Email Detection Tips
Check your email accounts to ensure they are secure. Specifically check there are no ‘unknown’ email addresses attached to your account. You can usually check this by looking for headings such as: 'Filters and Blocked Addresses'and 'Forwarding and POP/IMAP' sections (wording may change depending on your email provider). You can also check any Recent Activity on your account. You are looking for any devices or locations that do not reconcile with your usage. It is recommended you use ‘2 step authorisation’,for example an SMS message will be sent to your phone whenever there are any changes to your account.
Some tips for securing your email:
- Go to the website of your email provider, and log into your email account.
- Look for any external users/devices connected to your email account that you don’t recognise. This will vary from one email account to another, but usually involves looking in your security settings and searching for your last account activity. You can see your sign-in history, including the dates and times that your email account was used. You can also see the IP addresses which were used to access your account. Signing out of these sessions may ensure that external users that where on the account have been eliminated.
- Check for email redirection or mail forwarding and remove any rules or addressed that have been applied.
- Check that the recovery email address and phone number are recognised by you. It is recommended that you consider changing the recovery email address and start fresh.
- Check both your Inbox, Archived Files and Trash for any password reset emails from other services or accounts linked to your email address not instigated by you. The hacker could have attempted to change your password on other sites, using access to your email to perform password resets.
- Checking your mail boxes (including sent emails) for dodgy replies will help identify anyone who was targeted from your contacts list. If you do find someone has been contacted by the hacker, let them know that you didn't send the email to them. If possible do this via another communication channel (ie: a different email address, text, or phone call).
- Change your password to something long and strong, using multiple cases,numbers and special characters. Ensure this password is not used for any other online accounts. Nor should it be similar to any other passwords.
- Once you’ve changed the password for your email account it is important to change the password of any other accounts with other services such as banking, PayPal, Facebook, Twitter. Prioritising those accounts that did share the same or similar password as your compromised email accounts