Top 5 tips to prevent your email from getting hacked

EQ Admin

EQ Forum Admin
Staff member
Hello,

It takes a conscious and ongoing effort to protect your email accounts from the latest internet threats. Hackers, phishing scams, insecure internet connections, untrusted computers, and user error can all lead to your accounts getting hacked or abused by spammers. The following are our top 5 tips for helping to secure your email accounts:
  • The latest threat is a publicly available plug-in for Firefox called Firesheep that allows hackers to steal your account login information out of the air while you are connected to unencrypted open wireless networks. This new tool has been covered on several sites including this review. The source of the problem is a combination of easy access to the data in your internet connection while you are connected to the open wireless networks and the fact that many large web sites still do not use HTTPS to help secure the connection between your computer and their web sites. For some sites such as Facebook and Hotmail there isn't much you can do. For other sites such as Gmail you can configure your connection to always use HTTPS. To check your configuration in Gmail click Settings in the top right of screen, then under the General tab select Always use HTTPS for your browser configuration setting. Don't forget to Save your new setting!
Gmail Always use HTTPS.JPG


It is easy for concerned Hotmail members to switch to an email service such as Gmail if they would prefer to use an email provider that supports HTTPS for all web pages. For more information on migrating from Hotmail to Gmail please see this guide - How to read your Hotmail emails from your Gmail account | Email Questions
  • Install firewall, anti-virus, and anti-spyware protection on your computer and keep them up to date. Automated updates for your virus scanner and regularly scheduled full scans for spyware is best. Windows users with newer computers can get Microsoft Security Essentials. Some commonly used standalone programs that can be used include Avast Anti-Virus and Malwarebytes.
  • Avoid logging into your accounts from untrusted computers. Untrusted computers include any computer that you do not maintain yourself. This includes high risk public computers such as the computers at your local library, but also includes computers that belong to your friends and family that could already be infected with spyware.
  • Create strong passwords and security questions & answers. Use different passwords for your accounts. Change your passwords at regular intervals such as every 6 months. Strong passwords have a variety of characters including upper & lower case letters, numbers, and punctuation/symbols that when put together do not spell English dictionary words. For your security questions and answers do not use publicly available information such as answers you may already have been tricked into providing in facebook quizzes from your friends. It is OK to create a fake identity for yourself and have questions & answers that are not really true and can not be researched.
By following these suggestions it should be far less likely that your accounts will be compromised.
 
Last edited:

EQ Admin

EQ Forum Admin
Staff member
As of Sunday November 07 2010 there have already been 649,189 firesheep downloads
 

EQ Admin

EQ Forum Admin
Staff member
As a followup to the Firesheep/Facebook issue in #1 above Facebook now allows you to use https whenever possible within their system and receive an email alert when a new computer logs into your Facebook account.

Facebook Account Security Settings.JPG

To configure the new settings go to the top right of your Facebook, click Account, and select Account Settings. On the settings page that appears go to to the Account Security section and click the change link to update your settings for https and email alerts. Don't forget to click Save when you are done!
 

EQ Admin

EQ Forum Admin
Staff member
A couple more issues to keep in mind :

Rogue Access Points
A common, simple strategy for opportunistic attackers is to entice victims to connect directly to their laptops over Wi-Fi by configuring their machines to act as rogue soft access points. Easily established, a rogue access point acts as a node in an ad hoc peer-to-peer network, becoming a bridge between victims and a real access point...



Evil Twin Attacks
The Evil Twin is a related form of attack that relies on the fact that operating systems often remember users' preferred Wi-Fi networks and attempt to auto-connect to them the next time they come into range. By capturing and rebroadcasting an identical network SSID (that’s to say, the name of the open Wi-Fi network), an attacker with an access point in his laptop can fool his victim’s machines into connecting to his device instead of the legitimate hub...

source: How Logging On From Starbucks Can Compromise Your Corporate Security | SecurityWeek.Com
 

CarlS

Valued Member
Two ways of hacking an account that haven't been mentioned

Hey there Popowich...

I would say the most common way of hacking someones mail is the use of the password reset function in many mail services whereas if the user forgets his/her password s/he kan reset it by answering a personal question which answer was given when the account was registered.

Usually people pick very easy to guess answers, questions like "What is my favourite food?", "Whats the name of my dog?" or "Where was my mother born?" are not good since there are a limited number of dishes, some very common names for dogs and where someones mother is born is sometimes even public record. These are just some examples I've chosen to illustrate the problem. Do note that someone who tries to hack an account usually know the owner of the account hence having more information than any random hacker.

Another common way of hacking email accounts is the password reset function which deals with sending a reset email to the email account which was used to register the new account. This is especially common with Gmail-users who transferred from Hotmail. The hacker asks to reset the password of the Gmail account by having a reset email sent. Gmail will show what address Gmail sends the reset email to but replacing the first letter in it with stars. Usually one can make out what address it is. Then all one has to do is to look if that address is available and register it!

The remedy for these things is to have an unrelated answer to the reset question or let it be something only that person could ever know and to make sure that ones email account does not have an old email address noted as a reset address.


/Carl
Who have hacked numerous of accounts including international celebrities this way... :innocent:
 

foggy

Valued Member
Sage advice, Carl ! Fortunately, I have gotten in the habit of using a passcode quality answer even for my security question. E.g. if the security question I chose is "What is your favorite cousin's name ?" I would answer something like: g@1#p2B (which is actually "Green Acres is the place to be" -- a nonsense answer, as far as that question is concerned -- made even more 'secure' by being "converted" into passcode).

So, maybe... maybe... I'm safe from your wiley hacking ways ! ;)
 

EQ Admin

EQ Forum Admin
Staff member
Good timing on this discussion restarting. Keep in mind there is a difference between random answers and fake answers. I'm all for creating a fake identity of sorts that is used as non-public answers to commonly asked questions. One of the kids had completely random information for their Yahoo account, forgot the password, and lost access to the account.
 

EQ Admin

EQ Forum Admin
Staff member
Another tip is to hover over links and verify the destination that shows up in your status bar matches the linked text and makes sense for the site you think you are visiting. Always be careful about the links you click!
 

julialloyds45

Greylisted
5 steps for securing your email account after it’s been hacked.

1. Configure that Internet connection always uses HTTPS.

2. Use the two step verification if possible like on Google

3. Change the security questions and answers.

4. Check the backup email address.

5. Finally, change to a really good strong password.


 

EQ Admin

EQ Forum Admin
Staff member
On the settings page that appears go to to the Account Security section and click the change link to update your settings for https and email alerts. Don't forget to click Save when you are done!
 
Top