This post has already been read 2716 times!
How would you feel if you woke up in the morning and settled down to work only to find that you could not log into your email account?
Better yet, you have auto-routing set up for that account and find out about the hacking because your routed email account proudly displays the message from your service provider that the Password was successfully changed at 6.11 am – the time that you were not even logged onto the internet and were busy with the chores you do in the morning.
It happened to me today and I can assure you that one’s head goes into a spin. It requires stepping back, deep breathing and then getting into action to take back control of your privacy and your email account.
Consider it as a given risk that you will have your email, social media account and website hacked into. If you depend on online services, then you take the risk of some violation of your privacy and details. Think about the recent ebay account hacking.
Here’s how I went about it and did some good damage control.
Step 1. Ground yourself
You know you have a problem but don’t yet know the magnitude of that problem. The best way to handle is to keep calm (not an easy task at the time). I immediately grounded myself with the breathing exercises that I shared in my post https://karmicallycoaching.com/breathe-and-meditate-to-manage-stress/
I also try to forgive those who hurt me – not easy, thought it helps me to get back my energy for more positive and constructive tasks. I find forgiving helps to heal the psyche. (My post When Forgiving Helps to Heal tells more about this)
Step 2. Get access to your email account
You need to assess the damage. So after I got the notification of the change of password, I tried logging in from the login website of the service provider. I was not successful.
I then tried using the “Forgot my password” technique which usually works but this time, it did not because as I discovered later, my secret question had been changed.
If you have a similar situation, the next step to gain access is to call the Customer Service Help Line and ask for assistance.
No matter how stressed you are, comply with all their security information requests and ask them to reset your password.
My service provider was kind enough to text the new password to me and urged me to change the password immediately after login from the User Portal to a stronger one.
Step 3. Assess the damage and set up tighter security
Once you have access to your email account, the first thing you need to do is change your password. Change it to a long and strong password using numbers, multiple cases and if your service provider allows special characters. Refrain from using real words.
After that, look at all the settings to see if anything has been changed.
I found my auto-responder email address had been changed to that of the service provider which I changed again to the one I had originally set up.
On an aside, I also noticed that the email notification for password change had conveniently been deleted. So check everything!
This will prevent the hacker from getting back into your email account.
The next step is to go back to the service provider’s website and log into your user account and check for any changes to your User Profile, change your password if you have logged in with the reset password and haven’t already changed it and set a more difficult Security question.
My service provider advised me to do the needful and then write back with full details of the hacking to enable them to look into it. Always inform the service provider both before and after you have taken the needful action.
Step 4. Check your other accounts
Now we get deeper into damage control mode.
If you have used this compromised email as a User Name for any of your other internet activities, such LinkedIn, Facebook, Twitter, PayPal, internet banking or any other service, then check to see if anything is amiss. The same holds for any application you use to access your emails. You need to change the password to the new one.
I personally make sure that each service has a different password but sometimes we don’t. First call of action – change the passwords!
One other thing I checked was my Inbox, Junk and Trash folders for any other indications of password reset emails. That was when I found the success notification for the hacking.
In fact, as a precaution, change all passwords related to that email where it is your User Name.
Step 5. Check for spam and let others know what has happened
I have a feeling I was part of a bigger game of hacked email collection to be used later as I was able to take timely action, even if 4 hours later.
Apart from the verbal and written notification to the service provider, I put out a notice to my friends on Facebook that my email id had been compromised and that if they received any weird email from me, then know that it wasn’t from me.
This is 1 step you should do once you have your back-end sorted out. The last thing I want is for my friends to think that I stuck in a foreign land and need money or have found a video that they really must watch and get them compromised as well.
In fact, I’ve been monitoring that email account since 10.30 this morning to check if anything funny is still happening and if I need to write any personal emails to apologize or inform them of the situation.
Step 6. Looking forward
This happens once and you take the right actions after the event. Here are a few pointers that my email service provider sent me which I am sharing with you.
- Choose a strong password- Like I mentioned before, it should be a long and strong one with a mixture of numbers, cases and symbols to increase the strength and complexity of your password. This makes sure that the hacker needs to take more time to break the password.
