Hacking is everywhere in the news these days, and for good reason: it is becoming a bigger problem. Just ask Anthem, the United States’ second-largest health insurer. Anthem announced in February that it had suffered a major breach. Although no electronic medical records were compromised, sensitive user information was: names, addresses, and Social Security numbers. In fact, 79 million individuals’ data– current and former customers, employees, and even non-customers – was taken. State-sponsored Chinese academic researchers are widely believed to be responsible.
Just as with Sony (which experienced a slash-and-burn attack the FBI says came from North Korea), the hackers are believed to have been inside the Anthem system for months. Not wanting to be rude to its houseguests, Anthem left all of its user account information unencrypted (reportedly because encryption is inconvenient).
It can happen to anyone
In November, Suzanne Kantra of Techlicious received an email from a personal acquaintance asking her in broken English to go to a certain website. Upon further research, Kantra realized that she was receiving the message from a server in Russia that wanted her to come check out its sexy new malware.
“When I checked in with her another way,” Kantra explained, “she already knew about the problem—the hacker’s message had gone out to her entire address book—and she was quite concerned.”
Kantra, the former technology editor for Popular Science, gave her friend the following checklist to enhance her email security and recover from the breach.
Use a different password
Your #1 priority is to prevent the intruder from continuing to access your email. You want a hyper-secure password that is completely dissimilar to the previous one. For example, if your hacked password is beetlejuicebeetlejuice, your new one should not be beetlejuicebeetlejuicebeetlejuice. Plus, if Beetlejuice is listed as your favorite movie on Facebook, it probably should not be your password.
One way to approach the password is with a strong random password generator, which I highly recommend. The one issue with randomizing is that your passwords become virtually impossible to remember. An alternative is to base your password on a sentence. “For example,” offered Kantra, “ ‘I go to the gym in the morning’ turns into ‘Ig2tGYMitm’ using the first letter of each word in the sentence, mixing uppercase and lowercase letters and replacing the word ‘to’ with ‘2.’”
Get back ownership
Your hacker may have changed the locks on you, leaving you out in the cold. To get access back, you can typically go through the password retrieval system, accessible through the login page.
Set up 2FA
You may be familiar with two-factor authentication, which some of the hip older kids are calling 2FA. This protection requires you to be authenticated twice, typically via a code that is delivered by text message or through a mobile app.
Look through the account settings
A cybercriminal will often care so much about you that they want to help you back up your email within their very own email account via forwarding. However, you may prefer that your hacker not be reading all your mail. Turn off the forwarding.
Look at your signature as well, where the hacker may be advertising to everyone.
Finally, check that your auto-responder hasn’t been co-opted by the hacker.
Delete their software
You also need to get rid of any malware. Run your current program or do a full scan with Malwarebytes, which has a free version.
Kantra gives the application a strong thumbs-up: “I recommend running Malwarebytes even if you already have another anti-malware program; … Malwarebytes has resolved problems for me that even Symantec’s Norton Internet Security wasn’t able to resolve.”
Don’t forget about your other devices – anywhere you check your accounts. Run your anti-malware program there as well.
If you find malware, quarantine it (through the anti-malware app). Then switch to another password (since the malware may have detected your first password change).
Follow the trail of hacking
Kantra mentions her mother-in-law, who used to keep her login details for all her accounts in a specified message folder. She was hacked, and the intruder was able to wreak additional havoc by using her own filing system.
You probably have emails with these sensitive details. Search for “password.” Switch out anything that hackers might have seen. Look over your statements if you think they might have accessed any financial accounts.
If you have reused the identical login credentials on other sites, change those ones as well.
Notify your contacts
Check your outbox to see what the hacker has accomplished for you in terms of correspondence. If you disagree with their recommendations to take advantage of a sale at an Indonesian shoe site, follow up with friends to let them know that you are actually not part of an international footwear pyramid scheme.
Enact preventive measures
As suggested above, it’s a wise idea to use a random password generator and to diversify your passwords.
Kantra’s friend used a variety of complex passwords, and she didn’t even have malware on her PC. However, she wasn’t being careful about the devices she was using, accessing her email through a computer in the lobby of a hotel.
Hotel lobby computers are typical targets for hacker tools called keyloggers that record each keystroke you enter. Kantra stresses that PCs in public places “are often poorly secured and get used by dozens of people every day who don’t think twice about logging into their email or bank accounts or entering credit card information to make a purchase.” Expect a public computer to be contaminated. Wear a surgical mask and gloves.
Furthermore, do you back up your music collection? Is your music collection really more important than your email? If your account is compromised, all of your emails could be destroyed or corrupted. Check out our user-friendly automated email backup plans.
By Kent Roberts