What To Do If Your Email Account Is Hijacked

My column in today’s Northwest Herald talks about the recent uptick in hijacked email accounts. Hackers hijack your account in order to prey on your contacts by sending spam, malicious links, and outright requests for money in your name. And not just your email account… Facebook, LinkedIn, and other accounts can also be hijacked.

Here are some things you can do to protect yourself, not just from hijacked accounts but also from viruses, spyware and other Internet threats:

• Use strong passwords that are unique on every system, and change them every few months. Earlier this week I posted an article about how to create secure passwords. This is the number-one thing you can do to prevent your accounts from being hijacked.

• Use a high-quality security software suite. I used to recommend free solutions for Windows like AVG combined with Spybot or AdAware, but these days I’m finding the freebies aren’t enough to protect you. Norton and McAfee will do the job, but Norton in particular tends to take up a lot of memory which may make older machines run more slowly. I prefer AVG’s paid Internet Security Suite or Trend Micro’s Titanium Internet Security or Titanium Maximum Security. If you’re using free AVG, you can get a discount on the full AVG suite if you buy through the “upgrade from free version” option.

Whatever solution you choose, be sure it is a full suite—containing antivirus, anti-spyware, and firewall—and not just antivirus. And be sure it’s real software and not one of the many rogue security programs that are actually viruses in disguise.

Mac users, you need security software too. My personal favorite is Intego VirusBarrier or Internet Security Barrier. If you run Windows on your Mac through Apple’s Boot Camp or a program like VMWare or Parallels, try Intego’s Dual Protection options: VirusBarrier DP or Internet Security Barrier DP. These include BitDefender for Windows to protect the Windows half of your computer.

• Make sure ALL of the software on your computer is regularly updated. In one of my previous Northwest Herald columns, I talked about the dangers of old software. Here on my blog I’ve also talked specifically about the risks posed by old versions of Adobe (Acrobat) Reader and Flash.

• If you’re on Windows, use a browser other than Internet Explorer. Using Firefox or Opera instead of Internet Explorer offers you that much more protection. If you must use Internet Explorer, find out why older versions of Internet Explorer pose a greater risk of virus infection.

• Watch out for poisoned search engine results and learn how to spot bad web links.

• Never click on links or open attachments in email. Always visit the site directly. For example, if you get an email saying you have a new Facebook message, go directly to facebook.com from your Web browser instead of clicking the link in the email.

• Learn about social engineering and how hackers will do anything and everything to trick you into letting them in.

• And, finally, subscribe to the free email version of Triona’s Tech Tips for easy-to-understand tips you can use to protect yourself from the latest Internet threats.


  1. robert rivera says:


    See you at the next BNG meeting.

  2. Thanks, Bob, I look forward to it!

  3. Triona,

    It appears that you are somewhat confused on the difference between a hijacked e-mail account and a forged address. It’s about as easy to forge a “from” or “reply-to” address on an e-mail as it is to write someone else’s addres on a piece of snail-mail and much easier than going through the trouble of hijacking an e-mail account.

    About 10 years ago, this was a very popular way to get people to open malware attachments. The malware would invade a user’s computer, open the address book, and forward itself to everyone in the address book, using one of the e-mail address recovered from the address book as the forged “from” address. Note that no account hijacking is necessary to do this. You are correct in that people are more likely to open attachments from an e-mail address that they recognize.

    Generally, if an account of any sort is hijacked, the owner will be unable to reset the passsword, as the first thing the hijacker does is reset the password in order to lock out the original owner. However, IT IS NOT NECESSARY AND IT IS HIGHLY UNLIKELY THAT THE EMAIL ACCOUNT IS HIJACKED WHEN THE ADDRESS IS USED TO SEND SPAM OR MALWARE.

    The best way to tell where the e-mail actually came from is to examine the e-mail headers. How to do this will vary with they type of e-mail client. However, every mail server will add the IP address of the server from which it received the e-mail to the header of the incoming message. Note that there may be other information in the header that could be forged, but the IP of the server immediately before the recipient’s gateway server will usuall be correct. This is frequently your best bet for beginning to track down the actual malware/spam sender.


  4. Larry,

    Thanks for your comments. While I did discuss forged addresses in the article, what I am specifically seeing is an increase in the number of *hijacked* accounts — as in, accounts that have been compromised. The “I’m in XYZ country and need you to wire me cash” scam is linked directly to hijacked accounts. I’ve worked with a number of people who received such emails and actually corresponded with the hackers, who answered as if they were the person who owned the email account. This is quite different from forged addresses, in which the address is forged but the email account itself is not compromised.

    Spam can be sent from both forged addresses and hijacked accounts, but spam filtering and other technologies have matured such that forgeries are less likely to make it through. Mail sent through hijacked accounts, on the other hand, is more likely to pass a spam filter because it is indeed sent from a bona fide address — except the person on the other end of the keyboard isn’t the account owner. Also, there are plenty of phishing scams out there designed to harvest your email address and password. I would say it’s just as easy and possibly more lucrative to hijack than to forge. Instead of sending out a scattershot forged email and hoping to nail some targets, the hacker sets up a malicious page, harvests usernames and passwords, then sends specific (spear-phishing) attacks to those people’s contacts.

    Owners can still sometimes reset the password even if it has been changed, if they are using a system that uses a security question-and-answer as another means of accessing the account. (The security question-and-answer is problematic in and of itself; it’s not really a good way to secure an account because the answers to the questions are often obtainable with some minimal sleuthing.) Or, the owner can contact the Internet provider, provide proof of their identity and have the password reset that way.

    In any case, strong, unique passwords, good security software and a wary eye for email phishing scams and bad web links will help folks avoid hijacked email and other Internet threats.

  5. Triona,

    Thanks for your response! It has been some years since I was doing end user desktop support, so I haven’t had the recent first-line experiences you have. When I was doing it, it was all forged e-mail addresses. Since then we’ve seen the criminal element come on much stronger in the spam and malware areas with so there are some very real losses to having an infected computer.

    I can’t agree with you enough on your comment about strong, unique, passwords. Another suggestion I would make is that you not give the kids administrative access to the family computer. Too many people can’t resist a free download.

    Also, once a computer is built and running well, keep an image around on a USB drive. You may need to restore it someday and it’s much faster to restore from an image than to reinstall the OS, patch, and then reinstall all of the applications.


  6. Larry,

    Yes, the criminal element is definitely in force with regard to malware, spam and other Internet threats. These days it’s become a necessity to protect your computer. Unfortunately I still see people who dismiss computer security because they’re “only on a home computer” or “don’t care if anyone gets in.” But we all have to care, both to protect ourselves and to protect others.

    As a parent myself I agree that kids should not have administrative access to a computer. Even better, set up a totally different computer for the kids to use. I like to make an image of that computer, as you suggest, so if the computer is infected I can easily wipe it out and start over without having to start from scratch. It’s not so much that the kids are downloading stuff they shouldn’t be, although some do. What worries me more are sites that are infected by malicious code. No click needed, simply visit the site and boom, your computer is now a zombie in the bot-army of some hacker. That’s when vigilance and strong security software are needed.

    Thanks again for writing!

Speak Your Mind