- Introduction
- Preventive Measures
- After you've been hacked
- Conclusion
- Links
- View All
Recovery
Not all hackers will get into your account and lock you out. In fact, he or she may snoop around and then leave to come back a few days later, and you would never know someone else has been in there.
The first thing to do is verify somehow whether you have been in fact hacked. Here are a few things to check.
- Do you have email that’s marked as read but that you’ve never seen before? This happens when the hacker reads your email and then forgets to mark it as unread.
- Have your contacts received any strange email supposedly from you? If you save all your sent email, you can also check your “Sent Items” folder for any mail that you didn’t send.
If you find the answer to either of the two above ‘yes’ then change your password immediately. Use a strong password that the hacker will not be able to guess or crack again. That should eliminate your problem for now.
However, if the answer to the above was ‘no’ and if you still suspect someone has been poking around, you can set up an intruder alarm in your inbox that can alert you if anybody reads it. You can read more about this trick at makeuseof.com.
Many hackers though, tend to lock the original owners out once they’re in and if that has happened to you, there’s a different path to take. If you’ve noticed this recently, there is still a chance that your alternate email address or secret question/answer has not been changed by the hacker. Try to recover your password via the “forgotten password” feature and if it works, you’re lucky. Change your password to lock the hacker out and you’re good to go again.
If that doesn’t work, however, this means the hacker has changed the password recovery methods and you can no longer get in that way. In this case, the first thing to do is inform as many people in your contacts as you can that your email address has been hacked. For this, it’s a good idea to keep a backup copy of your online contacts list on your computer – most services allow exporting the contacts list in CSV format that is cross-compatible.
The next thing you have to do is contact your email service provider about your problem. Include as many details as you can and be ready to verify your identity by any means possible. Whether or not you’ll get your email address back depends on how accurately you provide ownership details such as emails of a few of your contacts, date of account creation, last successful login etc., so you might want to take a note of these now if you ever need them.
Below I will cover the three most popular web mail services and how to recover an email address that has been compromised.
- GMAIL: If the hacked address was a Gmail account, there is a page where you can contact Gmail Support about the issue; they will try to verify ownership and if that is done, give the account back to you. Some things they might ask are:
- Which Google services you use with the account in question (Orkut, Blogger, Google Apps, AdWords, YouTube, etc.) and the dates you started using them.
- Last successful login date
- Account creation date
The Official Google Blog has a series on online security that’s also great reading. One post of special mention is some things they advise you to do if you can’t access your webmail.
- HOTMAIL/WINDOWS LIVE: If your account is Hotmail or Windows Live, you can report about the issue to Microsoft and they will try to help you recover it.
- YAHOO! MAIL: For Yahoo users, visit their help center and try to get your password recovered by answering a few questions like your birthday, zip code, etc. that you had provided to them when signing up.
It’s important to note, though, that there is no guarantee that the service provider will be able to hand the email address back to you — and that is mainly because they have to make certain you are who you are, and that you are, in fact, the original owner of that address.
When you get your account back, change your password, be thankful and start to be more careful.
If however, you’re unable to have your account recovered, it would be safe to say that your account is gone and won’t come back. I’m sorry. If you get to this stage, the best thing to do is start afresh, inform everyone of the incident and proceed to edit all your other information with other online services to reflect the change.
If you did not have a backup of the data in your email, I’m sorry again. You can read the Backup section on the previous page to set up a system so this does not happen to you again.
Identify
The next step is to identify what caused the problem. Was it a genuine hacking where the person cracked your password or did they exploit some other weakness to extract the password from you? Different techniques involving identity theft include social engineering and phishing. Sometimes, you’re lured into clicking a link from an email and taken to a fake website which looks genuine (known as phishing). The page that opens looks exactly like your email service providers login page and might say something like “Your session has expired. Please login again.” But when you submit your email address and password, instead of logging you in, the fake form mails them to the creator of that page and you are then “hacked.”
Phishing attacks usually occur via email and as a general rule, cannot “hijack” an actual website (though that is possible). So if you type yahoo.com directly into your browser address bar, there is a very little chance that the resulting page is a fake, and you can proceed normally.
The best way to protect yourself from phishing is to be very careful when clicking on links in emails. If a link must be accessed, it is best to copy and paste directly into the browser instead of clicking it. Emails that claim to be from legitimate companies often result in a compromise. Phishing emails can also be identified by images that do not load, incorrect grammar and typos.
Here’s a bonus article that gives you 9 ways to detect phishing scam emails.
Newer versions of web browsers can detect a phishing attack most of the time, but to be absolutely sure, make sure the login page is SSL (Secure Socket Layer) protected and that the Security Certificate is properly signed and verified (web browsers can do this). Most online services provide SSL encryption to their login pages, including most email service providers. Browsers identify a secure page by a small yellow padlock that shows it is SSL verified.
Another way to have your passwords stolen is by a keylogger installed in your computer. Make sure your Operating System (Windows, Mac, Linux, etc.) is updated with the latest security patches and always keep updated copies of a reliable anti-virus and anti-spyware software on your computer to run regular scheduled scans for malicious software. A firewall is another tool to add to your arsenal. Some reliable vendors for free computer security software include
Be very careful at public computers where you are not the only person with access such as libraries, internet cafes, etc. These types of computers are especially prone to being infested with spyware (intentional and accidental) that can steal your login information. You can use simple programs such as Neo’s Safekeys which is an on-screen mouse based keyboard that can bypass keyloggers and enter your password safely. It is a very lightweight stand-alone utility that can make you feel a bit more secure. If you carry a USB drive, you can use a combination of portable software like Neo’s Safekeys and malware scanners that can alert you of a security risk.
When you’re done using the computer make sure you’ve logged out of all services; delete web history, cache and cookies from your browser’s menu so that a snooper can’t access your information.
Next: Conclusion
Oct 24, 2008 at 12:32 am
i have a world NO1 hacker Name Usman Country Pakistan sialkot
Oct 24, 2008 at 4:07 pm
Well, good for you!