I’ve been hearing a lot of people lately saying, “My email has been hacked.” What does that mean? If your email has actually been ‘hacked’, it means that bad guys have obtained your username and password, probably thru some sort of phishing or just by hacking away at it with password-guessing tools. They’ve been able to get into your email account, pretending to be you, read your email, gather any useful information they find in your profile, and copy all the contents of your contact list. Most often, they use this information to send spam to everyone in your list. It will look like you are soliciting all your friends for money. You really don’t want this to happen! You need a watchdog to prevent it. This article will give you some tips and, for Gmail users, I’ll tell you how you can make your email hacker-proof with 2-tier verification.
Maybe you Haven’t Been Hacked
But first, I want to explain how it may look like you’ve been hacked when you really haven’t. Hackers certainly like it when they can get into someone’s email account and pretend to be them. That way they can send out spam to everyone in that person’s contact list and there will be no obvious markers that this is illegitimate email – they are actually using your account. But they don’t need to do it that way. Spammers have tools that can make an email appear to come from any address. If they know that suzy@mail.com is a real address, then can send out email “FROM” Suzy, without hacking into Suzy’s account. So, just because some of your friends are getting spam that looks like it’s from you – it doesn’t necessarily mean that your email has been hacked. They may have hacked the email account of a friend of yours and found your email address in your friend’s contact list. They can then use their tools to send out spam FROM you to all the other addresses in that account, some of which are also friends of yours. If you’ve followed this scenario, you know that there is nothing you can do to prevent, or fix, this – short of demanding to be removed from all of your friends’ email lists.
If your account has actually been hacked, you will see other signs. Lots of your contacts will report getting spam from you, not just a few. Your contact list may be deleted. You may have lots of ‘undeliverable’ messages in your inbox for messages that you didn’t actually send. Your Sent folder may show emails that you didn’t send – or it may be completely empty. If this is the case, you need to take immediate steps to kick the bums out! First be sure you’ve scanned your computer for viruses and cleaned them up then follow the recommendations in this excellent article on the Ask Leo website: Email Hacked? 7 Things you Need to do NOW!
You Need more than a Password
Yes, you need a strong password, but that is not enough these days. Even long, strong, secure passwords can be discovered by determined hackers with the right tools. You need more. Many websites now offer security questions – make sure to fill them out. Some email systems offer HTTPS connections, like Gmail. If yours offers it, turn it on. This will encrypt all your email data so it can’t be grabbed from the Internet. The latest, and most effective method to prevent hackers from gaining access is to turn on Gmail’s 2-Step Verification. Once it is on, you will have 2 steps to verify who you are when you log in to your Gmail account. After entering your username and password, you will also need to enter a verification code that Gmail will send to your phone in a text message. There is no way a hacker can get both of those at the same time.
It’s Not Just Your Email!
If you’re like me, I use my Gmail address as my Google Account, and my Google Account gives me access to my Blog, my Picasa Web Albums, My Google Drive, My Android phone Google Play Store (which includes my credit card info) and probably some other tools I’ve forgotten about. I would be in a world of hurt if a bad guy gained access to everything attached to my Google Account! So, I turned on 2-Step Verification. It was easy, the instructions for 2-Step Verification are clear and simple. Within minutes, it was set up and my phone gave the sound that I’d received a text message, I read the code and entered into the space provided on my Google login screen, and I breathed a sigh of relief. It was the same feeling I’ve felt after getting the storm shutters up on the house before a hurricane … I’m safe! And, don’t worry, you won’t have to get that second code every time you log in. You can specify that your computer is ‘trusted,’ so just the username and password will be sufficient on that machine. But, if you log in from anywhere else, you will need the second code.
The only tricky part is for other apps, like my Picasa Web Album account on my smartphone. I have entered the username and password for my Google Account so I can upload pictures from my phone to my Web Albums. Now that I’ve changed my password, and turned on 2-Step Verification, that login will no longer work. And, that app does not have the capability to wait for the second security code. What I needed to do is login to my account on the computer, go to Security and 2-Step Verification, and create an Application Specific password for my Picasa Web Albums. This is a special one-time password – don’t worry, the instructions are simple, and there’s even a video explaining Application Specific passwords.
Don’t wait to get hacked!
Take the extra steps to prevent it today. We recommend that you use Gmail as your email aggregator program even if you don’t use an @gmail.com email address. For help with other email systems, here are some helpful sites:
And here is a great overview checklist from Google on Gmail Security Checklist.