Email Viruses, Worms, Malware and Other Things That Go Bump in the Night!!

By Jesus Espinoza

October is National Cyber Security Awareness Month and what perfect timing to launch our first monthly Cyber Security newsletter article. This article is the first of many to come providing tips and information relating to Cyber Security. The goal is to create and maintain a Cyber Security awareness to continue to keep our kids and staff safe and secure while using technology in the learning environment.

This Month’s Topic: What to Do When Your Email Gets Hacked.

No one really expects their email to get hacked or compromised.   You have been using your email account for years with a “good” password and nothing has ever happened before. Then one day you try to access your email and your login and password don’t seem to work.  A few moments later you start receiving calls from your friends asking why you are sending unusual emails about a trip you’re taking or a great web site you want them to go check out. You start to put two and two together but before you even come to the conclusion, your phone rings with a somewhat familiar voice on the other end. It’s your computer security person informing you that your email has been compromised and you are now spamming everyone in the organization. It’s bad enough you were hacked but now you’re made to feel like a pariah within your own organization. So what can you do besides trying to hide under your desk in shame?

Before we go into what you can do, let’s first examine how you might have gotten there in the first place because being singled out as an email spammer is the least of your worries.  Most people do not realize how much data and information can be gained by hacking an email account. The scariest part in this whole situation is that the hacker can remain anonymous and simply sit back and collect information without the user ever knowing it. So what kind of information are they gathering from your email account? Let’s see if some of these things ring a bell.

  • Your Google accounts
  • Skype, Messenger and other chat accounts
  • The photos you have emailed to friends
  • Any voice calls going to your email
  • Facebook, Twitter and other social media accounts
  • Department store account information
  • Bank and billing accounts
  • Doctor and other health information
  • Software license keys
  • Sensitive work documents
  • Resumes and applications
  • File hosting accounts

The list above is not all inclusive and most users have stored some of that information in an email at one point or another.

The key to not becoming a victim of an email hack is to be alert and look out for suspicious email asking for personal or user account information. Other types of suspicious emails might contain promotions with offers too good to be true. Often these emails will include a web link in the body of the email for users to click on. You should never click on an email link unless you have verified the sender or know for sure the email is legitimate. Another technique hackers use is fake email accounts that trick you into thinking it’s coming from your helpdesk or system administrator asking for account information. If you receive such an email, make sure you call your helpdesk directly to report it. School district personnel will never ask for your account credentials over email. 

Another way to keep your email account safe is to change your password regularly. A good rule of thumb is to change your password at least once a month. Make sure you use passwords that are not easy to guess and not tied to pet names or names of family members. Come up with a phrase, and then use the first letters of each word in your phrase to make up your password. Use a mixture of uppercase and lowercase letters to include numbers and special keys on the keyboard.

You should also try to avoid keeping email with sensitive or personal information in your inbox or sent items folder for too long. Make it a practice to review your inbox and sent items folder every so often and delete items containing information you wouldn’t want falling into the wrong hands.

Remember to always be alert and take notice of any strange things happening with your email. Look out for things like your email becoming too slow, or if you constantly get logged off.  Learn to recognize suspicious emails with offers or promotions from senders you don’t know. If you suspect or experience any of the above, contact your helpdesk or security personnel immediately.

I Got Hacked, Now What Do I Do?

Once it’s confirmed your email was compromised, the first thing to do is to immediately change your password if you still have access to your account. In some cases the hacker will not change your password in order to eliminate suspicion and buy time to gather all your data. If you discover it’s too late and the hacker has blocked your access, contact your helpdesk to request a password reset. If you have used the same password for other accounts, make sure you change those account passwords as well. After changing your password, run an antivirus scan on your computer to check for any malware that might have infected your computer as a result of the hack.

Check your email settings for any forwarding rules that might have been put in place by the hacker. If you use a signature block with links, ensure those links have not been compromised and redirected to a malicious site.

Finally, continue to monitor your email for the next few days and look for anything out of the ordinary. Increase the frequency of your scans for at least a couple of weeks until you feel sure your system is clean.