Suddenly you are noticing strange things happening with your email. You’re receiving email messages about login attempts, password resets and two-factor authentication codes, and your friends and family are wondering why you’re sending them weird emails. You can’t even log in to your own email account and you’ve been bumped out of your social media accounts. What is going on? Your email might have been hacked.
Because your email is a gateway to all your online accounts, like banking, shopping, social media and streaming, it can potentially be a goldmine for a cyber criminal if they gain access. Here’s what you can do.
The signs that your email has been hacked
- You’ve been locked out of your email account and you can’t sign in. A hacker will change the password to take control of your account.
- You notice strange messages in your sent folder that you didn’t send.
- You can’t send email because your outgoing sent email quota has been exceeded.
- You notice bounces (rejected messages) in your Inbox that you don’t recognize.
- You’re receiving password reset messages from your financial institutions, social media or streaming accounts. A hacker can then reset the passwords and take over those accounts.
- There’s an automatic forwarding set up to an address you don’t recognize. Check your Filters and Access settings.
- There are email aliases in your account that you don’t recognize and that look scammy. Check your Aliases.
- Friends and family are getting emails from you that you didn’t sent. A hacker will have gained access to your contact list.
- Your social media accounts suddenly have posts that you didn’t make, or you are locked out.
- Your device is acting differently/slow. A hacker can install malware to get access to your inbox.
What you can do
- Regain access to your account. If you can access your email account, change your password immediately. If you’re locked out, contact Runbox support.
- Make sure there’s no malware or virus on your device. Use an antivirus software to scan and remove any malware (Windows Defender, Bit Defender, Malwarebytes, Norton etc)
- Change all your passwords and use strong and unique passwords for each of your accounts. You can use a password manager to keep track.
- Set up Two-factor authentication and a secure recovery email address. This adds another layer of security.
- Update your device software and make sure you have the latest security updates.
- Change your security questions on your online accounts.
- Change your router password and security settings, and use a VPN service.
- Tell your family, friends and contacts that you’ve been hacked and to watch out for suspicious emails. Not fun, but it will help protect everyone.
- Set up credit monitoring, and report identity theft and fraud.
- Contact Runbox Support to rename your account, or create a new email account. Sometimes it’s easier to start from scratch.
- Share as little as possible online. The more information you have out there, the easier someone can hack your email.
How it happens
- Your account information was leaked in a data breach. Email account information is repeatedly sold to spammers and hackers who can gain access to account details. This puts you at risk for identity and credit theft. A scammer might even send you threatening emails where they pretend to have some information about you that they will expose. They might have an old username or password from a data leak (which you probably already changed). Do not respond! You can check to see if your email has been part of a data breach here.
- You have been tricked by a phishing attack. A hacker will trick you into clicking on malicious web links where you enter your email account username and password details. This enables the scammers to steal your password and gain access to your account. The web links can look legitimate, like a bank or government agency. Learn how to avoid phishing.
- You accidentally downloaded malware onto your device. This can give scammers access to your computer so that they can steal sensitive information like your passwords and credit card information. Downloaded malware can also enable a hacker to record all your keystrokes through a keylogger program. Read more about viruses and malware.
- You didn’t sign out of a public or shared device at a library or an office. When you close a browser window, your accounts won’t automatically sign out. It takes a second for a hacker to change your passwords and lock you out of your account. Always sign out of all your accounts.
- Your email password was too easy to guess. Hackers can gain access to your account if your password isn’t strong enough. If your password is “password” or “123456”, your birthday or contains other personal information, someone could easily figure it out. Set a strong password for all your accounts.
- You reuse passwords on multiple accounts. If your passwords have been part of a data breach, hackers can try those passwords to gain access to your financial and online accounts. Give each of your accounts a unique password.
- A scammer hacked into your Wi-Fi network. Even if you have a password on your router, hackers can still get through if your password is weak, or the router software hasn’t been updated. Check the security settings. A VPN service might also help protect your network.
We will write more about different kinds of email scams out there and how to avoid them.
In the meantime, happy emailing.