 | Need expert tech support? Ask Bob about Computers or the Internet!(Examples: antivirus, spyware, registry cleaner, online backup, free faxing, etc.) | |
How Did My Email Account Get Hijacked?
"Help, somehow my email account got hijacked, and now all my friends are getting spam, from me! I am always careful with my password. How could this have happened, and what should I do?" |
Was Your Email Hijacked?
The first thing to do is relax. It's quite likely that your account wasn't actually compromised. Sometimes spammers use your email address without actually hacking into your email account. It is relatively easy to "spoof" an email address so that it appears a message is coming from one address when it was really sent from another. See Spammer Using My Email Address to learn more about how this can happen.
If a virus scan shows nothing unusual, and you can still login to your email account with your password, then most likely no breach has occurred. But in the worst case, spammers can gain full access to your email account and major trouble ensues.
It's common for a spammer to change your email password so that you cannot log in to your own account. Then the spammer can raid your contact list to harvest valid email addresses to add to his spam list. Also, the spammer now has access to all of your saved email, which may include sensitive personal and financial information. If you've been locked out of your own email account, contact your ISP, or use the "can't access my account" link that appears on the login screen to recover.
An email account can be hijacked in a number of ways. Phishing attacks in which a spammer persuades or bullies a user into revealing login passwords are a common hijacking technique. A message, purportedly from your bank or other trusted partner, may tell you that a "security check" requires you to respond with your password. Such claims are always bogus; legitimate organizations never ask you to reveal your password via email, phone, or other means. See Spear Phishing and Internet Security for more on that.
Many forms of malware (viruses, spyware, etc.) attack for the purpose of gaining access to your computer, in order to enslave it in a botnet, and use it as a spam spewing device. This can happen without you even knowing, until people from all over the world start accusing you of being a spammer! See my related article Has Your Computer Been Hijacked? to learn more about botnets.
Keylogger spyware installed on your computer can record every keystroke you type and send the results to a distant spammer who can then read your password from the log file. There are several ways to detect and defeat keyloggers.
Password Safety Tips
Using the same password on multiple online accounts leaves all of them open to hijacking if just one account is penetrated. Be sure to use unique passwords on email, Facebook, eBay, and other online accounts. Storing passwords to other accounts in one place leaves you vulnerable in a similar way. If one account is hacked, a search through data stored there can yield several other passwords.
Failing to log out of an account when you've finished a session makes it easy for anyone who has access to the computer you used to hijack your account. Always log out of accounts accessed from shared computers, such as those in libraries, schools, Internet cafes, etc. A browser's auto-fill forms feature may reveal your password to someone who uses the same computer you use.
Password guessing is a brute-force hacking method that employs software to try random passwords on your account until one works. Many email accounts go into "lock down" mode after a few failed password attempts, but if yours does not it's possible to get hijacked in this way. If you have a very weak or predictable password, it makes the hackers job that much easier. See my article Is Your Password Hacker Proof? for tips on choosing a strong, secure password.
Server attacks go after the email server itself, attempting to crack its security and harvest millions of email addresses and passwords in one swoop. There's not much you can do to prevent this type of attack except to host email only with a reputable service provider who pays attention to security.
Network packet monitoring software can sniff out passwords sent over unsecured wireless connections. This is a rare type of attack but one you should be aware of. Use encrypted (https) connections when logging in or emailing over unsecured public wireless networks. My related article Is Public Wifi Dangerous? has some helpful tips on how to stay safe while surfing in Starbucks.
Has your email account ever been hacked? Post your comment or question below...
Posted by Bob Rankin on 17 Feb 2012
| Need More Help? Try the AskBobRankin Updates Newsletter. It's Free! |
 | Prev Article: Is ActiveX Evil? |  The Top Twenty |  |
Link to this article from your site or blog. Just copy and paste from this box: |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin   Subscribe to AskBobRankin Updates: Free Newsletter | ||
| Copyright © 2005 - 2012 - Bob Rankin - All Rights Reserved Privacy Policy -- See my profile on Google. | ||
Read more: http://askbobrankin.com/how_did_my_email_account_get_hijacked.html#ixzz1mxZyojZT
Most recent comments on "How Did My Email Account Get Hijacked?"
No comments have been posted on this article. Why not be the first?