I see more and more spam coming from the email accounts of contacts and friends when I open my e-mail program. In addition to this, people are telling me that they think their e-mail accounts have been hacked.
Signs can be friends receiving messages you did not send, mail is "marked read" that they never saw, settings are changed, or anything else out of the ordinary. In any case, the question is the same: "What do I do?"
While many Ghacks readers may know to follow these steps, having a guide handy for others is a useful thing. I can imagine many readers are resources for friends, family, and coworkers. These steps can serve as a checklist to ensure thoroughness.
This is a guide on how to reasonably secure your e-mail account. What to do if you lose access to your account is a different problem for another article. This article assumes you still have access, but strange things (as mentioned) are going on. It will cover the three most commonly used e-mail account types: Gmail, Hotmail, and Yahoo Mail. While changing the settings is pretty easy, finding them can be less than obvious. Here are some screenshots to help you find the general settings page for your account.
You need to do this immediately. This is akin to changing the locks on your doors. When you do not know exactly who has a key to your home, the locks are a liability. Count yourself lucky that you can get into your account. To change your password, log-in and go to Settings. Then follow the steps appropriate to your account.
The password needs to be super-secure, and I suggest you use a password manager such as KeePass to generate and store it.
If you cannot get into the account anymore, e.g. because the hacker changed the email password or because it was locked by the email company, contact the company directly to get it reinstated.
Your recovery e-mail address is the one that you use to reset/regain your password. However, if it was changed, it can be used to get the password to your account. Take a look to see if it is set to another account you own. If not, change it immediately. You also may want to follow these steps on that account.
Most people forget about this, but it is a good idea to change your hints. If the hacker knows the answer, they may be able to regain access. This usually requires the recovery e-mail address to be altered, but it is still better to change your hints. Since hints are usually used to reset passwords, they can be used to change your password.
Checking your forwards is going to be a tedious process, but it is important. If you only have time to skim them over, then do so but make a thorough look your next priority. Your bank account may depend on it. Your e-mail account can be set up to send letters to other e-mail accounts. Most websites are set up to send new passwords to your e-mail address. That means that an unscrupulous person could ask the site for your password, set up your account to forward it to an account they have access to, and the get into the site. That could be a bank site, a blog, FaceBook, or anything else.
While you are at it, also check filters if the service supports that. On Gmail, you'd go to Settings > Filters and Blocked Addresses to get a list of all filters. Filters may also be used to process emails automatically, e.g. to forward them to another account automatically and skip the inbox.
Sadly, you have to assume that your forwards are compromised. You are going to have to go through each site you used your e-mail account to sign up with and change the password and hint provided that you used the same password.
You might even want to associate them with a separate account to isolate critical e-mails. Alternatively, you could just change your password and hint on sensitive sites. Your bank and any financial websites should be first. Social networking site like FaceBook and Twitter should be next.
You should always use a strong password for your accounts: one with uppercase, lowercase, numeric, and symbol characters. Ideally, you should have a different one for each account. At the very least your e-mail, financial, and social networking sites should have separate passwords. Security is not about absolutes, but about making it difficult for others to gain access to you account.
It is worth noting that each of these services has an extra security feature. You can actually set up your account to use your phone for e-mail recovery. As I have not used it, it is beyond the scope of this article, but is worth considering.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.