Hacking is everywhere in the news these days, and for good reason: it is more prevalent and damaging than ever before. Just ask Anthem, the United States’ second-largest health insurer who announced in February that it had suffered a major breach. While no electronic medical records were compromised, thieving hackers stole sensitive user information: names, addresses, and Social Security numbers. In fact, 79 million individuals’ data– current and former customers, employees, and even non-customers – was stolen. The hackers believed to be responsible for the attack had been inside the Anthem system for months. Anthem left all of its user account information unencrypted, reportedly because encryption is inconvenient.
When a business has their email hacked, the damage is unrelenting. For example, businesses depend on email marketing drip campaigns to relay information to their customers and attract new business as well. Having a hacked email that sends out spam emails to those who have signed up for companies emails is a sure fire way to ruin the business-consumer relationship.
Sometimes a hacker will turn into a spoof, which is someone who is using a familiar email address as click bait. This can happen once the hacker has been booted from your account, and switches from using your account to forging emails with spoofed “From” lines. If someone is spoofing your address, you will have to live with it. It’s incredibly simple to modify the “From” line so that it looks like you sent a message.
“If he copied down your address book during the time he had your password, then he can continue to use his copy to send junk mail to your contacts forever,” long-time IT professional and Stanford University electrical engineering PhD Rich Pasco explains in this blog post.
While hacking and spoofing are more consistent problems for both large companies and small businesses alike, there are ways to help restore balance when an email gets hacked.
Change your password
Clearly, the top priority when you get hacked is to change your password. However, simply switching out your password won’t necessarily be sufficient to reestablish a secure data environment. The cybercriminals who originally accessed your account will no longer be able to monitor your activities or send emails directly through your email, but that doesn’t mean they won’t haunt you – even after you retrieve your email backup and clean up your account.
Also consider that your hacker might be able to get your new password soon after you change it if they have spyware installed on your computer.
Delete their malware software
You also need to get rid of any malware. Don’t forget about your other devices – anywhere you check your accounts. Run your anti-malware program there as well. If you find malware, quarantine it through the anti-malware app. Then switch to another password, since the malware may have detected your first password change.
Notify your contacts
Check your outbox to see what the hacker has accomplished for you in terms of correspondence. If you disagree with their recommendations to take advantage of a ‘once in a lifetime’ opportunity with an Indonesian shoe business, follow up with friends to let them know that you are actually not part of an international footwear pyramid scheme.
Enact preventive measures
The best way to keep criminals from exploiting your account is to protect your email address. Never display your email address in public posts, instead choosing to mask that information.
Maintaining the privacy of your email address will mean you receive less spam and that the spammers can’t forge emails in your name.
The “business end” of spoofing
Since a spoof is an entirely bogus communication, you can be victimized on either end of the message. The real harm is often done to those who receive it because they may end up with spyware or even financial loss. However, note that when you receive a spoof, it won’t always appear to have come from someone you know.
For that reason, your address book will often be foregone for the address of a major bank or social media company. Often such messages are intended to appear as if the company is contacting you about your account and advising you to “log in” (although in these cases, that’s not what you’re doing) to see a change or take action.
Furthermore, backing up your email is always the best practice to make sure that your email is secured. If your account is compromised, all of your emails could be destroyed or corrupted.
About the Author: Ridley brings 20 years of industry knowledge to the Dropmysite Team. His previous experience are in the areas of sales, marketing, business development and operations where he specialized in search engine optimization, website marketing, website security as well as hard drive and software computer forensic duplication. His last role was as Vice President Sales of StopTheHacker, a leading website security company which was acquired by CloudFlare, Inc. Ridley continued with CloudFlare running StopTheHacker as General Manager.