Site hosting news, tutorials, tips, How Tos and more

How did my email account get “hacked”?

howto

If you’re reading this it’s likely that your email account was recently hacked and now you’re wondering how it happened, why it happened to you. Or maybe you’re just wondering how you can prevent it from happening to you.

Let me start off by saying that there are many different ways an email account can be compromised. In this article I’ll cover three of those methods.

Also note that these aren’t the only way an email account can get compromised. People are always inventing new ways of compromising an email account/system. So by the time you finish reading this article, it’s likely that they will have come up with a few new techniques.

Now lets imagine you’re at the local coffee shop sipping on some hot coffee. You open your laptop and connect to the coffee shop’s WiFi. Why not, it’s free Internet, right?

Now it’s time to check your email messages because you are expecting important news. You open the email client on your computer and start browsing the Internet for, you know, important stuff. An hour passes by and you go on your way to work, home, or school. But did you notice the person sitting across from you with their laptop? He just took your email credentials while you weren’t looking. But how did it happen?

Did it happen while you were in the bathroom?

No.

Did it happen when you went for yet another cup of joe?

Nope.

So how did that person steal your email information with out even coming close to your computer?
Compare Winhost plansEver heard of a Man in the Middle attack? To put a MITM attack in simplest terms, some malicious so and so sets up their computer to act like a router and tricks your computer into thinking that the computer actually is the router. Then the router thinks the shady computer – in the middle of the connection – is your computer.

Think of it as someone tapping into your network connection. Once this starts happening they can view all kinds of fun packets coming from your computer to the mail server (or to any server). Each time you make a connection to the mail server you are sending your authentication credentials through the bad guy’s computer.

From there it’s easy to use a program to filter out all packets containing login credentials. This includes your Facebook, Twitter, and bank account login information as well. Everything.

So does that mean it would be better to just stay away from your local coffee shop?

Hey, no need to be drastic! You can still go and you can still surf the Internet but it may be best if you didn’t use the coffee shop’s Internet connection. Personally, I don’t trust any network that I don’t own or control.

A nice work-around would be to use the Internet connection on your smart phone. Most smart phones have the capability of turning into a password protected Wifi “hot spot.” They also have the capability to tether the smart phone to your laptop. But, of course you will be using your phone service provider’s data plan.

So if I protect myself from that shady “man in the middle,” I’m safe, right?

Not exactly.

Another way your email account could be compromised is with a virus/malware being installed on your computer without your knowledge. This method is the most common and likely way that your email account (and everything else on your computer) can be compromised. I’ve seen what some of these viruses and malware are capable of doing, and it’s scary stuff.

Some of the virus/malware infections come with a nice little tool called a keylogger. What it basically does it logs all your key strokes and sends them to a server controlled by whoever infected your computer with the virus/malware. So any time you enter a username and password, the keystrokes are logged before the login request is sent. It doesn’t matter that the connection from your computer to the mail server is encrypted.

So how did this software get onto your system, or how can you prevent it from being installed on your system?

You can start by practicing the following:

  1. Keep your system/software updated with the latest security patches.
  2. Update your Antivirus programs and run scans on a routine schedule.
  3. Avoid downloading files you don’t recognize.
  4. Don’t open any email messages you didn’t expect to receive. For example: You get an email message with the subject; “Your PayPal account has been limited,” but you don’t have a PayPal account.
  5. Avoid visiting web sites that have a bad reputation. A simple Google Search will sometimes display a warning message in the search results right below the domain name; “This site may harm your computer.

The third way an email account can be compromised is by social engineering. Some email systems come with a nifty “Forgot your password?” tool. So what’s the big deal about this feature? Well, when you were setting up your email account you weren’t thinking twice and just answered the security questions truthfully. For example the signup form has the following questions:

  1. What is your pet’s name?
  2. What is your mother’s maiden name?
  3. Which street did grow up on?
  4. Which school did you attend in the 5th grade?
  5. In which hospital were you born?

You had to pick two of them and answered the two question correctly. No harm done right?

Wrong. The question/answer that you’ve set up with your email account should actually be considered to be your second and third passwords. Why? Because the correct answers to these questions gains access to the email account.

It would be best to answer these questions kind of incorrectly. So, let’s say you chose Which street did grow up on? and What is your mother’s maiden name? and answer to the first question is Main St. and the answer to the next question is Smith.

Instead of using the correct answers, you can add a extra character befor the real answer. For example @Main St. and @Smith. If the system doesn’t allow these type of characters then you can also use a letter before the real answer. For example: QMain St. and QSmith . That way if the malicious person finds out the real information, they will still have a hard time getting into your email account.

You must be wondering how these people even get the information in order to gain access to your email account using the security questions method. The answer is very easy. In this day and age most of us use social media sites Facebook, Twitter, YouTube etc. What’s the problem with social media? Well, the problem is we like to give out to much information.

