Email Hacked
Email hacked: a reader asks…
Hi Chris, I’m worried about my email account. Some folks have told me that they received weird emails from me. What should I do and how can I stop this?
The first thing you should do is change your email password. I have some instructions on doing that in this article. Do this right away! Click the link (or picture) which will open the article in a new window, follow the instructions, and then come back here for more info. I’ll wait.
Ok, now that you’ve done that, let me tell you that first off, those weird emails almost certainly didn’t come from you, and your friends already know this. It is absurdly easy to fake a From line on an email. Most email programs like Outlook will let you put anything you like in the From line. Many free email services will also let you send mail as if you were someone else without having to prove you are who you say you are.
I get emails daily from myself! Most times the name is mine, but the actual email address (which might not even show in the From line) is different. These fake emails are pretty easy to spot. In most cases if you hover your cursor over the name, the actual email address will show up. This is similar to hovering over a hyperlink in an email, the actual hyperlink will appear either as a popup/tooltip or show up on the bottom-left of the window. But sometimes it’s not so easy to tell the email is fake because some email service providers don’t do any identity verification at all, so anyone can send email out using whatever From address they like.
In that case, the only ways to tell the email is fake is either to glean from the content of the email that it isn’t the person you expect, or to examine the hidden coding behind the email. The latter is called “headers” or “properties” of the email and can be difficult to figure out where the email actually came from.
So remember the first thing I told you was to change your email password? That’s because there is also a possibility that someone managed to hack into your actual email account and is using your email account to send spam, malware or other fake emails in your name. If, after changing your password your friends say they aren’t getting any more emails from you, then that is a more likely possibility. And even if that wasn’t the case, it’s always prudent to change your email password anytime there’s a possibility that your account was hacked.
If you don’t change your password, it’s possible that the person who hacked your account can not only change the password (locking you out of your own account), but also change other information on your account. Such as security questions, recovery email addresses, and other personal information. Because of the lax method of proving identity online (such as email accounts), you can forever lose access to your email account. At that point, your only recourse is to create a new email account elsewhere. Be sure to take pains to prevent that account from getting hacked.
The first step in protecting your email account is using a strong password. Forget all the rules about using different kinds of characters (unless your email service provider requires it) – focus on password length. The longer the better. You could choose four or five random words strung together to make a really long password that will be almost impossible for someone to guess. When I say length, I mean 20 characters or more. Don’t worry about how hard that is to type, your computer, smartphone or tablet can remember it for you (but be sure to record it somewhere so you don’t forget it).
The next step is to turn on 2-factor authentication. The exact method for this is unique to each email service provider, but a quick internet search for “[your service provider name] 2-factor authentication instructions” should get you the right process. Doing this requires that you have a mobile phone that accepts text messages, or a smartphone that can run an app like the Google Authenticator. The result of either is a multi-digit, one-time code that you have to provide in order to log into your email account. Read more about 2-factor authentication in this article.
The third step is to make sure that your password recovery information is set. Depending on the email service provider, that can mean answering some security questions, or setting up a recovery email address. If you forget your password, you can recover access to your email account either by correctly answering the security questions, or by receiving an email at the recovery email address with a link to recover your primary email account. Don’t neglect this step, or risk losing access to your email account.
Lastly, you asked about how to stop someone getting weird emails (ostensibly from you). The problem is that there’s not much you can do to stop it. All some spammer or hacker needed was one-time access to your address book or the address book of anyone you know (or any one of a hundred other ways), and they have an instant group of ‘friends’ to which they can send spam. Trying to track down the real origin of all this junk email is an exercise in futility – there’s just too much junk out there and the internet’s protocols for using email were never designed to validate identity.
But changing your email password is always the prudent first step. Nowadays, your email account is the control for all your other online access in your digital life. Every place you go has a ‘forgotten password’ feature, and the most common action this feature takes is to email you a password reset link or a temporary password. So if someone has access to your email account, they can get into everything else in your digital life.
This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via:
or by mailing a check/cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thanks!