Was Your Email Account Hijacked?

Category: Email

A reader asks: 'Can you please help me, somehow my email account got hijacked, and now all my friends are getting spam, FROM ME! I am always careful with my password. How could this have happened, and what should I do?'

Did Spammers Really Hijack Your Email?

The first thing to do is relax. It's quite likely that your account wasn't actually compromised. Spammers can use (or abuse) your email address without actually hacking into your email account. It is relatively easy to "spoof" an email address so that it appears a message is coming from one address when it was really sent from another.

(See Spammer Using My Email Address to learn more about how this can happen.)

If a virus scan shows nothing unusual, and you can still login to your email account with your password, then most likely no breach has occurred. But just to be safe, I recommend that you change your password, and security question (if your account still uses it). In the worst case, hackers can gain full access to your email account and major trouble ensues.

Email Hacked

It's possible for a hacker to change your email password so that you cannot log in to your own account. Then they can raid your contact list to harvest valid email addresses to add to his spam list. Also, the hacker now has access to all of your saved email, which may include sensitive personal and financial information. But it's more likely that a hacker will NOT change the password, to avoid the obvious red flag that would send. If you've been locked out of your own email account, contact your ISP, or use the "can't access my account" link that appears on the login screen to recover.

An email account can be hijacked in a number of ways. Phishing attacks in which a hacker subtly persuades a user into revealing login passwords are a common hijacking technique. A message, purportedly from your bank or other trusted partner, may tell you that a "security check" requires you to respond with your password. Such claims are always bogus; legitimate organizations never ask you to reveal your password via email, phone, or other means. See Spear Phishing and Internet Security for more on that.

Many forms of malware (viruses, spyware, etc.) attack for the purpose of gaining access to your computer, in order to enslave it in a botnet, and use it as a spam spewing device. This can happen without you even knowing, until people from all over the world start accusing YOU of being a spammer! See my related article BOTNET ALERT: Are You Vulnerable? to learn more about botnets.

Keylogger spyware installed on your computer can record every keystroke you type and send the results to a remote operator who can then read your password from the log file. There are several ways to detect and defeat keyloggers.

Password Safety Tips

Using the same password on multiple online accounts leaves all of them open to hijacking if just one account is penetrated. Be sure to use unique passwords on email, Facebook, eBay, online banking and other accounts. Storing passwords to other accounts in one place leaves you vulnerable in a similar way. If one account is hacked, a search through data stored there can yield several other passwords.

Failing to log out of an account when you've finished a session makes it easy for anyone who has access to the computer you used to hijack your account. Always log out of accounts accessed from shared computers, such as those in libraries, schools, Internet cafes, etc. A browser's auto-fill forms feature may reveal your password to someone who uses the same computer you use.

Password guessing is a brute-force hacking method that employs software to try random passwords until one works. Many email accounts go into "lock down" mode after a few failed password attempts, but if yours does not it's possible to get hijacked in this way. If you have a very weak or predictable password, it makes the hackers job that much easier. See my article Is Your Password Strong Enough? for tips on choosing a strong, secure password.

Server-level attacks against email providers, online stores, or financial institutions go after the password database, attempting to crack its security and harvest thousands or millions of email addresses and passwords in one swoop. There's not much you can do to prevent this type of attack except to host email only with a reputable service provider who pays attention to security, and use a secure password.

Network packet monitoring software can sniff out passwords sent over unsecured wireless connections. You should be aware of this type of attack if you use free wifi in a coffee shop, airport, hotel, etc. Use encrypted (https) connections when logging in or emailing over unsecured public wireless networks. My related article The Big Problem With Free Wifi Hotspot has some helpful tips on how to stay safe while surfing in Starbucks.

The very best thing you can do to improve the security of any online account is to use two-factor authentication. See my article IMPORTANT: An Extra Layer of Security to understand two-factor authentication, and how it can protect you even if someone has (or guesses) your password.

Oh, and it's okay to email all your friends and tell them you didn't send those spammy emails. Tell them to use the DELETE button, and the problem will resolve itself soon enough.

Has your email account ever been hacked? Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 24 Apr 2017

For Fun: Buy Bob a Snickers.

Prev Article:
The Best Mobile Network For You?

The Top Twenty
Next Article:
[ROOTS] Genealogy Research Online

Most recent comments on "Was Your Email Account Hijacked?"

Posted by:

24 Apr 2017

NO! It is NOT "...okay to email all your friends and tell them you didn't send those spammy emails." [pulling out a figurative gun from the desk drawer as an example] If your gun killed someone and you did not pull the trigger: That person is still dead and you ARE still the responsible party!
NO! It is NOT okay to "Tell them to use the DELETE button, and the problem will resolve itself soon enough." [pulling out a bullet from the same proverbial drawer as another example] Your ignorance for proper security (or lack thereof) should not burden those who respect their own privacy.
No excuse will (or should) change the root cause and/or the guilt source! Get a new email account and take some of the burden off the innocent.