We all like to share share share. Sometimes we don’t realize it, but we give out too much information. So much information that it makes it easy for a malicious person to gain access to your email account using the security question method.

If you keep these things in mind and think about security in new ways, you will protect yourself from a lot of potential headaches.


20 Responses
  • markbarryelder

    One item that would be nice to have to help protect our e-mail account is SSL access to Winhost mail servers when using POP and SMTP. However Winhost does not currently offer this option:
    http://forum.winhost.com/showthread.php?t=10401

    • Domain Manager

      I second that! Secure email! Cant we get that?

  • Moises

    We all understand your concerns here at Winhost.com This is why we do offer our customers the ability to connect to mail mail server securely using a web browser. Say for example you’re email service is hosted on M01. Then this means you can access your mail service securely using the following URL https://m01.internetmailserver.net The connection will be secure between you and the mail server using a web browser. Simply change the subdomain name to fit the mail server you are using. If you are on m02. Then you would use https://m02..internetmailserver.net and so on.

    • Domain Manager

      If I am connecting via setting up Gmail to pull in an account, I cant see how to make it secure. My password and account name are sent in the clear, no?

      • Moises

        In regards to connecting to a Gmail. The URL should already be secured with https. This means the connection between your computer and Gmail is secure. The connection is encrypted so it won’t be sent over clear text. However, if you have a keylogger installed on your computer. The keystrokes will be logged before the credentials are sent over the internet. So in this case it doesn’t matter if the connection is encrypted.

  • Mike

    The man in the middle attack isn’t quite that simple. The computer logging onto say hotmail, gmail, yahoo..etc would have to except a bad ssl certificate for this to work the way the author describes. This is something that any modern browser warns against before you attempt to logon, now if you avoid this warning yes the rest is true. I guess a more likely event would be to sniff, or MITM, to retrieve password hashes and use rainbow tables to crack. I don’t think the average person is going to fall victim to this unless they have enemies stalking them.

    • Moises

      You’re correct. I’ve done a man in the middle attack on my own home network (just to check it out) and the web browser does warn the user that the SSL Certificate is bad for the site that there on. Some users will understand this warning an wont continue. But, most users wont care and just want check their email so they continue.

  • annette

    How can I tell if I have a key logger on my computer. Ive got some really strange things going on with my email and Google accounts. And yes, I do have a stalker and its very creepy. Anything you can tell me would be great.

    • Moises

      You have to do a virus scan on your computer. Make sure you update your virus scanner before you start the scan.

    • Hank

      You may also want to check for root kits, which a lot of antivirus programs miss. http://www.gmer.net/#files

  • Anjali

    Well I’m confused. I don’t think my email is hacked because I can still go and log in using the password I always have, but now i have changed it after my problem. The problem was, two people said that they received an email with a random website that I don’t know of, and never visited. I never sent that email and I don’t know how they got it with my email. I need help finding out who or how that had happened. I’m very scared of what will happen if someone hacked my emai… Pleas help!!

    • Moises

      Just because you can still use the same password even after those other email messages were sent without you knowing doesn’t mean your email account wasn’t hacked. Most of the time people will hack an email account because they wanted to send out spam in order to hack more people. They wont change the email password after they hacked the email account. They would prefer to keep using the same compromised email password as before. Also, its not possible to find out “How” exactly it is that they did it. The best thing for you to do is update your Antivirus program and run scans on the computer that you used to access the email account. Run it on all computers that you use to access the email account. I describe the different ways in this web page article on how an email account gets hacked and most likely one of the ways I describe above is how your email account did get hacked.

      Read the section below: “Another way your email account could be compromised is with a virus/malware being installed on your computer without your knowledge.” This is the most common way an email account gets hacked.

      • Anjali

        Well, I only used that email on my iPad…

        • Moises

          It still doesn’t mean you can’t get hacked. As you saw the email user sent out email messages that you didn’t send.

          • Anjali

            Oh ok! So I guess I might have to change my password again to be safe. I’m guessing my account might be compromised so that’s why it seems like my account is sending out spam to my contacts.

  • David HOLMES

    HOW DO I RECOVER MY EMAIL ACCOUNT I NEED TO CHANGE MY PASSWORD

    • Michael

      If you’re talking about a Winhost email account, support can help you with that. Gmail has their own password retrieval methods.

  • David HOLMES

    CAN WE CONTACT THE PITTSBURGH FBI TO LET THEM KNOW THAT I HAVE A HACKER ON MY PHONE WHO MAY BE ONE OF THE MEMBERS OF DARKCODE IS THERE A REWARD FOR HIM ALL THEY HAVE TO DO IS LOG INTO MY EMAIL ACCOUNT [email protected] AND TRY TO LOG ONTO MY GOOGLE ACCOUNT AND THEY CAN CATCH HIM RIGHT NOW

Sorry, but commenting has been disabled.