Dealing with a Hacked Email Account

As editor of the Bodrum Bulletin I see my fair share of emails, SPAM, and hacked account messages. It's a shame that email account hacking is so common-place now, so let's take a quick look at this issue in more detail.

How an account is hacked.

For most cases, the answer is straight-forward; your password is not strong enough. Hackers have the technology to scan thousands of usernames and thousands of passwords with no effort at all. Most attacks use a "dictionary" attack of some sort. The simpler your password is - especially if it is a word straight out of the dictionary - the less secure it is.



Signs that your account may have been compromised.

  1. Your friend has received a strange email from you. The email will probably be offering something or inviting the recipient to click on a link.
  2. Your email client tells you. Modern web-based clients such as GMail will let you know that your account has been accessed from an unrecognised address.
  3. You cannot log into your email account.



How to prevent an attack.

The easiest way to prevent an attack is to secure your password, specifically the aim is to create something that's as far away from a recognisable dictionary word. However this needn't mean that you have to make something impossible to remember. Have you ever wondered how secure your password is? visit our Bodrum Bulletin Password Strength tester to see...

Here are some useful tips and guidelines to creating a secure password, we'll provide examples based on securing the 2nd most common password in the world: "password"...

  • Use at least eight characters, try to include at least one capital letter (Example: "Password")
  • Add a number which means something to you (such as your year of birth) on the end of the password. (Example: "password56")
  • Consider swapping similar looking letters for numbers: (Example: "passw0rd"])
  • Include punctuation marks and numbers. (Example: "password!")

You don't have to use all of these tips, but try to use as many as possible. Combining all these tips together quickly give us "Passw0rd!56".

Don't forget to use the Bodrum Bulletin Password Strength tester to find out how secure your password is.



What to do if your account has been compromised.

First, don't panic - too much. You have 2 main options.

  1. Close the account and start again
    • With this option you abandon your hacked account and open another one, you'll also need to send an email to all your friends with your new email address.
    • This seems to be a common solution; but it shouldn't be. If you choose to go this route then your first step should be to close your account. If you don't close it then the hacked account will continue to send messages to your friends. This option also has the huge disadvantage that you lose your email address. Don't forget to follow the advice above to use a secure password!
      Personally I don't recommend this solution unless you have no alternative (see below).

  2. Keep your existing account.
    • With this option, simply change your password to something more secure and review other security questions.
    • Accept that your account has been hacked and take action so that it doesn't happen again. Here's what you should do...
      1. Log into your account. Note if you are unable to log into your account (ie. the hacker has reset your password), then use the "recover my password" which all of the email websites provide. If you are still unable to log in to your account contact your email provider - they may be able to help. If all fails, then you should follow the option above and set up a new account.
      2. Once you are logged in to your account you should first change your password. Use the advice above and the Bodrum Bulletin Password Strength tester to find a suitable secure password.
      3. Next, review and change (if appropriate), any security questions in your account - these are often changed by the hacker to provide a back-door to your account. These security questions often include:
        • Email address or alternate email address.
        • "Secret" questions and their answers
        • Mobile/Phone information
        • Billing information
    • That's it. You have recovered your account and your account is secured - assuming you have created a secure password the chances of your account being hacked again are very low.
      This is the preferred option.