The calls and texts start pouring in. Dozens of your friends and acquaintances want you to know they’ve just received an email from your account touting a shady-sounding overseas electronics company.
Never mind the embarrassment and sheepishness you feel when it looks like you’re spamming all your friends. What’s worse is that your online security and perhaps your computer have been compromised. How you proceed next can affect your life in more ways than you might imagine.
“So much of your online security really hinges on your email address,’’ says John Bonora, owner and founder of Privacy Solution Partners, a privacy consultation and identity theft prevention firm based in New Haven, Conn. “The Federal Trade Commission tracks all fraud and identity theft, and about half of all fraud originates via email.”
If your email account is compromised, there are things you can do. Bonora and other experts say these are the smart steps you should take:
Recognize the signs. Occasionally, a sender’s address (and other parts of the header) are altered to hide the true source of an email. This is called "spoofing." You can see evidence of this spoofing, for instance, when you receive a spam email that appears to come from your own address.
If your friends tell you they’ve received spam from your email address, it’s safe to assume your computer’s security has been compromised, says Bonora. You’ll want to proceed as if your computer has a virus or other malicious software that places all the personal data at risk, Bonora says.
Notify friends. Use a different email address or another form of contact to warn friends and contacts not to open anything from your compromised email address. Recommend that they use the most up-to-date firewall and anti-virus protection available. Tell friends who’ve received spam from you to run a scan using their anti-virus protection and to make sure all security patches are up to date.
Create a new email address. “If you don’t mind losing the email address, the best thing to do is close it down and open a new one,’’ says Scott Stevenson, president and CEO of EliminateIDTheft, an identity protection company. Make sure you use a strong password, combining numbers and letters, for your new account. Also, to help ensure your future security, says Stevenson, it’s a smart idea to set up an additional email account that you use solely for online purchases.
Maintain an inventory. Your email address is likely tied to many of your online activities. If your account is compromised, you don’t want the bad guys asking your bank to send a new user name and password to that email account. Keep track of every activity tied to your email account, and if the account is compromised, notify your bank, your credit card company and your other online accounts that you’ve changed your email address.
Put online purchases on hold. You’ll want to make sure your computer is virus-free before you start logging in credit card numbers for online purchases. Some malicious software enables criminals to track every key stroke a computer makes.
Make sure your computer is clean. Run a strong anti-virus, anti-spyware program. Check to make sure your firewall is turned on. On Windows Vista, go to Control Panel, then Security Center to check security applications. For Mac OS X, open System Preferences and click Sharing. Click on Firewall, then Start to make sure your firewall is operating. Doublecheck to make sure you’ve installed all the security patches for your operating system, says Stevenson. If you still have doubts, it’s worth taking your computer to the nearest computer repair firm to double check, says Bonora.
Use your email user name wisely. Many of us try to simplify life by using the same user name as our email address on many accounts. If your email is compromised, you’ll need to adjust those user names and vary the names you use in the future, says Bonora.
Think this seems like a hassle? It’s true that you’ll have to do some recovery work, but the alternative can put you at risk for far bigger problems.
Kim Boatman is a Silicon Valley, Calif., journalist who writes about security and technology. She spent more than 15 years writing about a variety of topics for the San Jose Mercury News.