Phishing, Spyware or Malware. Hacking, Compromised and Spoofing
We all communicate via email these days, it is a normal part of life. However, access to your emails can occur in many different ways. A fraudster can compromise your account without you knowing, accessing not only your personal mail but sending our further emails to your contact list which contain Spyware or Malware, hoping to infect your friends and family mailboxes.
Look for the warning signs that might indicate that a fraudster may be accessing your account.
- Your contacts receive odd messages from your e-mail address.
- You do not seem to be receiving any e-mails.
- You are not able to log into your e-mail account.
- Unknown e-mail appears in “Sent Items” folder.
Here is how fraudsters could gain access to your email account;
Phishing
Fraudsters send out thousands of email in the hope they will catch someone, who will open their mail, and reply to them or click on a link sent in the email.
Once they verify the email address is correct, they target the victim with specific emails which have Spyware or Trojan software, in an attempt to take-over someone’s computer or email account.
If the victim clicked on a link in the email, it will take them to a website which will download the Spyware, without them knowing. The site may be a simple sales sites for products the victim does not wish to buy, but the damage is done.
Hacked / Compromised
This is when the fraudsters have your email password and have taken control of your email account. If they have not changed the password, you must regain control by setting a new password and set-up a new email address.
What to do if your e-mail account is compromised
If your email account has been compromised (or ‘hacked’), it is essential that you first disable your email account to prevent hackers from using it to commit fraud. Changing your password is a critical first step to buying some time but by itself will not be sufficient to prevent the account from being compromised again.
Unless you have access to the technical skills and knowledge required to make sure that your compromised email account can be re-secured, it is recommended that the email account is disabled and shut down and a new one created. This is because a fraudster could have changed background settings, recovery questions and email addresses, or set rules to enable them to receive or hide emails arriving in your account. This would enable them to continue monitoring your emails or even to take over your account again.
Please follow the following simple steps to disable and delete your compromised email account.
You should also check any advice provided by your email service provider:
- Inform all of your contacts that your email account has been hacked and they should no longer send emails to this account (use a different email account to do this, not the compromised account). You should ask your contacts not to accept or respond to any emails from your account, including information requests, clicking on any links or opening attachments.
- Immediately change the password of your email account using a strong password (avoiding familiar words, numbers and places and using a mixture of upper and lower case letters, numbers and special characters of at least 8 characters in length). By itself, this will not permanently secure the email account, but it will enable you to follow the process to delete it completely. Do not use the same password for multiple online services as this makes the hacker’s job much easier.
- Review any emails or information stored in the email account as they could have been read or copied by the hacker – for example, password reset information for a different online service or correspondence with financial institutions. This may prompt further action such as re-setting passwords elsewhere.
- Follow your email service provider’s procedures to delete the account. Depending on the provider this may be possible from within the account or you may need to go to a separate account management/termination page to do this.
Some email providers do offer the option of having an extra level of authentication (2-Factor), for example by having an authenticator application on your mobile phone or sending you a code via text message (SMS). It is recommended that you consider using these services when setting up your new email account or to further secure existing accounts.
Spoofed Email
Businesses suffer from this, but it also affects individuals, hurting them financially.
A business may receive an email from one of their regular suppliers, which advises that they have changed their bank account. When the business pays the next invoice, the money will be transmitted to the fraudster.
The business did not realise that the email was from the fraudster and the email address was slightly different
i.e. ASolicitor.com, when the real address was ASolicitors.com
A small mistake that costs a lot of money. All the fraudster had to do was email the real Solicitor and pretend to be a potential client and when they replied, the fraudster had the letterhead supplied to create a spoof email.
The same happens to consumers. The fraudster may have been tipped-off that you are about to spend a large amount of money and they have been given your email address. They know who you will be paying, so they can create the spoof email. All they have to do now is send you that request for payment and their bank details.
See more information – Invoice Fraud