I just found out that someone I know got Hacked and lost control of their email. This isn’t the 1st person I know to get their email hacked, in fact I get asked for help at least once a month from someone (clients, co-workers, friends, and family included) who needs help trying to get their email back. With our total reliance on email for our daily lives, trying to access your email one morning only to find out that someone else has changed the password on you and is can now go thru your digital life is both upsetting (insert expletive here) and be very scary as well.
Here are some steps from experience as to what you need to do both now and if this were to happen to you.
Now that you have a functioning email account -
1 – Find out if your email service has the ability to add a “Secondary account” notification. If they do, add a 2nd email address, and make sure that the 2nd email address is not on the same service as the email address you are trying to protect. What do I mean by same service, if your main email is …….@gmail.com (…… NULL. null@null gmail NULL.com), then when you add your secondary address set up or sign up for an address at Hotmail or Yahoo or with your local internet provider. Many of the people who have been hacked who have multiple addresses at on email provider lose access to all the accounts with that provider.
- In addition many sites like Gmail require you to know exactly what day you signed up for the service to confirm it is you who are the true owner. Look at the settings area of your email account (if you use services like hotmail, Gmail, or yahoo mail), it should say member since XX/XX/XXXX. You need to write down somewhere (that cant been seen be everyone else – See #4 for more) when you signed up for the service you are trying to protect.
2 – Many email providers also include the “Secret question or Secret Word” hints when recovering email address passwords. Do not use questions like “My favorite Disney character” with a response of “Mickey” or another one of my favorites “where do I work” with the response of “Boeing” your email ends in …@Boeing.com (… null@null Boeing NULL.com). I know its hard to keep track of all this passwords and information, but at the same time, when you keep the “Hints” simple, you also make it simple for someone else to figure out what the answer is and use that against you.
3 – Use a better password. SERIOUSLY THIS ONE GETS ME EVERYTIME…….I have had more than 1 person tell me that their password is 1234 and others someone tell me that the password was their 1st name, which also happens to be the name of the email address, so that had 1stname@yahoo (1stname null@null yahoo) with a password of 1stname. Passwords should look something like (EXAMPLE ONLY) ComPlicated1@ at minimum (Note the use of a couple of multiple capital letters plus a number plus a character). Some please actually change letters and numbers so that if the password actually looks like C0mP1iC@ted1 (C0mP1iC null@null ted1)@ (Note the use of zero and one instead of the letters and the @ sign instead of the letter a), however I will be the 1st to say that version may drive some people crazy trying to type it.
4 – DO NOT USE STICKY TAGS STUCK TO YOUR MONITOR OR AN 8×11 PIECE OF PAPER STICK TO YOUR WALL TO WRITE DOWN USER NAME AND PASSWORDS. (This one is for both home and business users) How many people may visit your house or work (anyone from the repair tech or babysitter at home to someone visiting your corporate office or even your co-workers), do you really trust all those people that much, that 1 of them couldn’t maybe while walking by or in the area of your computer see your sticky notes and then try to use them later. For years everyone has heard about how you should cover what you type when you are at the ATM so that anyone near you cant see what your doing, its the same rule with your passwords, get them out of the way.
5 – Many sites require you to sign up using an email address / password. If you have sites like that do NOT use the same password on the sites that you use on your email. Example, JohnDoe@gmail (JohnDoe null@null gmail) uses signs into email using ComPlicated1@ as his password. If you then sign up for Facebook for example with that same email address DO NOT USE ComPlicated1@ as the password on Facebook. Make it something completely different. The problem with using the same password on both your email and sites your sign up for, is that if the site you signed up for screws up or gets hacked, it could be very easy for the bad guys to get your information from that site and then have a free ride into your email.
6 – NOT 1 SINGLE SERVICE OUT THERE WILL EVER SEND YOU OUT A NOTICE THAT SAYS “WE ARE CHECKING OUR ACCOUNT INFORMATION, CAN YOU PLEASE RESPOND TO THIS EMAIL WITH YOUR LOG ON TO MAKE SURE WE HAVE THE CORRECT INFORMATION”. Your bank does NOT do that, your credit card company does NOT do that, your email provider does NOT do that. NEVER NEVER NEVER fall for one of those emails and respond back with your information. That also includes the government, you will NOT get your IRS refund check back sooner if you respond to that email about “We are the IRS and we need to confirm your banking info so that we may deposit your check quicker”. I know #6 is not only about emails but I think the example makes the point. Do NOT fall for it.
If you get hacked and lose access here is what to do -
I’m going to use Gmail for this example, but virtually all other services have the same features, you just have to look for the address for your specific service.
The following options are recommended by Google Support when your forget the Gmail password or if someone else takes ownership of your Google Account and changes the password:
1. Reset Your Google Account Password:
Type the email address associated with your Google Account or Gmail user name at Google.com/accounts/ForgotPasswd (https://www NULL.google NULL.com/accounts/ForgotPasswd) – you will receive an email at your secondary email address with a link to reset your Google Account Password.
This will not work if the other person has changed your secondary email address or if you no longer have access to that address.
2. For Google Accounts Associated with Gmail
If you have problems while logging into your Gmail account, you can consider contacting Google by filling this form (http://www NULL.google NULL.com/support/accounts/bin/request NULL.py?service=mail). It however requires you to remember the exact date when you created that Gmail account.
3. For Hijacked Google Accounts Not Linked to Gmail
If your Google Account doesn’t use a Gmail address, contact Google by filling this form (http://www NULL.google NULL.com/support/accounts/bin/request NULL.py?hl=en&ctx=accounts_hc&contact_type=hijack). This approach may help bring back your Google Account if you religiously preserve all your old emails. You will be required to know the exact creation date of your Google Account plus a copy of that original “Google Email Verification” message
File this under the category of “REALLY!” . The following email which was received by Tech Geek and More friends over at (LINK) zombiepancake.com (http://www NULL.zombiepancake NULL.com/) claims to be from a “Funds Clearing” and looks fairly official (At least these guys had spell checker). The email below is exactly as sent except for 2 changes, specifically to omit links, as I’m not trying to help them in their ways. Here is the MILLION DOLLAR ATM email – 
