Email Accounts As Prey
Recently, I had a friend whose email account got hacked. I received a spam email from him, with a suspicious looking link added. Knowing safe computing practices, I didn’t click the link and I deleted the message. I then contacted my friend to let him know what happened.
It’s quite common for “free” email accounts such as Gmail, Yahoo, and Hotmail to become compromised. Hackers have a variety of reasons for breaking into your email. They might be looking for sensitive information, such as bank statements or account information. They may also be looking to spread malware, by using your account to send an email with a malicious attachment or link to a malware infected website. Friends and acquaintances are much more likely to open an attachment or click a link if the email is from a trusted person. So when a hacker gets control of your account, they will look at your contact list and start sending emails.
What You Can Do to Protect Your Inbox
The chances of having your account hacked can be reduced by following a few tips.
It’s a good idea to review your email account security settings. When you login to your email account on the web, you can access your account settings. Here you can verify that your account recovery information is correct, that only trusted devices and apps are connected, and review other security related information. Using a cell phone as a recovery option is a good idea. If you need to reset your password, the email provider will send you a text message with a code. This code verifies you are indeed the rightful owner – since it’s unlikely someone else would have your cellphone.
Avoid using easy to answer security questions. Security questions are setup when you create an account online, and used to verify your identity when you need to reset your password. The problem is, it’s also a way for a hacker to reset your password and gain access to the account. Using something like “what city were you born in” or “what high school did you attend” is information that can be pretty easy to obtain. Make sure your security question is based on something only you would know.
Use a strong password or passphrase. A strong password is one that is at least 7 characters, contains a mix of upper and lower case letters, includes at least one non-alpha character such as $, # or !, and includes are least 1 number. Passphrases are a more secure alternative, because they are longer and usually more difficult to guess. “Like2EatChickenPotPie!” or “$afteyIsAlwaysF1rst” are examples of good passphrases.
If your email provider supports it, enabling two factor or two step authentication will make your account extremely protected. Two factor authentication requires you to enter a pin code as well as your password. The pin code is generated by an app on your smartphone. Enabling two factor will begin a process that links the app to your email account. Once registered, the code will change every 30 seconds. If you lose your phone, and therefore the pin code, you can follow the account recovery process to reset it.
Keep your computer protected. Always install operating system updates, and make sure you have antivirus installed and up to date. Some types of viruses or malware can capture your passwords, allowing a hacker to gain access to your accounts – including email accounts. Having adequate protection can reduce the risk of this happening.