Thursday, March 28, 2013

How To regain control of your hacked email account

In my Family Tech column that appeared March 28, 2013, I wrote :
One of the scariest things that can happen in our online lives, is to lose control of our email account.
With our email account controlled by another, they may get information about your banking, your bills, and many facets of your digital life.
A nefarious person can ask for password resets on other accounts you have, and those resets are sent to the email they control.
Note:  To send a link to this page to a friend, 
use this shortened link :

This How-To is designed to help a person regain control of an email account that has been taken over by someone else.

The intent is to provide a resource we can send friend's who have had their accounts taken over.

And by taken over, we mean had their email account's password discovered by someone else.  That person then logs into the email account, changes the password and other details to prevent the true owner to easily regain control of the account.

That nefarious person then uses the email account to attempt to defraud the users friends, or use the email account to send out Spam that will not be blocked by Spam Filters initially since the account was not previously known for sending spam.

More details about how account passwords are obtained are in the column.  It should be available online around April 4, 2013.

After this break, we'll discuss how to know if an email account has been hacked, how to get control back, and what to after you have regained control.

How do you know if your email account has been hijacked?

If your email account refuses to let you in, and you know you entered the correct user name and password, then someone else may have taken over control of your email account.

How do you know if a friend's email account has been hijacked?

When someone takes over another person's email account, often they use it to send out emails to the account owners contacts.

You might receive an email from them asking for money

Here is one I actually received supposedly from my friend :

   Hi, I really don't mean to inconvenience you right now but I made a quick trip to the United Kingdom and I lost a bag which contains my passport and credit cards.I know this may sound odd, but it all happened very fast. I've been to the embassy here and they're willing to help me fly without my passport butI just have to pay for my air ticket and settle some bills at the hotel. Right now I'm out of cash plus i can't access my bank without my credit card over here.I have contacted them but they need more verification. I'm just gonna have to plead with you to lend me some funds right now?I'll pay back as soon as I get home. I need to get on the next available flight home.I am in a hotel in London now. Please reply as soon as you get this message so I can forward the details as to where to send the funds.
Thanks a lot
Notice the email does not address you by name.  It was sent to everyone in their address book, not just to you.

When I received this, I knew the person was not overseas.  But you can see how if this is sent to a hundred friends of a hundred people, someone in that group of 10,000 will likely send money.

Had I responded to the email, I'd likely have been given the name of a helpful person at the embassy to send the money via Western Union.

If you receive an email like this, and wonder if maybe it might be valid, respond and ask the person to verify their identity.  Ask them something they would know, but not something that might be in one of their emails.  For example, asking the person the name of their minister might not be good; there are likely emails to or from the minister in their saved emails.

Instead, ask them where the two of you ate lunch at together last.  Something like that.

Most likely though, it will be a con.  Ignore it, other than to let it be a flag that your friend's email has been hacked.

They might send an email with malware attached

One use of a compromised email account is to use it to send out malware.

We are all fairly well educated now not to open files attached from random emails we get.  However, we are likely to let our guard down when we receive an email from a friend.

Attachments might install Trojan horses on our PCs that will send the keystrokes we type back to the hacker. These keystrokes might include our passwords to our bank account, and account numbers of credit cards.

There might not be an attachment  but instead a link to a website. When we go to that website, malware can be installed by exploiting weaknesses in our web browser.

Often these emails are short, and not specific.

They'll have subjects like "This is hilarious", and just a link in the body.

Or they will use sex to entice you.  The subject might say "Have you seen this hot video?" and then the body of the message contains just a link.

Be dubious of any message that does not address you by name, and is about a general topic; not something you normally interact with that person about.

Your friend's account might be compromised.  Now what?

Well, obviously you cannot email them.

And you really cannot rely on sending them a message Facebook or chat.  Once someone has access to an email account, they can ask other services like Facebook for password resets, thus gaining control of those accounts too.

And if this began with the person losing their phone, then even Text messaging is dubious.

The best thing is to let them know in person.  Or by phone, if you are sure you'll recognize their voice.

How to regain control of your hijacked account.

Now that we know someone has control of our email account, it is time to do battle and wrestle control back.

It may be easy; it may be punishingly difficult.

The three biggest email providers are Google (Gmail), Yahoo and Microsoft.  Microsoft is in the process of migrating their MSN and Hotmail email users to Outlook, so that is what I'll discuss here.

I am not going to discuss specifics for recovering accounts from each, since that can change in time.

All three email providers have a link in their login dialog box asking "Can't access account?"

That is where you begin.

In all three cases, they ask you a series of questions along the lines of 
  • Have you forgotten your username?
  • Have you forgotten your password?
Or, and this varies, has your account been compromised?

Specific Help for Gmail

And an article about Gmail Security that might help.
Here is the link to begin recovery of your Gmail account.

Specific Help for Yahoo

Here is the link to begin recovery of your Yahoo account.

Specific Help for Outlook

Here is the link to begin recovery of your Outlook account.

As you can imagine, simply losing your user name and/or password is not a big deal.  Your email provider will ask you your security questions, and then send you a temporary password to your backup email address.

If someone has truly hijacked your account, they have likely changed the answers to your security questions, and reset the address of your backup email address to one of their own accounts.

The one time I helped someone whose account had been seriously hijacked, Microsoft had a way for us to answer many questions about their account.  I believe a human had to eventually look at things like where the account had been accessed to recently before deciding to return control to my friend.  I suspect in her case, the account gone from always being accessed in Northern Virginia, to somewhere overseas after she lost control.  That was a good indicator for Microsoft the account had been hijacked.

Unfortunately, being that these are free email providers, they do not have telephone support lines you can call for help.

If you search in Google or other search engine for things like "My Yahoo,Gmail or Outlook] account has been hijacked" the search results will include services at the top with phone numbers.

Notice these are paid ads, and are not actually from Yahoo although the name Yahoo appears in their web addresses.  Searching for Gmail or Outlook will return similar ads.

I am highly dubious of anyone offering these services, although I have't tried to use them.  I am suspicious of any web address that could confuse a user into thinking it is from one of the major email providers.

And I suspect, they will charge you for doing what you can do yourself by going through the process discussed above.

What do do after you have regained control.

Reset your password. 

  • Do not use one you have used before.  
  • Use one that is hard for someone to guess.
  • Do not use that password for any other account.
  • Do not share this password.
  • See below for a blog post on creating strong passwords

Check your Backup Email Address and Phone Number

  • Make sure they are set to an account you own (and check to see if you still have access to).
  • If your account settings have asked for your cell phone number so they can send you security notices, make sure that is your cell phone number.

Check to make sure your email is not being auto-forwarded to another account

The hijacker may have set it so that all your future emails are copied to his account.  That way he might gain information about other accounts you have created accounts to, or financial information he might be able to exploit.

Guarding against having your email account hijacked

Watch for emails from your email provider saying changes have been made to your account.  

If you haven't made those changes they are telling you about, be very concerned.

For example, when I changed the backup email address on my Gmail account, I received this email :

Use a properly secure password

I found a fairly good blog post on creating a strong password.

One caveat, this person is the author of a password manager application I have not heard about before, so I am definitely not recommending it.  In fact, I've yet to use a password manager myself.

Monitor where your account is logged in from

If you use Gmail, in the lower right of your inbox is this :

When you click details, you can see where and when your account was accessed.  If you see inappropriate activity, you can log out that location.  Then would be a good time to go change your password.

On the page that comes up showing where you account is logged in from, you can setup an alert to be sent to you whenever your account is logged in from an unusual location.

If you want to share this post with people, you can use this shortened link :

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.