I’m not a cyber security expert but I receive a few emails each month telling me my email account has been hacked so I wanted to offer you the same advice that I give to my clients.
The big question is have you really been hacked? Should you believe the emails or ignore them?
In this blog post I will tell you what to do if you suspect your email account has been hacked.
Why do people want to hack into your account anyway?
It feels very odd that someone would want to target you. As a micro business owner your business isn’t turning over millions so what could hackers possibly want with your email account?
There are many reasons ranging from identity theft to blackmail. Heimdal Security give a list of 10 reasons why cyber criminals want to hack into your inbox.
Safe to say, if you think you are too small and insignificant to be hacked, you are wrong.
Has your email account really been hacked?
There are many steps we can take to secure our email accounts so if you are on the ball with your security then the likelihood of you getting hacked will be small. Instead of being a victim of hacking you might actually be a victim of email spoofing. I tried to find a low tech explanation of email spoofing but most of the explanations assume you are very tech savvy so I am avoiding them. Instead, here is my simple explanation.
Email spoofing is when an email looks like it comes from a specific sender but in reality it comes from someone else. E.g. I received this email that looks like it comes from my own email address, making me believe my account has been hacked but in reality it hasn’t. Someone is pretending to be me.
To find out if someone is spoofing the senders address you can check the email headers. This bit is a little technical but it’s worth understanding it so you can quickly put your mind at rest and you don’t need to email all your contacts with the ‘Sorry my account has been hacked’ email.
This great article by lifehacker.com explains how to tell if your account has been spoofed or hacked.
I followed the instruction in the article and I could see that the email came from the IP address 188.8.131.52.
I used the website whatismyipaddress.com to verify this did not come from my server. I could see that the email originated in Mexico.
To verify this (and because I like sanity checking everything I do) I sent myself a test email to compare the headers. I was surprised to see there was very little header information compared to the spam email. I couldn’t see the ‘from’ IP address. I concluded that because the email originated from my server it didn’t feel the need to add the headers.
I then checked the headers for a non spam email from my inbox and I saw a message that said;
So my email spam program was doing an SPF check. This is where it checks the domain where the email says it’s coming from matches the IP address of the server. This is set in your hosting account by using an SPF record. You can find out more about setting SPF records from your hosting provider. Here is an explanation of SPF records from SiteGround.
So in a nutshell. The ‘sent from’ email address must come from the designated email server for that domain or it will be flagged as spam. Spammers can change the ‘sent from’ email but they can’t change the server. Spam detection programs see this and put the email in your spam. If you are in doubt then you can verify this yourself by checking the headers.
If you think it’s spoofing then just delete the email and carry on with your day.
Signs your email account has actually been hacked
If your account hasn’t been spoofed and you receive an email from it then it is highly likely you have been hacked.
Verify this by checking your headers to make sure you are not being spoofed. See previous section.
Also, you can check the ‘Last account activity’ time stamp on your email program. For Gmail it is in the bottom right hand corner.
You can check your sent email folder. If someone really did send an email from your account it may be in there. If it is not there, check your deleted items folder just incase they deleted it.
You can also check to see if emails have been opened that you haven’t opened yourself. This is a sign someone has been snooping around.
How to secure your email account
If you have been hacked you need to quickly take steps to secure your email account. Do the following straight away.
- Change your password. This will make sure hackers can’t get back into your account. Make your password really strong. It is likely a weak password is how they gained access to your account in the first place. If you have security questions change them too. Change any other account passwords if you have been using the same passwords for those accounts.
- Enable multi factor authentication if you have it.
- Email your contacts and let them know you have been hacked. Warn them not to open any emails or click on any links. This really is something you need to do but it’s going to really hurt! You want your contacts to trust you. This is one big reason to protect your email account, hacking can really damage your brand!
- Check your email settings. Have they change your auto responder settings? Have they changed your email signature? Check for spammy links and redirections.
- Scan your computer for malware and viruses.
Having your email hacked can be very damaging for your brand.
Make sure it really has been hacked before you email your contacts telling them not to open any of your emails.
Make sure your email SPF records up correctly. Any good hosting account will help you do this.
Take your email security seriously.