Tuesday, October 11, 2011

Reacting to a hacked email account

In an event your email account or your friend's email account security have been breached, I have some ideas below that might help.

The reason I am writing all these is I have seen many people's accounts being used to send spam (because their accounts are hacked) and no one tells their friends about the breach so the correct reaction could not be taken and probably be deleted or sent to the spam mail or trash. Another reason is no one bothers about their accounts being hacked and be used for spam because their emails are not important to them. The huge mistake is, the usage of their hacked emails as "robots" or "zombies" to control, the person who is in control of the accounts (puppet master) can use these accounts for other malicious deeds and harm others. It becomes a chain reaction and may snowball into something big.

So enough of the talk and let's get into the topic.

My friend's email have been hacked !!!
Yes, you can tell your friend's email have been hacked. He/she sends you suspicious links (so don't click on "juicy" or obviously dangerous links). Another trend to note is the "To" list of people who would be receiving the malicious spam mail. The list of people in the "To" field (whoever that would receive the malicious spam mail) would be alphabetical. Who would ever be so careful to include people into the "To" list of receivers of an email in a very neat and well thought out alphabetical fashion other than a computer program ?

To summarise, you would notice a weird link in the email or some attachment that makes no sense and the list of "To" people (which would include your own email address) would be so neatly adjusted in an alphabetical fashion.

So how do you react ? Firstly, take a screenshot and forward back the link as an evidence to your friend's email (hoping he/she can still access his/her account). Contact your friend via a channel they usually would and tell them to change the password to something else that's not some default passwords people usually use (good password selection policy). Also advise your friend to change all other accounts that he had used that compromised account to register as well. The notion is that the intruder might have used the email account to request for password resets or some emails might contain passwords from account registrations that people might refuse or forget to change. Finally, if it's possible, ask your friend to alert the email provider of a possible breach so that the email provider can investigate their own security measures and carry out some security audits to ensure other users are safe.

My email have been hacked !!!
Ok, do not panic. Attempt to change the password in the email account and the other accounts linked to that email account that have been compromised. If you are locked out of your own accounts of any sorts, then notify the service provider (email or account provider) while they investigate into the matter. Notify your friends to be careful of the compromised accounts. The best way is to ask your friends to alert you any time when they suspect a spam from your account (this arrangement can be done without any event from happening yet as a safety precaution and a good security practise). All you need to do after you have warned the necessary people is to wait for the investigation to take it's course. There is nothing much you can do unless you would consider making yourself a new email account (and secure it safely with a new well-designed password).

Some additional measures to ensure security
Always use HTTPS (secure and encrypted) if the email or website provides one. If there is a setting in the website or email provider's options to turn on HTTPS, use it as the default instead of HTTP (insecure and unencrypted). Change passwords at least once every few months if possible and do not use the same password across multiple accounts. It makes predicting passwords so much easier. Use a password manager like KeePass (http://keepass.info/), KeePassX (http://www.keepassx.org/) or PasswordSafe (http://passwordsafe.sourceforge.net/) that have the capabilities to use strong encryption to store your personal information and passwords. Obviously, use a pretty strong password which you can easily remember to protect your password manager as the login password and DO NOT SHARE PASSWORDS !!

Overall, it is hard to deal with email account breaches as you might not be the owner of the email server. You are usually using a web-based email service someone provides you (Hotmail, Yahoo, Gmail...etc...) which you have very little control over. The above practises are thought out to reduce the damages a compromised account can do by acting responsibly. Do not forget, you might think that your email account is insignificant but it can be used to create bigger threats.

© 2011 Thotheolh / ThothTech. Part or whole of this article can be reproduced or quoted if their meanings are not distorted, else link them to this article.

No comments: