A friend of mine had her Hotmail account hacked today. A message went out to everyone in her address book, telling them she had been mugged in London, and could they possibly help her get back to the states? Needless to say, she was safe and sound in New York. However, scams that prey on your personal contacts are incredibly effective for quick scams. So, what can you do if your email account is compromised by scammers or hackers?
1. I can't overstate enough the importance of good, single use passwords for your email account. Keeping people out of your account will always be the best way to protect yourself.
2. Assume you won't have access to your primary email account. The first thing the scammers did was change the password on her account, so she couldn't log in. She had a second account set up, so she could still access her email, and tell people that she was ok. As a Pobox customer, you can always send mail out through us. You can also forward mail to more than one account. And, of course, if your forwarding address is compromised, you can always log in to your Pobox account and change where we send it (or keep it with us by upgrading to a Mailstore account.)
3. Make sure you have a copy of your contacts on your computer. Especially if you use a webmail provider as your primary email account, you may have many addresses that only appear in your online address book. Keeping an up-to-date copy on your computer means you can tell as many people as possible that everything is OK. (Find out how to export your contacts from Gmail, Yahoo! Mail and Hotmail.)
4. Set up security questions for all email accounts that are open. The scammers in my friend's case used her old Hotmail account, which was still active, even though Gmail is her primary email address now. She has still not been able to get back into the account, because she did not have secondary verification information set up. Update your Pobox security question.
5. Shut down your old accounts. An account you don't log into is the one you won't notice getting compromised, until someone calls you from out of the blue to tell you you're spamming them.
What should you do if you get an email from one of your contacts, asking you to send them money in a hurry? The best and easiest way to verify that they're ok is, as AT&T used to say, "reach out and touch someone." Pick up the phone and call; until voice replicators become common, someone's voice will be the hardest thing for a scammer to fake.
Getting hacked can happen to the best of us. Open wireless networks, getting online in a cafe, using an open terminal to print out a boarding pass from your hotel -- there are many, many ways a malicious user could get access to your password. Taking some simple steps now can help take the pain out of recovery if something should happen in the future.