e-Mail Hacked? Changing Password is Not Enough!

A couple of days ago, a friend's e-mail address was compromised by scammers. They got access to her e-mail account and sent e-mails to her contacts (impersonating her) with the claim that she was stranded in foreign land and needed urgent financial aid. We discovered that the fraudsters had changed quite a few of her e-mail settings to make their scam keep working for them even after my friend would have changed her password! I learned quite a bit from the experience and I have a few (pre or post) cautionary measures to share.

If you suspect that your account has been hacked into, here are some tips that should be very useful (especially if you use Yahoo Mail).

  1.  Change your password! Luckily, many times, the hackers don't change your password in order to reduce your likelihood of suspicion. They know that if you're not able to log in, you're likely to contact your e-mail provider. The good scammers allow you to keep logging in, business-as-usual.
  2. Changing your password is not enough!. You need to be sure you're dealing with the right party every time you enter your personal information. With Yahoo, you ought to create a sign-in seal. My friend was deceived into thinking she was entering her password on a Yahoo site (by the way if Yahoo contacts you and says they will delete your account if you don't update your info, it's probably scammers in disguise). To create a sign-in seal, you need to go to your account info. Yahoo will prompt you to enter your password one more time in order to access your account info.

    This diagram above shows where you will create a sign-in seal (and also where you'll change your password). It could be either a phrase of text you'll recognize or an image stored on your device. The point of the seal is not for Yahoo to check whether it is you; rather, it's the other way round. Yahoo shows you the seal to show you that you're dealing with them and not a phishing site. The seal is applicable only on the device you're setting it on. You'll need to create a separate seal for your other devices.

  3. Check your alternate contact and verification info: Make sure that the scammers have not changed the address of the additional e-mails and personal contact info you gave your e-mail provider to be used in the event of your forgetting your password. This also applies to your security questions. A good e-mail provider will alert you if such changes have been made. Thus, experienced scammers may not bother with these changes; however, one is better safe than sorry.

  4. Check your recent log-in activity: Still under the account info, we were able to check that someone had logged in from another state in the US!

  5. Check that your sent messages are being saved: We noticed that the scammers had unchecked the  option to save a copy of sent messages in the owner's sent folder. This was so they could send numerous messages without the owner of the account noticing a thing.

  6. Change your 'Reply-to' address: This is one of the most important steps. We noticed that the scammers had changed the reply-to address to something that looked similar to the owner's address. For example "Hum" might be changed to "Hurn" which looks similar (especially with condensed e-mail fonts with wrong kerning). "Herbie" could be changed to "Herbia" and so forth. Yes, this means they create a new e-mail account for the purpose of receiving replies from your contacts. Yes, this means if your contacts reply the fraudulent mail, it goes to the scammers...even after you've 'taken back control' by changing your password!

  7. Check your filters: Just to be safe, make sure the scammers have not created a new filter. This is less likely, but you cannot be too safe.
  8. Check your e-mail trash bin. If you were able to change your password on time, you may have done it before the scammers were able to delete all the replies that actually made it to your inbox. These would be replies that came from people who didn't simply click 'reply' to the scam e-mail without checking that they were replying to the wrong address, or replies from people who created a fresh e-mail rather than click 'reply'. Either way, you may be lucky to recover some of the deleted mail in the trash. Transfer those to a new folder as soon as you can so you don't lose them (preferably not back to your inbox so as not to "lose those mails in the crowd").
  9. Still contact customer care. Still report the incident to your provider (and, I'll go as far as saying, the Police if possible). This list is not exhaustive so be vigilant and thorough. I welcome your suggestions, additions, and corrections. Good luck.

UPDATE 201306031034:
I should have mentioned that the sign-in seal is browser-specific since it is dependent on cookies. If you create a sign-in seal on a browser like Safari, it will be specific to Safari. You'll need to create another one for Opera or Chrome or Firefox. The sign-in seal is also user-account-specific, meaning if you have more than one user account (not actual users but the accounts) you'll need a different sign-in seal. If you have only one user account but many users (not an ideal scenario), then you'll have only one seal per browser. Meaning if your daughter logs you out of your Yahoo account so that she can log in, she'll see that same seal for that browser. Also, since the seal is dependent on cookies, if you are in a private browsing mode, there will be no seal.

Comments

Post a Comment

Thanks for stopping by.
Please leave a comment...let's hear what's on your mind :)

Popular posts from this blog

Help The Photographer help you!

Image
Congratulations! After painstaking research, you've finally decided on a photographer for your wedding. Yes, everyone knows the most important vendor for that day is the…ahem…photographer, and you, my dear, have bagged one of the best in the craft. He/She has a brilliant track record and is surely going to make a big success of your wedding coverage. However your work is not yet complete. Below are a few wedding-day aspects where your input will help your photographer give you the best. For the sake of this article we shall refer to the photographer as…well…The Photographer.  It will be easier to ensure all of the following if you hire a competent wedding planner/coordinator…because it’s better that you focus on enjoying your special day than the size of the portions served for example. 1) Help The Photographer make sure that there’s enough time for portraits after you've dressed up. It is usually a good idea to have a portrait session while your makeup is st
Read more

Suggested Improvement to Facebook "Like"

Image
Seriously, Facebook should stop abusing the word "Like". We've made our peace with their abuse of the word "Friend" but the "Like" thingy may be doing them some harm. Think about it. Imagine I find a page I want to participate in not because I like the page ("like" in the literal sense not the perverted Facebook sense) but because I want to provide an alternate viewpoint. The establishment could have the exact opposite of my values, or sell products I'm not happy with, and the best way to keep tabs on them, or offer my complaint would be to "Like" the page. Problem is I don't want to be caught dead 'liking' a page I don't...well...like. I know companies would probably want to limit the voice of the complaining customer, but some (the smart ones) will want to hear such customers so they can improve or at least know what their enemies are saying. This loss in important feedback and community activity might cost
Read more

Those Darned Calories

I’ll second (or third) that too rapid weight loss is not healthy. Actually history has shown that too rapid anything, more than less, is never healthy. That said, it's good to watch your caloric intake...but it will not be as easy as not eating. A faster healthier way to loose weight is to eat smaller but more regular meals (of course while adding a healthy dose of exercise...or rather, a dose of healthy exercise). Whatever you do, avoid bouts of starvation. Starvation simply tells your body that there isn't enough food to go round (famine even). The body then responds by slowing down the metabolism, and by storing whatever 'little' you ingest as fat…you know, for the ‘rainy’ day ahead. You’re better off boosting your metabolism by eating tiny meals say every 3 hours. What I do (ok try to do) is eat tiny meals and supplement with granola bars (yes I’ve acquired the taste) later, or eat my meals in two meals…half now half later. Avoid or limit the white killer foods like
Read more