity thieves can scrape a considerable amount of personal details from emails and social media, so it’s best to limit your exposure on the web.
4. And, most importantly...

...protect your IT systems with cyber security services from XBASE Technologies. We cover everything from Intrusion Prevention Systems to employee training to minimize your vulnerability to cybercriminals. Talk to us to learn more about how we’ll keep your data safe.