Last week, I got an email from a friend urging me to check out an amazing page. Between the grammatical errors and a link obviously pointing to a server somewhere in Russia, it was obvious that my friend’s email account had been hacked.
When I checked in with her another way, she already knew about the problem—the hacker’s message had gone out to her entire address book—and she was quite concerned. So I walked her through the steps for getting everything back in order.
Step #1: Change your password.
The very first thing you should do is keep the hacker from getting back into your email account. Change your password to a strong password that is not related to your prior password; if your last password was billyjoe1, don’t pick billyjoe2—and if your name is actually BillyJoe, you shouldn’t have been using your name as your password in the first place.
Try using a meaningful sentence as the basis of your new password. For example, “I go to the gym in the morning” turns into “Ig2tGYMitm” using the first letter of each word in the sentence, mixing uppercase and lowercase letters and replacing the word “to” with “2.”
Step #2: Reclaim your account.
If you’re lucky, the hacker only logged into your account to send a mass email to all of your contacts.
If you’re not so lucky, the hacker changed your password too, locking you out of your account. If that’s the case, you’ll need to reclaim your account, usually a matter of using the “forgot your password” link and answering your security questions or using your backup email address.
Step #3: Enable two-factor authentication.
Set your email account to require a second form of authentication in addition to your password whenever you log into your email account from a new device. When you log in, you’ll also need to enter a special one-time use code the site will text to your phone or generated via an app.
Step #4: Check your email settings.
Sometimes hackers might change your settings to forward a copy of every email you receive to themselves, so they can watch for any emails containing login information for other sites. Check your mail forwarding settings to ensure no unexpected email addresses have been added.
Next, check your email signature to see if the hacker added a spammy signature that will continue to peddle their dubious wares even after they’ve been locked out.
Last, check to make sure the hackers haven’t turned on an auto-responder, turning your out-of-office notification into a spam machine.
Step #5: Scan your computer for malware.
Run a full scan with your anti-malware program. You do have an anti-malware program on your computer, right? If not, download the free version of Malwarebytes and run a full scan with it. I recommend running Malwarebytes even if you already have another anti-malware program; if the problem is malware, your original program obviously didn’t stop it, and Malwarebytes has resolved problems for me that even Symantec’s Norton Internet Security wasn’t able to resolve. Scan other computers you log in from, such as your work computer, as well.
If any of your scans detect malware, fix it and then go back and change your email password again. (When you changed it in step #1, the malware was still on your computer.)
Step #6: Find out what else has been compromised.
My mother-in-law once followed the ill-advised practice of storing usernames and passwords for her various accounts in an email folder called “Sign-ups.” Once the hacker was into her email, he easily discovered numerous other logins.
Most of us have emails buried somewhere that contain this type of information. Search for the word “password” in your mailbox to figure out what other accounts might have been compromised. Change these passwords immediately; if they include critical accounts such as bank or credit card accounts, check your statements to make sure there are no suspicious transactions.
It’s also a good idea to change any other accounts that use the same username and password as your compromised email. Spammers are savvy enough to know that most people reuse passwords for multiple accounts, so they may try your login info in other email applications and on PayPal and other common sites.
Step #7: Humbly beg for forgiveness from your friends.
Let the folks in your contacts list know that your email was hacked and that they should not open any suspicious emails or click on any links in any email(s) that recently received from you. Most people will probably have already figured out that you were not really the one recommending they buy Viagra from an online pharmacy in India—but you know, everyone has one or two friends who are a little slower to pick up on these things.
Step #8: Prevent it from happening again.
While large-scale breaches are one way your login information could be stolen—this summer, Russian criminals stole 1.2 billion usernames and passwords—they’re certainly not the only way. Many cases are due to careless creation or protection of login information.
Last year, Google released a study that reveals most people choose passwords based on readily available information, making their accounts hackable with a few educated guesses. Easy passwords make for easy hacking, and spammers use programs that can cycle through thousands of logins every second to identify weak accounts.
Picking a strong password is your best protection from this type of hacking. It also is prudent to use a different password for each site or account, or, at the very least, use a unique password for your email account, your bank account and any other sensitive accounts. If you’re concerned about keeping track of your passwords, find a password management program to do the work for you.
In my friend’s case, her passwords were pretty good and there was no malware on her computer. But she was careless about where she was logging in. On a recent trip overseas, she used the computer in her hotel lobby to check her email. That was a bad idea.
Computers in hotel lobbies, libraries and other public places are perfect locations for hackers to install key-logging programs. The computers are often poorly secured and get used by dozens of people every day who don’t think twice about logging into their email or bank accounts or entering credit card information to make a purchase. The best practice is to assume that any public computer is compromised and proceed accordingly.
This article was written by Suzanne Kantra and originally appeared on Techlicious.
More from Techlicious: