Dealing with Hacked Email and Social Accounts
It usually doesn’t take long before you can tell you’ve been hacked. A friend of yours receives strange text messages or emails, or their social media gets spammed with posts that you aren’t likely to send — we’ve been there before, right? A lot of people, however, don’t seem to take it seriously. A hacked email account can lead to identity theft or other security and privacy intrusions, which could bring much more serious results than a spammed friend.
Apart from being a common form of web communication, your email serves as a unique identifier for many account logins, as does your Facebook or other social media login. These include bank accounts, social networks, cloud services, online shops, and so on.
Even if you’re not a large company or government institution, this makes your email and social media accounts key targets for cybercriminals.
What do statistics tell us about email data breaches?
According to a 2020 report by Verizon, 70% of data breaches are financially motivated and 43% of the breaches involved exploiting vulnerabilities in web applications. This is more than double the numbers from 2019.
Even more, there’s been an uptick in sophisticated phishing email schemes by cybercriminals due to the COVID-19 pandemic.
Why should I worry about the security of my email or social account?
Every time you sign up for something with an email address, you’re using it as proof of your identity. Cybercriminals target emails to steal personal information or money.
If your inbox has been hacked, the cybercriminals will most likely do the following first:
- find out what types of services and accounts you’re enrolled in
- request password resets for one or more of those accounts.
Most password reset requests go through email, and it’s easy for a malicious third party to mask suspicious activity from the email owner.
Identity theft is the worst-case scenario of a hacked email. The definition of identity theft is a crime in which a malicious third party steals your personal information intending to commit fraud. There are many types of personal information and resulting fraud, from financial theft to the use of a victim’s data to receive medical treatment or apply for credit.
Facebook, Twitter, Instagram, and other social networks don’t contain your credit card details. However, hackers can use your social media accounts to post messages that could embarrass, defame somebody, or be used for harassment.
In the following sections, we’d like to focus on what you need to do right after you discover an attack.
Typical signs that someone is trying to access your email or social account
In order to address a cyber hack, you first need to know how to identify that something has happened. Here are the most common ways you might notice your email or social media account has been hacked:
1. You find that your password has been changed
The first and the most panic-inducing sign that your email or social media account may have been hacked is that you can’t log in with your usual password. First, it’s a good idea to make sure that you’re entering the right password. If you’re sure the password is correct and still have issues logging in, start the password recovery process.
Sometimes, the recovery methods fail to work: cybercriminals can easily remove your password recovery information, or you simply can’t access your recovery email or device at the moment. Then you should contact customer service.
2. You find strange emails in your Sent folder or messages you didn’t send
Sometimes, instead of taking over and completely locking your account, cybercriminals try to commandeer your account. This way, they can send spam content or collect more information about you while staying invisible.
It’s recommended to occasionally check your Sent folder for any messages or mass emails you don’t remember sending. Another effective point to deal with spoofing or other email fraud is email authentication. Correctly set up email authentication records minimize the chances of a spoofer disguising your communication.
3. You receive emails with password reset instructions
Unexpected password reset emails is another troubling sign that you may have been hacked. A cybercriminal could be trying to see which banks, shopping sites, and other services you use. Keep a close eye on any emails, text messages, or calls claiming to be from your bank and asking for sensitive information.
4. You receive complaints from your contacts
Your friends and family members surely know what content sent from your email could be considered strange or simply unusual. If anyone lets you know they’re getting such emails, this could be a sign an attacker sends spam and phishing emails using your Inbox.
5. Unusual IP addresses, devices, and/or browsers
Nowadays the majority of email services made it possible for you to check your login activity, view the IP addresses, or even check where your account has been accessed from. If you see unknown locations or devices, someone might be tampering with your account.
What should you do if your email or social account has been hacked?
If you’ve made the unfortunate discovery that one of your accounts has been compromised, there are several things you should do immediately. These include:
Immediately change your password
Changing your password as soon as you realize that you might have been hacked is the first thing you should do to protect your information from unauthorized access.
