What to do if someone breaks into your email
(This is an important article that explains what you need to do if someone gets access to your email or bank account. Please tweet it, put it on your Facebook and share it with your friends and family. It could save someone’s identity. Thanks!)
After a perfectly normal exchange of emails with my office manager, a client sent us one more in the series asking for us to wire $49,950 to a lawyer in Singapore to complete the purchase of a property. That email red-flagged the account, and my eagle-eyed team leader called the client. “I didn’t send you a wire request,” the client replied. And then she paused. “Oh, man!” she realized, “my Gmail account has been hacked.”
It happens all the time. You might be next. Or, if not, someone you know. So please pass this information on so everyone learns this basic self-defense.
Like a chess player dealing with an unknown opponent, dealing with a hacker requires a carefully thought-out strategy, and then a series of tactics to make sure you don’t get checkmated by an evil cyber-criminal. The first half of this list contains strategies for avoiding getting hacked, and the second half of the list covers what to do after you’ve been attacked.
- Before you get hacked, set up a strategy to limit the damage. Carefully consider what information you keep online, what you store in the cloud, and with whom you share your log-in details.
- Strong passwords can protect you and your email. Choose a pattern that is easy for you to remember, but obscure enough to be hard for anyone else to figure out. I like using creative sentences that I can remember easily, but which make complex passwords. For example, doesn’t this password seem impregnable? SPwtwwcci1996! It has capital letters, lower case letters, numbers, and an exclamation point. I bet you can’t figure out how I came up with it. Actually, it was easy for me, but nearly impossible for someone else to guess. I took a sentence about my co-author of Rich As A King: How the Strategies of Chess Can Make You a Grandmaster of Investing and then I used the first letter of each word. Can you guess the sentence? “Susan Polgar won the women’s world chess championship in 1996.” There are other great tools to make good passwords, including programs that make them up for you, but if you want a quick technique, use your favorite quote, phrase, or saying.
- Watch out what you share on social media. There’s nothing wrong with being a little more private. Hackers troll Facebook, Pinterest, and other sites for people who’ve given away sensitive information like their dates of birth or graduation years. That kind of information is useful for them to understand your online profile, and they can more easily target you. Certainly never use dates of birthdays or anniversaries in your passwords.
- Develop a backup system. My father always used to quote me what his computer technician said: “There are two types of computer users, Doc – those whose hard drives have crashed and those whose hard drives are going to crash!” That’s why everyone needs a backup. The odds of getting hacked and possibly having your data corrupted increase every day, so you must have your data stored someplace else other than on your hard drive. Consider Dropbox, or other type of cloud service, or else pick up a cheap USB hard drive. I like buying 1 TB drives that store huge amounts of data like this.
- Update your anti-virus, anti-spyware, and firewall software on a regular basis. Set them on auto-update, and make sure you keep paying the bill. They may not be perfect, but they can help. Also, if you make the critical error of opening a virus-packed email or clicking on a bad link, they might be able to protect you. The “Editor’s Choice” at PC Magazine is Norton Antivirus, which you can get here.
- If you’ve taken all the right steps, but still got hit, think like a chess player. Now it’s time for quick and careful tactics to take back the game. Start with rebuilding your protection by resetting all your passwords. Since most of your accounts (Amazon, Google, iTunes, etc.) are linked to your email address, if the hacker gained access to your email, assume he’s going after those accounts too. So give them each a new (and different) password.
- Save your money. Immediately check your accounts. Don’t wait until tomorrow. Call your credit card companies – all of them, even the ones you don’t use much – and inform them that you’ve been hacked. They’ll probably want to reissue new cards. If you don’t tell them, and if there is theft as a result, you could be responsible to pay. You should also call your bank and brokerage firm. Ask them if they have any certain procedures, and get them to mark your account to require phone authorization before moving money. If your brokerage firm allows you to trade online, or if your bank allows you to wire money or pay bills, suspend those services while you confirm that no one is stealing from you, and then reset all passwords. Even if you see no evidence of hanky-panky, that may be because the super-clever hacker is waiting. He’s waiting for you to stop worrying about your account, and then he’ll go back in. These guys are very patient. They could wait weeks or months before engaging in a second attack against you. They know that if someone was careless once, he’ll probably be careless again.
- Inform your email list that you’ve been hacked. Apart from spreading the word to your friends to help warn them about the risks (and maybe save them the same heartache that you are suffering), you can stop them from engaging in an email conversation with the hacker. That could expose more information about you, or in the case of the “I’m stuck in London, please send me money” scam, it will stop them from sending any money.
- De-authorize the apps on your devices. Changing your password for an account does not cut off your smartphone. If a hacker has wormed his way into your cyber-soul through an app, you will not have stopped him by changing your passwords. You need to go into each account (Facebook, Twitter, Dropbox, etc.) and disconnect it from your account. Then reauthorize them from scratch. It may take some time, but if you don’t have time now to stop the problem, will you really have more time later to fix it once you’ve been hacked?
- Hacking leads to identity theft. No one likes the idea of losing control of an account, but it’s much worse to lose control of your life. Contact the three credit agencies and ask them to lock down your credit. What that means is that the credit bureaus (Equifax, Experian, TransUnion) cannot sell your data. Using this “credit freeze” is a great way to prevent identity theft. If a bad guy steals your identity, he can open a new credit card in your name, buy lots of cool stuff, and leave you in the lurch. Since the credit card companies will typically check your credit record before issuing a credit card, they will see there is a freeze on it, and then they shouldn’t issue the credit to the bad guy. When you want to get credit for yourself, you’ll have to unfreeze your credit report. From a financial planning standpoint, it may be a good thing to help you control your urge to get a new credit card. After all, with over a trillion dollars of outstanding credit card bills, most Americans might be wise to cool off on the amount they run up on their bill every month.
Dealing with hackers is very much like a chess tournament, and you can walk away victorious if you have a strategy in place to protect yourself, and if you follow all of the tactics described here in the event of a real security breach.
One thing to do now
Like I mentioned at the beginning, it would be really great if you could pass this article on to your friends and social network. Here’s a good Tweet you could use: @RichAsAKing has tips on what to do if your email gets hacked.
If you have more thoughts on what to do, or some comments on the ideas, please add to the comments below.