Have you ever considered how much of your life is online? Think of all the services you use, the sites you visit, and the information you access daily. All of this information is usually “protected” behind a user account tied to a combination that consists of your email address and a password you create. This means all of those accounts for your services, applications, and information are all tied to your email address. Now consider: what happens if your email account is compromised?

With a single email account breach your entire online life can become vulnerable. This can lead to financial transactions you did not make, account creations you did not want, and even lead to messages to friends and family in an attempt to compromise their accounts. Getting compromised, or hacked as many call it, is a daunting and scary circumstance that could take days or even weeks to come back from if you don’t know what to do immediately. Join me to learn about what you can do in the event of a “hack”, how your accounts can become compromised, and how to boost your security to prevent these compromises.

Don’t panic!

Cliché and difficult, I know, but it needs to be your top priority. If you let fear drive your next decisions, you may end up in a worse position than you start. Do not call random phone numbers, pay bitcoin ransoms, or download software you are unsure of. In these situations it is easy to give in to the scare tactics that may be thrown at you by scammers. But you are now on the path to becoming educated in security and online safety, and those tactics will not work on you anymore!

Change all passwords

If you can get back into an account that has been compromised, immediately change the password. This applies to compromises you learned about via a notification informing you someone logged into your account from a location you don’t recognize, or from friends and family asking why you sent them a message you did not send. Changing the password will kick out all devices that are currently logged in to your account and force the user to log in again using the new password you set.

Cancel Cards If Needed

If you received financial transactions you did not make, immediately call your financial institution. Cancel any credit or debit cards that may have been used and mark the transactions as fraudulent to begin the process of getting your money back. If you are unsure if an email or notification about a financial transaction is real, start by checking your bank account to ensure the amount of money you expect to be there has not changed.

Reach out to Customer Support

If the account that has been compromised had the email address changed along with the password then you will have to reach out to the service’s customer support to regain access. Sometimes this process is quick, other times it can be a complete hassle. Unfortunately, this entirely depends on the service and its security protocol when dealing with compromised accounts. Be persistent and be patient and hopefully you will regain access in a timely manner.

Phishing

Phishing occurs when you receive an email, call, or message that attempts to trick you into divulging important security information. A popular phishing scam that hits many email accounts is an email message warning that you have been charged a large amount of money. The email usually informs you that you can dispute the charge by calling a phone number or clicking a link to download special software. Once you do, the scare tactics begin by making you think everything happening is legitimate, and the “service representative” getting mean if you begin to question or doubt the recommended process. Real customer service representatives will not yell at you or get angry with you! And you will almost never receive an email asking for important information. If you do, call the service or business via their main phone number to verify, not the phone number you may receive in the email. And above all else, never click links in an email you are not sure you trust!

Brute Force

Do you use the same email address and password for multiple services? This is the perfect scenario for scammers. If they manage to get into one of your accounts, they will quickly go and try the same email address and password combination with other services in attempt to compromise those accounts. Maybe you do use different passwords, but only by a small variation. An extra number here, or an exclamation mark there. This is just as easy for scammers to figure out. There are now computer programs that will take a password and try to log in to another service multiple times, making small changes in an effort to figure out the password if it does not work.

Service Breaches

Some breaches may occur that are out of your control. Service breaches happen when someone manages to get access to a service’s database of user accounts. Many times the person will then sell the account information on the black market to scammers wanting to get into your account using the other methods listed. You will learn of this type of compromise usually via an email notice sent by the service, or possibly via a mailed letter.

Key Logging

Perhaps you fell for a phishing attempt email and made it far enough down the rabbit hole to install software, but you are not alarmed because you never gave up any important information during the process. This could mean a key logging attack is occurring. You installed a software that is always running in the background and keeps track of everything you do on your device. Sometimes it even allows a scammer to see your screen and access your webcam. These attacks are hard to discover because they were manually installed by you, so the device does not realize the software is malicious.

