How to fix and prevent hijacked email accounts. A hijacked email account is when someone else illegally logs into your email account to read your email, send their emails as if they come from you and access your address book or list of contacts.
Hijacked email accounts are commonly used to send out spam emails and viruses – including to the friends in your address book (which they will not thank you for!)
How Do They Hijack My Account? Online email access (webmail) is growing in popularity and even if you download email into programs like Outlook or Windows Mail, it is likely that your email account can also be accessed directly via a website (e.g. the webmail site of your broadband provider or an online service like Hotmail).
All someone needs to access your account via webmail is your email address and email password – they can then log in to your email account pretending to be you and use it as they wish. Your email password is typically found by what is called a ‘brute force’ or ‘dictionary’ attack – a computer program throws thousands of possible passwords at your email account until it guesses right (the password is accepted) and access is then gained to your email.
This can be all too easy because so many people still have email passwords that are very ‘weak’ i.e. easy to guess like ‘password’ or ‘123456789’…
How Do I Know If My Email Has Been Hijacked?
- Friends in your contact list receive emails from you (which may contain viruses or spam) even though you did not send them.
- You receive replies to emails that you did not send.
- Emails in your inbox have been deleted or emails appear in your ‘sent items’ box that you did not send.
- You can no longer log into your own account because the email password is not recognized (the hijacker has changed the password to a new one to stop you getting into your own account and fixing it).
How To Fix It?
1. If you can still log into your account, do so now and change the email password to a strong password – follow the guidelines to ‘Prevent Hijacking‘ below.
2. Most email accounts provide additional security options for memorable info/answers that you can use to reset your password if you forget it – change the info/answers to something else. This prevents a hijacker using the old info/answers to reset your new password to another one (giving them access, locking you out and starting the problem all over again!)
3. If you cannot log into your account because the hijacker has changed the password, try to reset the password using the security options for memorable info/answers. Then follow steps 1 and 2 above.
4. If you cannot reset the password because the hijacker has already changed the security options as well, contact your email provider and ask them to reset the password to allow you access. Then follow steps 1 and 2 above.
How To Prevent Hijacking In Future
I can’t say this often enough – choose a strong email password to make it very difficult or impossible for someone to hijack your email account, even using advanced password cracking programs.
Tip: Strong passwords are important for email but the idea of strong passwords applies equally to any type of online transaction such as online banking and shopping. However, don’t use the same password on more than one website or email account because if just one is hacked then effectively they all are!
- The keys to password strength are: length and complexity
- An ideal password is long and has a mix of upper (capital) and lower case (small) letters, punctuation, symbols, and numbers. Whenever possible, use at least 14 characters or more.
- The greater the variety of characters in your password, the better. Use the entire keyboard, not just the letters and characters you use most often e.g. 12345678 or jonathan are very weak passwords (only 8 characters and all the same type) so are very easy to guess. However, the password ?lACpAs56IKMs” is very strong because it has lower case and upper case letters, numbers, punctuation and symbols.
See Microsoft’s helpful guide here on choosing and remembering a strong password.