Last Thursday night, after I had finished writing Tech-Knowledgy: iPad De-tech-tive, Twitter Help and Email Tips!, I checked my personal Yahoo email and found that my account had been hacked (Important note: the hack was only of my personal email, not of the email for The Wonder of Tech, which is completely separate from my personal email account). I have had this Yahoo email account for nearly ten years and have never had it hacked before.
When I discovered the hack, I was shocked and upset to realize that everyone in my address book had received an email from my account with a suspicious link. The email contained no text in the subject line and no text other than the link in the body of the email. Clicking on the link revealed a blank page, leading me to believe that the hack was to phish for active email accounts. (See, Being a Parent De-tech-tive at the bottom of the post, for an explanation of phishing.)
How I Knew My Email Was Hacked
When I opened my inbox, I saw lots of notices of undeliverable emails:
Because I hadn’t been sending emails to anyone since earlier in the day, these notices alerted me that someone else had been sending out emails from my account. My inbox also contained reply emails from friends asking whether I had sent them this email which was helpful because I could then see what had been sent. I also received two text messages from friends to alert me that my email account had been hacked.
I also noted that none of the spam emails appeared in my Sent folder, so checking my Sent folder would not have warned me about the hacking.
What To Do If Your Email Has Been Hacked
1. Change your password on your email account. As with any situation, the first step is to prevent further damage. I had lots of emails from people saying that their email accounts had been hacked and that they changed their password which solved their problem.
2. Add a phony email address to your list of contacts: email@example.com. This email address will likely be the first contact alphabetically in your address book, so will be the first recipient of a spam email from a hacker. You will receive a mail failure notice immediately that the email wasn’t delivered. This is also a quick way of checking to see whether changing your password on your email account was effective.
3. Run your antivirus program on your computer (Norton, McAfee, AVG, etc.) to be sure your computer isn’t infected.
4. Write to everyone in your contacts list to let them know that your email was hacked and warning them not to click on the link of the previous email:
- Make sure to send the messages to your contacts by entering their email addresses in the BCC line of your email so that you are not sending out people’s private email addresses to others. (Put your email address in the To line.)
- Only send your message to about ten friends at a time so your warning email doesn’t end up in their Spam folders.
- Unless your email account is very new, you will probably have people in your Contacts list you haven’t been in touch with for a while. If someone is still in your contact list whom you would rather not contact again, such as your ex-spouse, you may feel uncomfortable sending this email, but do it anyway. The Golden Rule applies here.
What To Do If You Receive an Email You Suspect Is Spam
If there is no text entered in the subject line and no text in the email other than a link, do not click on the link. You can write back to the sender to ask if they sent the link and if it is safe to click on. This alerts them if their email account has been hacked. If they really did send you the link, you should advise them always to enter a subject line and some relevant text so you know that the email is legitimately from them. If you don’t hear back from them, delete the email. But never click on a link you suspect may be spam.
What To Do If You Click on the Link
If you click on the hacker’s link:
- Note the site where you are taken. Take a screenshot of the site (see Smile! It’s Awesome Screenshot Time! for instructions on how to take a screenshot).
- Change your email password.
- Add the firstname.lastname@example.org contact to your email account.
- Run your antivirus program.
- Clear your cookies and cache.
- Let the sender know that you clicked on the link so she can keep track of what happens to people who click on the link and then contact you later if she learns any further information.
- Watch for spam email being sent from your account.
- Watch for phishing emails to be sent to your account (see, New Phishing Attacks Look Just Like Apple)
Don’t feel ignorant if you click on the link. At least one highly tech-savvy person clicked on the spam link that was sent out from my email account. It can happen to anyone, the important thing is taking proper steps when it happens.
How It Happened
My tech-savvy friend called me after he clicked on the link and belatedly realized it was spam. Between the two of us, we figured out how this hacker was able to get into my email account. Earlier in the week I had changed my email password (ironically to prevent things like this happening!). I was getting my car serviced at a dealership on Thursday and logged into my Yahoo account with my iPad over the dealership’s unsecured Wi-Fi network. That was a big mistake and I should have known better. I would have paid closer attention if I had been been doing something like online banking, but I just wasn’t thinking when it came to my email account. And, yes, I feel horrible that my friends were sent spam due to such a stupid move on my part.
The good news is that I learned a valuable lesson: never log in to any of my accounts over an unsecured Wi-Fi network.
The other good news is that I reconnected with some people I hadn’t seen since I moved to London. Many people wrote back letting me know that they hadn’t been fooled by the spam and catching me up on their lives. One very special email I got was from the person who first recommended that I get a Palm Pilot many years ago, launching my interest in electronic gadgets.
I even got a new subscriber to The Wonder of Tech from someone who accidentally clicked on the link and then told me she needed to get more up to date on her tech knowledge. But I don’t recommend this way of getting new subscribers, especially to tech bloggers!
And I was inspired for writing this blog post which I hope will help others avoid this situation or know how to deal with it if it happens to them.
If your email has been hacked, don’t panic. Take the steps listed above to protect yourself and to let your contacts know what has happened. If you receive an email from a hacked account, don’t click on the link, instead inform the sender that their email has been hacked. If you clicked on the link, take a screenshot of where the link sends you and inform the owner of the email account that sent the link. And, above all, don’t log into online accounts over unsecured Wi-Fi networks.
Has your email account ever been hacked? How did you handle it? Have you ever clicked on a spam link? What happened when you did? Let us know in the Comments section below!
* Image by Vern Hart
** Image by Leonard Lin