Spoofing

Spoofing is when a scammer pretends to be someone you know by making their email address or phone number look legitimate. Sometimes it even is the actual email address or phone number. Special devices exist that allow a scammer to send text messages and make it look like it came from a phone number that is not their own. Unsecured email addresses, usually ones managed by a company and not a big name email provider (like Gmail, Outlook, and Yahoo), can also be spoofed and made to look like the email was sent from the correct email address. The easiest way to determine if someone is trying to trick you with a spoofed email or text message is by looking at the content. If it seems like something out of character to come from the person you expect, contact them directly to verify.

Use 2-Factor Authentication

Setting up 2-Factor Authentication should be your first step in the security process for all your accounts. 2-Factor Authentication is an extra layer of authentication that is required when logging into one of your accounts. This extra layer can usually be a text messaged code, an emailed code, a phone call with a code, or a special authentication application that provides a code. The authentication code changes regularly and is never the same. You will still need to provide your email address and password like you have always done before, but you will also need to provide the special authentication code as well. This means a scammer will have to not only have your email address and password to compromise your account, but they would also need access to your special authentication code, too. At the very least you should have 2-Factor Authentication set up on your email account, since it is the one account that is connected to all of your other accounts.

You can find 2-Factor Authentication setup instructions in your service account’s settings area. If you decide to use an application to provide the security code there are many available for free. Authy, Google Authenticator, and Microsoft Authenticator are good options. Otherwise, you can choose to have your authentication code texted or emailed to you.

Don’t use the same (or similar) passwords

Because brute force compromises are popular you should make sure to use a unique password with each service. Try to create a longer password for better security. Anything 10 characters or longer is a safe starting point. Make a point to revisit accounts and change these passwords at least one time every year or two years at the longest. Regular password updates ensure that any service breaches that may have occurred will not have your current account credentials.

Manage Your Passwords

Creating strong passwords that are unique for each service just gave you some anguish, didn’t it? How are you going to remember a unique password for every online service you use?! That is where having a good method to manage your passwords can help.

My favorite method to suggest to most folks with nothing set up currently to manage all their passwords is a good password notebook. Amazon has many available for not very much money. They are usually set up with alphabetical pages that allow you to easily find the service you need and your credential information to log in.

Maybe you don’t want to carry around a physical notebook with your passwords. There are digital options available that are just as good. Most web browsers like Google Chrome will show a notification asking if you want to save your account credentials for easier logging in later. This is a safe option that ensures you can still access your accounts quickly without having to memorize long passwords.

If you want to really boost your password management you can use a service like LastPass or 1Password. These services are subscription based and cost money to use, but they will help you create a strong password for each service and will remember the password for you. These services also integrate with all your devices so you can log in to your services and applications easily.

Avoid Using Public WiFi with Financial Services and Sites

Even with the best security practices in place you can still be vulnerable. Public wireless internet is the biggest vulnerability. With special hardware a person can see all the devices connected to a business’ publicly available internet connection and even see what websites the devices are accessing. In a worst case scenario they can see exactly what you are typing. If you have to use public wireless internet never access your financial services. Even with 2-Factor Authentication set up, there is still a chance of getting compromised. Checking Facebook or even email is usually okay, but avoid sensitive services. When in doubt, just use your cell phone provider’s internet connection available on your smartphone. This is much harder to compromise, so it is safer to use for sensitive services and information.

Always Be Skeptical

The safest practice above all else is to always be skeptical when online. If an email or website looks sketchy or out of place, just consider it unsafe. If you are unsure, reach out to your tech department, or a friend or family member that is tech savvy, and ask them to review the website or service. Never click links you are not expecting to receive and never download and install applications you are unsure of.

Conclusion

While getting compromised online can be a traumatic experience it is never the end of your online life. Taking the time to educate yourself and implementing the best security practices for online safety will help keep you safe from the many ways scammers will try to attack you. The online world is vast and necessary for so many parts of our lives and now you hopefully feel a little bit better about traversing through it!