Have I been hacked?
- Are there suspicious emails on the email account that have nothing to do with you (mails in the outbox folder, suspicious replies to mysterious emails)?
- Do your acquaintances suddenly get e-mails supposedly from you, where they are supposed to log in somewhere or open something?
- Does someone contact you because you allegedly bought goods online on E-Bay or in a webstore and did not pay? ( identity theft )
- Does your e-mail address appear in hacker databases secured by the authorities?
– Hasso Plattner Institute at the University of Potsdam: Identity Leak Check (in German)
– Haveibeenpwned.com (in English)
Possible causes
- The most common cause for hacked accounts are phishing mails: A fictitious mail invites you to visit a seemingly official website, where you can enter your e-mail address and password to seemingly confirm, unlock, or something similar.
- In addition, too weak passwords (1234, myname, mypet, mycompany, or similar) are a known problem.
- It is also possible that your computer or mobile device contains a virus or Trojan that could reveal your passwords.
Measures (recommendations)
We will give you some recommendations. These are meant as food for thought to help you take the appropriate action for your own situation.
Immediate action
- First change the email password immediately. Secure passwordsare at least 12 characters long and have upper and lower case letters, numbers and special characters ($%&.-_).
If access to the account is no longer possible because the password has been changed by the intruder, you must contact the provider/provider who provides and manages the emails.
Connection measures
- If the hacked password is also used for other logins, the password should be changed there as well. It is recommended to use different passwords for all logins. To keep track of this, password manager programs help. If this is a bank, please inform the bank.
- If the hacked email address is also used elsewhere for logins – which is the rule – a new password should be stored there as well. Using the usual “forgotten password” feature, the hacker could have already sent the appropriate passwords to the compromised email address. If this is a bank, please inform the bank.
- If you feel that you have other email accounts or web access with passwords that are too weak, this would be a reason to set new, better passwords everywhere.
Evaluation of the e-mails
- If the hacked account is an IMAP account, the mail server could also be affected, which contains synchronized copies of your emails that could have fallen into the hacker’s hands. You should therefore search your emails to see whether the hacker could have intercepted access data from you or your customers that was mentioned in emails. You can use the search function of your mail program to do this. If you discover that it is your own access data, e.g. for WordPress logins, team tools, Dropbox etc., you should change the corresponding passwords and check the system for unusual activity. If you are unsure, inform your provider. If customer access data is involved, e.g. for the admin area, you should notify the customer so that they can take appropriate action.
Other measures:
- For Windows: Install and run up-to-date virus scanners – and always keep them up to date. Keep the operating system and browser up to date.
- With Apple, always use the latest operating system if possible (Mac and iPhone).
- Occasionally check again whether the e-mail address appears in hacker databases secured by the authorities:
– Hasso Plattner Institute at the University of Potsdam: Identity Leak Check (click here). - If financial damage has occurred: possibly involve the police.