By Doctor Security
Recently, a friend of mine had her email account compromised and it was being used to spam everyone on her contact list. I received the email (as did multiple contacts per the header). It had an odd subject line: “Huluky Dakay” and the message was “Check this out” with a link.
Normally, I smell spam from a mile away, but my guard was down because my friend works in the security software industry and I assumed what she was sending me was a link to some event she wanted me and other friends to attend. Yes, even the hyper-security conscious people like me can be induced into clicking on a bad link.
The link took me to a “Canadian discounted drugs” web page. Dang! Immediately, my concern was that I had just opened myself up to a drive-by-download of malware. I did a quick security scan and found nothing amiss, so I may have been spared the hassle and embarrassment of having my email account compromised.
Obviously, my friend was upset when she found out that her contacts were receiving spam sent from her HotMail account. She’s not sure how it happened, but she admitted her password wasn’t strong as it could be (ideally: at least 8 characters long with a mix of numbers, letters and special characters). Now, she needed to know quickly what she should do to stop the spamming and get her account back under her own control.
Here are the steps you should do immediately upon learning your email account has been compromised:
1. Change the account password and make it an extremely difficult one
2. Confirm that the “alternative email address” is your other email and not a stranger’s, so the hacker isn’t notified of the password and other changes you make
3. Change the answers to security questions
4. Change any other information that your email account administrator would use to verify the account
5. If all these efforts fail, open a new account, notify the email administrator and your contacts, and closed down the old account, if you can
As always, the best protection from malware and other online attacks is to have a strong two-way firewall and robust security software.