I’m hearing the complaint of hacked email more and more often lately. Typically someone finds that their contacts are receiving messages from them that they didn’t send. The next two questions are what do I do? and how did this happen?
It could have occurred in several different ways but one of the most common is that your email address and password were exposed through stolen database data from a large company such as Yahoo. Over one billion Yahoo accounts were compromised a couple of years ago. Other companies have also been victims of stolen data. Sometimes these are reported right away and other times you may not hear about it until many months later.
Email phishing scams are another culprit. You may receive an email that looks like it’s from your email provider asking you to reset your password, when it’s actually a scam to get you to expose your security information. Never use an email link to do a password reset, go directly to the company’s website instead. One more way that passwords can be obtained is through key loggers that are installed on computers as part of a malware infection. These malicious programs secretly capture your keystrokes and send them to remote computers.
So, what should you do? A malware scan on your computer is a good start. In case of key loggers and other malicious software it’s best to make sure you have a clean computer before attempting anything else. Next you want to go to the website of your email provider and change the password of the affected account. Use a good password that you haven’t used before. A good password is comprised of a mixture of capital and lowercase letters, numbers, and characters. The best passwords won’t contain words that can be found in dictionaries since these are the easiest to crack. Try thinking of a phrase and using the first letter of each word in the phrase and then incorporating some numbers and characters. This will be less difficult to remember but still hard to crack.
After you change the password consider setting up 2-step verification. This means when you log in from an unfamiliar location you will be required to identify yourself through another method (usually from a code texted to your phone). This ensures that even if someone gains your password they can’t use it to log into your account. Gmail, Yahoo mail, and Outlook mail all support 2-step verification. You can enable 2-step in Gmail here, enable yahoo here, and enable Outlook here.