Imagine that you’re sitting down to peruse through email and all of a sudden a strange message pops into your inbox from a company you do online business with. The message explains that there’s been a security breach with an email provider (Epsilon). Luckily, the email explains that only email information has been breached – or in some cases your name too.
Then the phone rings, and your friend exclaims, “Thanks for sending me a link to a new iPad!”
The Epsilon breach was real, and the implications are already manifesting themselves. If you start receiving and/or sending odd emails and feel as though your account has been compromised, here’s what you should do:
1. For the recipients, you are only moderately inconvenienced so far with more spam to delete. Let’s keep it that way.
2. Do NOT click on the link. Many different things could happen, but none are good. Just don’t do it. Ever.
3. Don’t respond to the sender by clicking “reply to.” Your friend or family member’s email id has been hijacked, and they are not the real sender. Replying only confirms to the hijacker that they have found a valid email id (yours!).
4. Please do send a separate email to your friend or family member letting them know that their email id has been compromised: be specific as to which email id. Many people use multiple addresses. They will need to take it from there: they and everyone they know will grateful.
Next, for the actual “victims,” your job is unfortunately a bit tougher, and the remedies all depend on the type of breach. The following suggestions are listed by degree of difficulty. You may need to be patient and stay in touch with your friends to make sure you’ve really eliminated the problem.
1. Change the password for the compromised account. The hijacker needs both your email ID and password. Sometimes simply changing the password can eliminate the issue.
2. Check your computer for viruses and other infections. You can check this if you are at least running a commercial anti-virus software system, which you can typically download for free from most ISPs. If not, download and run software specifically designed to look for “bots.” Make sure it looks clean. Having trouble finding one? Spybot Search and Destroy is a good system to choose. If you’re not comfortable with this step, ask a friend who’s a computer geek to help.
3. Call your email service provider. Though this may seem easiest, calling anyone’s tech support line is no longer a pleasant experience. Plus, if they suggest that you delete the account and create another, you’ll want to be sure you’ve exhausted your other possibilities first.
Your best defense for the future, even if you weren’t victimized this time around, is a really strong password protecting your email account. Choose one that uses letters (upper case and lower case), numbers, and symbols. Never share your password with anyone, even if they ask for it, especially online or over the phone! No one needs to know your email password.