- Avoid real words or something that can be second guessed by looking at your profile on social media. Better yet, randomly generate a string of characters and note it down somewhere safe or a password manager and use when you need to log in.
- Don’t share your password with others
- Always log out if you are using a computer with other users
- Change your password every fortnight
- Change your secret question from time to time so that nobody can guess the answer
- If you forget your secret question and answer, contact your service provider for assistance
If anything else, I finally understood the importance of a 2 factor authentication system. The banks use it and many of the social media sites allow you to set it up too. Do you really need it? It all depends upon your choice and preference though yes, at least on Facebook, I record the location of login and for my other email accounts I’ve used their extra security recommendations.
This is a longer post than I had originally planned but I wanted to share as many tips and steps as I possibly could.
Did I miss out anything? Has this ever happened to you? How did you handle it? Please do share in the comments box below.
PS. Never use the same password twice!
Written by: Vatsala Shukla
Thanks for the tips though I hope I never have to implement them.
Good job keeping your cool & wits about you.
🙂
D
Having an email or social media account or even a website hacked is as bad as having one’s home broken into. I remember the saying ‘A stitch in time saves nine”. Taking precautions at the beginning is always the better option but if faced with a situation that I shared, it is important to act fast and keep cool. Thanks for visiting the blog, Debra.
Hi, Vatsala! These are very good tips (for a scenario we hopefully won’t ever have to endure).
Thanks for visiting my blog earlier. Good luck on tweaking your color scheme!
Hi Kevin, a warm welcome to The Karmic Ally Coaching Experience Blog. Nobody should have to go through this scenario but if perchance it happens, it helps to have an action plan because time becomes of essence. I enjoyed your post at your blog and found a color that goes well with my color scheme. Off to do more experimentation. 🙂
I’m so sorry this happened to you. It must have been a heart stopping moment when you realized your account had been hacked. It’s never happened to me and I dread the day it does. Thanks for the great advice!
It was a heart stopping moment with a ‘What?’ exclamation on my part. 🙂 Thank God for water and grounding exercises. Two sips of coffee and I was off the mark to restore and contain damage. I wouldn’t wish it on anyone but when we use the internet, we take the risk and that is where risk mitigation becomes important. Thanks for dropping by, Sally Ann.
Thank you for sharing your story! I don’t know the last time I had changed my password . . . I’m going to change them all now!
You are most welcome, Lisa. Welcome to the Karmic Ally Coaching Experience Blog.
If you cannot remember when you last changed your password, then yes, it is time to do all of them right now. This is one time when the good old Filofax would be Godsend for putting in reminders. Hope I haven’t dated myself with that comment. 🙂
I really hope I never need this! I have a lot of trouble with passwords, though. Each time there’s a security scare, I change passwords, but it’s gotten to the point that I can’t remember all the different ones. They end up on post-its above my desk, which isn’t secure either (though the post-its contain hints, not the full passwords). I installed LastPass, which generates passwords for me on my computer, but I can’t seem to get it to work on my tablet, so I have to remember passwords anyway. How do you keep track of your passwords?
I hope you never need to use these tips either, Rachel, it was worrisome to say the least. 🙂
I must confess that this one time, I had not changed that password for a long time but learning from the email service provider that I should change my secret question regularly was an eye opener. About remembering passwords – I’m a wee bit old fashioned. I maintain a master record on a pen drive which I print out and use as a memory jogger if required. Most of the internet services that I use regularly are not a problem to remember but there are some which I have made too difficult even for me! I also do a maintenance check every now and then and change passwords as required especially on social media and websites. Hope that helps.
Wow! That is so scary. You did well to keep calm and under control in that situation.
Hi Ana and welcome to The Karmic Ally Coaching Experience Blog. It was indeed quite scary and I had not yet finished having my morning cup of coffee when I discovered the incident! If there is anything that life has taught me, it is to somehow keep calm in the face of calamity. Breathwork and grounding exercises are great for that as is a simple glass of water to calm the emotions. After that, it gets easier to bring the situation under control or at least mitigate damage.