Hackers usually steal email addresses and passwords knowing that most people will use the same password for different accounts. If they get only the email address, they count on people using simple passwords that are easy to crack. By changing passwords, you might avoid having your account hacked.
As was mentioned above, you can always try the recovery process in case you don’t remember your password or lost access to your account somehow. Contact customer service if you need any help with recovering your account.
Clean up your device
Malware on your device could be the way attackers gained access to your email or social account. Run an antivirus scan to check for spyware, keyloggers, and other types of malware. Update your browsers and apps, and remove any unknown third-party extensions or apps.
In rare cases, such malware can delete or modify files on devices. To improve cyber hygiene in this case, use data recovery tools to scan, clean up, and protect your storage.
Make sure no other accounts were affected
It’s essential to make sure no other accounts of yours were affected because your email was used to secure them. We would strongly recommend checking if you can log in and then changing the password to a new, more reliable one. Consider updating the email address, too. Look into available security options like two-factor authentication and additional alerts.
If you can’t get into any of your accounts, immediately reset the password and contact support.
Inform your contacts
As you already know, cybercriminals hack email accounts to send spam messages or try to steal information from your close contacts, such as your friends, members of your family, followers, or colleagues.
Inform your contacts as soon as you suspect an attack on your email or social account. Making a post on social or reaching out directly to the close ones may be an option. This way, you can guarantee they are attentive to any suspicious or unexpected emails or calls. It’s a good idea to give your contacts your new email address where they can immediately reach you.
Make sure your account recovery information is relevant
When you regain access to your email account, you should look attentively at your account recovery information. Double-check the list of recovery email addresses and any phone numbers listed as the recovery ones. Immediately contact the support if you find any unknown numbers or emails, and remove them from the list.
Set up account forwarding and auto-replies
It’s recommended to check auto-forwarding or auto-replies and make sure that nothing suspicious is enabled by anyone except yourself. These options are commonly used by cybercriminals to get copies of emails sent to you or to send spam from your email account automatically.
Use multi-factor authentication
Over 1.2 million Microsoft accounts were compromised last January. When it came to vulnerability, 99.9% of them had one thing in common — they did not have multi-factor authentication. Multi-factor authentication is considered to be one of the most effective methods for preventing cyber-attacks attacks.
Turn multi-factor authentication on if you still haven’t done it, and add an additional layer of security to your email account. Nowadays, this option is offered and encouraged by email providers: a second login step, asking you to provide additional “factors” before granting you access.
Consider taking additional security measures
Your email provider might offer additional means of protection against cyber attacks. Also, check what’s available on your device. Effective security options include security alerts when signing in from new locations or devices, as well as an ability to remotely wipe accounts/devices if they’re lost or stolen.
Get qualified help
If nothing from above helped and you ran into any additional problems, ask someone more qualified for help. Getting professional help may require additional time (and cost), but often it’s the fastest way to remediate the situation and prevent future security issues.
Don’t hesitate to check help materials or reach out to support representatives directly. All social media and email providers have such opportunities.
Create a new protected account
Unfortunately, sometimes you’re not able to access and use your account again despite your best efforts to regain it. The last resort is to start setting up a new email address or social media account.
Additionally, you should check if your other accounts were affected by the hack, and take similar measures as soon as possible. And this time, spend some time on making new accounts fully protected not to repeat a frustrating experience again.
Internet accounts get hacked every day. Above are the steps you’ll need to immediately take if you suspect or know that your computer or personal information has been compromised: change your password ASAP, turn multi-factor authentication, inform your friends and family, etc.
Be serious with cyber hygiene because it’s a vital part of our daily lives. We hope that you’ve been able to stay safe so far. Keep hackers out of your life by making it harder for them to find a way in!
And if you haven’t turned two-factor authentication on for all of your accounts, this is a quick step you can take now. To start, you can learn more about Namecheap’s 2FA methods.