How would you feel if you woke up in the morning and settled down to work only to find that you could not log into your email account?
Better yet, you have auto-routing set up for that account and find out about the hacking because your routed email account proudly displays the message from your service provider that the Password was successfully changed at 6.11 am – the time that you were not even logged onto the internet and were busy with the chores you do in the morning.
It happened to me today and I can assure you that one’s head goes into a spin. It requires stepping back, deep breathing and then getting into action to take back control of your privacy and your email account.
Consider it as a given risk that you will have your email, social media account and website hacked into. If you depend on online services, then you take the risk of some violation of your privacy and details. Think about the recent ebay account hacking.
Here’s how I went about it and did some good damage control.
Step 1. Ground yourself
You know you have a problem but don’t yet know the magnitude of that problem. The best way to handle is to keep calm (not an easy task at the time). I immediately grounded myself with the breathing exercises that I shared in my post https://karmicallycoaching.com/breathe-and-meditate-to-manage-stress/
I also try to forgive those who hurt me – not easy, thought it helps me to get back my energy for more positive and constructive tasks. I find forgiving helps to heal the psyche. (My post When Forgiving Helps to Heal tells more about this)
Step 2. Get access to your email account
You need to assess the damage. So after I got the notification of the change of password, I tried logging in from the login website of the service provider. I was not successful.
I then tried using the “Forgot my password” technique which usually works but this time, it did not because as I discovered later, my secret question had been changed.
If you have a similar situation, the next step to gain access is to call the Customer Service Help Line and ask for assistance.
No matter how stressed you are, comply with all their security information requests and ask them to reset your password.
My service provider was kind enough to text the new password to me and urged me to change the password immediately after login from the User Portal to a stronger one.
Step 3. Assess the damage and set up tighter security
Once you have access to your email account, the first thing you need to do is change your password. Change it to a long and strong password using numbers, multiple cases and if your service provider allows special characters. Refrain from using real words.
After that, look at all the settings to see if anything has been changed.
I found my auto-responder email address had been changed to that of the service provider which I changed again to the one I had originally set up.
On an aside, I also noticed that the email notification for password change had conveniently been deleted. So check everything!
This will prevent the hacker from getting back into your email account.
The next step is to go back to the service provider’s website and log into your user account and check for any changes to your User Profile, change your password if you have logged in with the reset password and haven’t already changed it and set a more difficult Security question.
My service provider advised me to do the needful and then write back with full details of the hacking to enable them to look into it. Always inform the service provider both before and after you have taken the needful action.
Step 4. Check your other accounts
Now we get deeper into damage control mode.
If you have used this compromised email as a User Name for any of your other internet activities, such LinkedIn, Facebook, Twitter, PayPal, internet banking or any other service, then check to see if anything is amiss. The same holds for any application you use to access your emails. You need to change the password to the new one.
I personally make sure that each service has a different password but sometimes we don’t. First call of action – change the passwords!
One other thing I checked was my Inbox, Junk and Trash folders for any other indications of password reset emails. That was when I found the success notification for the hacking.
In fact, as a precaution, change all passwords related to that email where it is your User Name.
Step 5. Check for spam and let others know what has happened
I have a feeling I was part of a bigger game of hacked email collection to be used later as I was able to take timely action, even if 4 hours later.
Apart from the verbal and written notification to the service provider, I put out a notice to my friends on Facebook that my email id had been compromised and that if they received any weird email from me, then know that it wasn’t from me.
This is 1 step you should do once you have your back-end sorted out. The last thing I want is for my friends to think that I stuck in a foreign land and need money or have found a video that they really must watch and get them compromised as well.
In fact, I’ve been monitoring that email account since 10.30 this morning to check if anything funny is still happening and if I need to write any personal emails to apologize or inform them of the situation.
Step 6. Looking forward
This happens once and you take the right actions after the event. Here are a few pointers that my email service provider sent me which I am sharing with you.
- Choose a strong password- Like I mentioned before, it should be a long and strong one with a mixture of numbers, cases and symbols to increase the strength and complexity of your password. This makes sure that the hacker needs to take more time to break the password.
- Avoid real words or something that can be second guessed by looking at your profile on social media. Better yet, randomly generate a string of characters and note it down somewhere safe or a password manager and use when you need to log in.
- Don’t share your password with others
- Always log out if you are using a computer with other users
- Change your password every fortnight
- Change your secret question from time to time so that nobody can guess the answer
- If you forget your secret question and answer, contact your service provider for assistance
If anything else, I finally understood the importance of a 2 factor authentication system. The banks use it and many of the social media sites allow you to set it up too. Do you really need it? It all depends upon your choice and preference though yes, at least on Facebook, I record the location of login and for my other email accounts I’ve used their extra security recommendations.
This is a longer post than I had originally planned but I wanted to share as many tips and steps as I possibly could.
Did I miss out anything? Has this ever happened to you? How did you handle it? Please do share in the comments box below.
PS. Never use the same password twice!
Written by: Vatsala Shukla