What to do if your email address is hacked


There barely seems to be a week go by without a report of hacking or theft of data. Here’s a rundown of what to do if your email address is hacked and if other details have been stolen.


What to do if your email address is hacked

If a hacker ‘only’ takes your email address and, for example, encrypted and hashed passwords, there’s a limit to what they can do. However, it’s different if you use this password for other accounts. That’s especially true if valuable information is stored by these other websites.

SAVVY TIP: It’s hard to use different passwords for each account if you have lots of different ones, but it’s such a good security habit to get into. Don’t keep a record of your passwords on your computer because that could be compromised by malware.

If you find out that financial details or a lot of personal information is stolen, such as your address, date of birth and full name, you should check your bank statements. Do this  after you’ve changed your password if you bank online. Next, request a copy of your credit reference file, which you can do online for just £2. Contact all three credit reference agencies, Equifax, Experian and Call Credit. Call Credit operates a credit report service called Noddle, where you can see your credit report free for life. There’s information on How to get hold of your credit report and why you should in the section called ‘Everyday Money’.

Choosing strong passwords

Determined ID fraudsters can use computer programmes to work out your password. It’s nothing more sophisticated than trying every word in the dictionary against your password. This includes country and place names as well as recognised words. Even if they only manage to access a small number of email accounts, they can then use these accounts to set up others.

Choose your password carefully. I met with a web security whizz who told me – amazingly – that some people use obvious words like ‘password’ as their password. If you want to make life difficult for potential ID fraudsters, use two or three unrelated words joined together as your password.

SAVVY TIP: If your password is ‘banana’, this can be cracked relatively easily by ID fraudsters if they have your email details. Even if you change some letters to numbers, so it reads ‘ban8na’ you’re unlikely to defeat them as they buy software programmes with dictionaries where numbers are substituted for letters. A stronger password would be something like ‘bananadesk’. This is because it would take fraudsters such a long time to run through all the possible two word combinations that they may not bother. If your password is something like desk752, that’s also strong because it’s effectively two words.

Never use one password for all your accounts. These days many of us have so many online accounts that it’s easier to use one password for all of them. However, it’s much safer to use separate passwords (or variations of existing ones) for your accounts.

Be vigilant for spammers

A few years ago phishing and spam emails were decidedly amateur affairs. But today they’re much more sophisticated. It’s true that 99% of people may ignore them but the 1% who are taken in can prove lucrative.

  • Watch out for spam and phishing emails. Don’t click on any attachments — and double check them even if they’re from names you know (such as HMRC, your bank or recognised software providers).

SAVVY TIP: Spam or phishing emails can be very convincing. But clicking on one can mean you install malicious software that’s designed to steal passwords. If you think you may have been hacked, run an anti-virus scan. Use a different anti-virus company to your regular provider, but be careful about the free anti-virus software you choose. Some of these may not be genuine.

Keep your mobile data safe

If someone else loses your personal details or it’s hacked into, there’s not much you can do about it. However, you can make sure your data is as safe as possible on your PCs and mobile phones etc.

  • Don’t sell your mobile phone/PC without clearing the data. A recent survey found that half of mobile phones sold on eBay and second hand shops had sensitive data on them. They only tested 35 phones so it was a pretty small sample, but the results are still worrying. Some phones had credit card data and passwords on them. It’s not enough simply to delete the data as it will still be present on the phone.

SAVVY TIP: To get rid of data completely, you should restore the phone to its factory settings — and don’t leave your SIM card in the phone when you sell it.

Related articles:

5 steps to take if you’re a victim of ID fraud

Four banking frauds and scams to avoid – how to reduce the risks of being a fraud victim

Mobile banking; tips on how to bank safely

SavvyWoman email newsletters: If you found this information useful why not sign up now to receive free fortnightly email newsletters with money saving tips and help? You can sign up at the top of any page on the website and your details won’t be passed to any other company for marketing purposes.