If you get a call from your coworker asking about a weird email that you’ve sent – and you definitely did NOT send them anything – it’s likely you’ve been hacked. Don’t panic! There are a few basic steps you need to take, but it doesn’t have to be a disaster.
Contain the Breach
Before anything, change your password! It is important to remember to avoid using very short passwords or ones you use for other logins. While doing this, it’s also worth turning on two-factor authentication, which will allow you to use something such as your phone number to provide an additional layer of security to your account. Next, it is very important that you “sign-out everywhere” to make sure that no one with unauthorized access is still logged into your account somewhere. For Office 365 accounts, use this guide to quickly sign out everywhere.
You will also need to notify everyone in your organization that you’ve been hacked ASAP – it is highly likely that other accounts in your organization have been breached as well. If it is immediately obvious that multiple email accounts have been hacked in your business, you’ll want to contact professional IT help right away. Hackers are good at covering their tracks. They will usually create rules or even new admin accounts that, at best, will give you headaches later on, and at worst, allow them to retain access to your organization. It’s also a good idea to let all of your contacts know that you’ve been hacked and not to open any emails they’ve received from you recently. It’s highly likely that any malicious emails sent from your account would be deleted by the hacker on your end to alleviate suspicion, so you can assume that malicious emails were sent out even if you don’t see them in your “sent” box.
Prevent future attacks
Make sure your computer is up-to-date and do a virus scan on your computer as well. Routine updates for your computer often have important security updates, so going forward you’ll want to ensure you have automatic updates enabled for your system.
Once the immediate threat has been taken care of, think: Did you reuse your email password anywhere else on the web? If you’ve used that password for other accounts, consider them compromised as well. Changing all of these can be a hassle, so we recommend using a password manager to make this process as easily as possible. A password manager like LastPass or Keeper will randomly generate ultra-secure passwords and remember them for you so you don’t even have to type them in when logging into your accounts. It’s also worth updating your security questions, especially if your security questions use easy-to-guess information.
If you’re worried that you missed something or don’t want the burden of dealing with this yourself, please reach out to us! Because it is so common for hackers to make new rules and generally mess with the various setting within accounts, your safest bet is to have a professional perform an analysis to ensure the breach is contained. Our techs at KNS & Sequim IT deal with hacked email accounts very, very often, and will be able to quickly get you back in action.