Posted by:

24 Apr 2017

The one time I think my email was hacked I was using AOL! That was 20 years ago. I also got my first virus from AOL. When I became more computer savvy I left AOL and never looked back!

By using Outlook Express, back in those days, I found a whole new world on the Internet. I did start reading Bob Rankin when I had AOL. I am so glad that a dear friend sent a Tourbus newsletter my way. After reading my first newsletter, I was hooked and sign-up right away.

With Bob's helpful newsletters/blogs/articles, I learned what to do with my computer, especially for Anti-Virus protection! I also learned that Security is paramount for the safety of your computer. Once you learn why Security is so important - It isn't hard to research which Anti-Virus/Malware program is best for you.

My dear friend taught me about how a computer works physically. I started building my own computers about 2 years after purchasing my first in Sept. 1996. Since then, I have helped family and friends with their computers and built from scratch 12 computers.

Learning security software is not that hard. First of all, you need to know which ones Anti-Virus/Malware programs are in the top 5. Should you use their Free program or pay for their Premium program? I have had both Free and paid Premium. Right now, I am using Avast Free and my computer is protected.

I have been using Avast for a long time now. One thing that I have always loved about this program - The scanning of my email and letting me know the email is free of viruses, Trojan Horses, Worms and so on. When I send out an email, at the bottom of it, Avast lets the reader know that my email is virus free. Avast also lets you know that your incoming emails are virus free.

Read some of Bob's past articles about computer security and I think you will find some pretty good software to protect your email and whole computer. }:O)

Posted by:

George Roberts
24 Apr 2017

Three months ago my email was closed down because I had 4300 messages in it. All of them said the same thing. The provider had to delete all of them and I had to change the email password. The ultimate solution: A tougher passward

Posted by:

24 Apr 2017

I have read this before, about how email addresses may be spoofed without the account being compromised. I have never seen an answer to how the spammer gets someone's contact list without compromising the account. So, how does that work?

Posted by:

24 Apr 2017

"If a virus scan shows nothing unusual, and you can still login to your email account with your password, then most likely no breach has occurred. "
You can add an even bigger hint. Many times if you look at the email account vs the visible name, they don't match.

Posted by:

Steve Bohne
24 Apr 2017

You have to remember many times a spammer will use your name and email address in the head of the message making it appear as if it sent from you. However upon closer inspection there's a different email address in the header of the email. In other words they haven't actually hacked your account they're just using your name and spoofing your account. Also for the junior attorney who used the analogy of if somebody kills somebody with my gun I'm responsible. I'm sorry that's not accurate at all. The person that killed someone is responsible not the owner of the gun.

Posted by:

Dwayne Hunt
24 Apr 2017

I had my address compromised by a company that I had bought from online. The spammer got my email address from who ever broke into the company's account. I found this by doing a search on my email address and found a conversation between spammers and my address was in the list of addresses that they were discussing. Doing a search on your address enclosed in quotes can reveal some interesting results......give it a try.
Dwayne Hunt

Posted by:

24 Apr 2017

Check if you have an account that has been compromised in a data breach:

Posted by:

25 Apr 2017

Here's a conundrum: my father (deceased for 3 years now) recently had his email account used to spam his contact list (I know because I received an email (allegedly) from him - a cruel result of hacking). I physically dismantled his computer and destroyed the hard drive shortly after he passed, so none of the usual carelessness is to blame here. I can only assume his account was compromised somehow in some other way. How the heck does this happen? How do I intervene to prevent it from happening again?

Posted by:

26 Apr 2017

Melanie, I have 2 old AOL accounts that I use only for junk mail now and if I don't want to give out my actual address. I deleted all the contacts in the accounts, so if someone wants to get in, have at it, nothing to use. However, I do change the passwords about every 3-4 months. Keeps 'em guessing.

If you didn't delete your father's email account from the service he was using, then it's still live. If you can still access it from another computer, then go and delete/cancel the account, but not before clearing it out and deleteing all contacts. Only email addresses from internet/cable providers like Comcast or AT&T or whoever will dectivate an email address when the service is cancelled.

Posted by:

Bob Greene
26 Apr 2017

Good, comprehensive article. The major danger to those "spewed by spam" which appears to come from a familiar address is phishing. From an email recipient's single click on a bogus message, all manner of malware can be unleashed, and still other malware planted.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy

Article information: AskBobRankin -- Was Your Email Account Hijacked? (Posted: 24 Apr 2017)
Source: https://askbobrankin.com/was_your_email_account_hijacked.html
Copyright © 2005 - Bob Rankin - All Rights Reserved