Alert – Outbreak Of Hacking Of Gmail Accounts
2 ways to check if you are compromised
- Check your sent items. The chances are that if there are emails to sent to contacts which you do not remember sending, then you are compromised. You can then see who the phishing emails have been sent to and advise them to delete the email if they have not accessed it or if they have to read this post.
- Check your email logs. For users of Gmail or Google Apps for Work this can be found at the bottom of the page after you have logged into your email through a web browser. Click on “Details” on the bottom right hand corner which will show you the login IP addresses and countries of the last few logins. Any IP addresses sourced outside your country suggests your email has been hacked.
3 step fix if you have been compromisedWhat should I do if my email has been compromised? You need to act fast to remove or reduce any potential damage. The more time you give the cyber criminals, the more likely they have found a way to leverage money from your personal information/communication/data. Go through the following steps :
Log into your email via the web browser and reset the password. This will stop the cybercriminals from getting back in.
- In Gmail/Google Apps click your name or your picture in the top right hand corner.
- Click Account
- Under Security check-up click GET STARTED
- Check your recent logins and click “Something looks wrong” to reset your password
- Remove any apps, websites and devices linked to your email that you’re not aware of
- Follow the prompts to setup 2-step Verification (click here for more on 2-step verification)
Clear open sessions. If the cyber criminal is still logged in while you reset your password it may not kick them out immediately so they could still do damage. Best to close all open sessions, to do this:
- Scroll to bottom of Gmail
- Click Details in bottom right corner
- Click Sign out of all other web sessions (best to reset your password before doing this step)
5 ways to prevent yourself from being a victim to cyber criminalsCyber criminals are getting more clever in how they go about accessing your personal information to access your cloud apps. Here are some tips on ways you can protect yourself and your business.
Education. Be aware of how phishing scams work and look out for this type of activity. Always check why a website might be asking for your email and password. Also check things like:
- its a secure site with // (there should be a padlock too)
- the domain name looks correct e.g //mail.google.com is correct
- Have anti-Phishing detection on your antivirus software and make sure its up to date. Many free antivirus programs such as Microsoft Security Essentials doe not include anti-phishing features. Best to upgrade your antivirus if this is the case.
- Secure your email with 2-step verification if using gmail run through the Security Check Up wizard to do this or do this manually by following steps in my previous article
- Single Sign On for all your cloud apps. This will protect all your cloud apps and is highly recommended. Good Single Sign on systems allow you to restrict which sites can login to your cloud apps as well as integrate Single Sign On.
- To perform an IT security audit to identify other potential vulnerabilities in your network.