This week a friend’s email was hacked badly. It was one of those free email accounts you get from Gmail, Hotmail, Yahoo, etc. He was annoyed that it happened but seemed to shrug it off when I suggested what cautionary steps he needed to take immediately to protect his identity. I would hate to think it will be live and learn for him.
However, it is happening with more and more frequency (The FTC estimates as many as 9 million people a year are victimized) and has more dire implications. The hackers start with a tiny bit of data which they collect from a site you have visited previously. Once they grab your password there, it is a good bet they can use that code to wreak havoc on your life because most of us use the same predictable password for ALL of our online activities. That is red flag number one because the hacker will then enter your email account and change your password, virtually locking you out of your own account and making it pretty damn difficult for you to contact the email host, such as Hotmail or Yahoo, to let them know that you have been hacked.
Now let’s just imagine all of the data the cyber thief will find once inside your email account:
1. name and at least city, if not full address
2. most likely your birthday
3. your security question prompt
4. the names of all of your friends, relatives and business contacts with account numbers
5. perhaps photos of everyone who is important to you
There you go – your entire life spread out before someone with nefarious purposes and you are still not taking this seriously. Snap out of it! Once you’ve been hacked, take it very seriously and take action immediately. If you use the same password for everything and the hacker now has that password, he/she can enter ALL of your accounts and retrieve your personal data and stored credit card information.
The first thing to do is to change your password at ALL of your other accounts and make it something no one can figure out. DO NOT use your birthday, address, children’s birthday, etc. This is paramount but still so many people fail to take this easy step to protect their identity from hackers.
There are plenty of other steps to take but these few should be your top priority:
1. Notify those people on your contact list if you have an alternate email account to do so. Chances are they may already know because they’ve been contacted by the hacker posing as you, but notify everyone nonetheless.
2. Use your alternate email account to notify the host of the account which was hacked. For example, if your hacked account was with Gmail, then send an email with as much information as possible to their “spoof” or “fraud” department. If someone on your contact list actually received an email from the hackers then forward that to the fraud department as well.
3. Do a mental inventory of everything you had in your hacked account, inbox, saved file, sent mail, etc. and take steps to protect that data. For example, if you recently booked a vacation through Expedia and all of your data resides in a confirmation email, the hacker now has that info, as well as access to your Expedia account. Contact Expedia and change all of your information with them.
4. If you are a small business, contact all of your customers at once and let them know that their info might have been compromised.
5. Monitor your credit credit cards and online accounts for unauthorized for activity and report it at once.
6. Notify the credit reporting agencies and ask them to place a temporary fraud alert on your account. Better to be safe than sorry.
7. Never let a merchant site store your credit card info online. Opt out of that when given the choice.
It is cliche but it is so true that these are dangerous times we live in. Thirty years ago, the most we worried about was someone stealing our checkbooks or credit cards. Today, they can steal one little password and take control of our lives.