Understanding the difference email account/address hacking and hijacking
A frequent question posted in various forums is a concern about an individual’s email account getting hacked because there are countless emails being sent out using the email address which the individual says were not sent by them.
There are two very important things at play which must be kept in mind. The first is an email account which has actually been hacked and the second is your email address being hijacked by spammers sending out spam spoofing the email address as being that of the sender. Two entirely separate and different things.
There’s no question that email accounts can and do get hacked which means that an unknown party has access to the email account which means, email can be read and sent from that specific email account. The less reliable a person’s email account password is, the easier it is for that account to become hacked. Various ways to determine that an account has been hacked is by checking the sent items folder to see if unknown emails have been sent from the account (which assumes that the offending party doesn’t delete items in the sent items folder) or, if someone claims to have recieved an email from you, have them check the email header determine the actual sending email server to determine if it’s the one associated with your account.
In cases where an email account has actually been hacked, the first step to take is to change the email account password immediately to a very strong password which will not be easily hacked again.
A more common occurance is that an email address has been hi-jacked by spammers and used to spoof out-going spam to make it appear that the email was sent by you. The operative words in the previous sentence are “make it appear”. These types can be readily identified by looking at the email headers of the spam email where it will be readily apparent that it was not sent by you. If this occurs to you, there is little that can be done other than to wait it out until the spammers move on to using another email address.
Another approach would be to change your email address, a time-consuming painful exercise which in the long run really won’t accomplish much since there is nothing to prevent the new email address being hijacked again.
So how do email addresses get hijacked? Some of the common ways that email addresses get hijacked are
- putting your email address directly on the web in any kind of post that enabling spammers to “skim” this information
- joining various mailing lists where you’re not entirely sure who exactly is behind those lists
- forwarding emails to countless recipients without hiding who the recipients are allowing any single recipient to then forward the entire list to other people
Another way that email addresses can get hijacked is when well known websites get breached that you have signed on to be a member of which involves a far greater number of sites then most people believe. Not only can email addresses be stolen but also the passwords associated with those accounts which means that hackers can try and hack into any account using that email address to see if the same password is being used for multiple accounts which is why it’s always stressed to never use the same password on multiple critical accounts.
There is one website that provides a wealth of information regarding sites that have been breached along with email addresses that have been compromised. It also allows you to check if a password you are using has also been exposed in any kind of data breach.
This website is https://haveibeenpwned.com/. Rather then go on endlessly about the merits of this website, would strongly urge everyone to visit it for themselves and check their email addresses, private domains and passwords. You also have the opportunity to sign up to get notified if your email address appears in any kind of future breach.
Rest assured that this is not a fly-by-night website. You can read more about Troy Hunt, a Microsoft Regional Director and MVP, the person behind the website directly by going to https://haveibeenpwned.com/About.
Taking a few minutes now may result in saving countless hours in the future.
Category: Email Marketing, Troubleshooting, Understanding Outlook
