Has my email account been hacked?

I don’t know about you but one of my greatest trepidations about the internet is that someone will discover my email password and start sending gratuitous messages to my co-workers, friends and family.

When I worked at IBM, we coined a jocular phrase to describe what happens when you leave your computer unlocked and your peer blasts an email to everyone on the floor: baggy pants.

That nomenclature stems from the ancient days of computing when silly network users would send messages about the baggy pants they were wearing.  The “baggier” would shoot out his message to a Usenet group from an unlocked terminal as a way to show the world that he “got someone”.

As a result of antics like this, everyone in my group would recite the axiom:

lock your box

But the above scenario differs from reality because your co-workers aren’t malevolent creatures trying to get your fired.

Err… fine, okay — some co-workers would like nothing better than to have you canned so they can usurp your position; however, most people aren’t filled with such ill-will.

My point is that the world is filled with hackers motivated by the promise of praise or the mania of money; therefore, we need to be wary.

In this post, I’m going to show you what a hacked email account smells like.  That’s right, we’re going to tune your digital olfactory glands so you can sniff out suspicious inbox activity just like an Eastern American Mole.

By the way, moles are pretty cool… they smell in stereo.

Ahh I digress, let’s get into it:

1. Why the f$#@ is my wife…

Why is your wife sending you emails about hot photos of Brad Pitt?

I see two possibilities, either: (a) she’s having an affair and doesn’t care about the marriage or (b) her email account has been compromised.  Both are serious but the former is clearly more egregious.

I reasonably expect that your wife’s computer either has a virus or is the work of a spammer.  The modus operandi of most spam bots is to hijack your address book and send a virulent  attachment to everyone there.

Trick the bots

She can ascertain whether or not she has a substantive problem by creating a fake email address and adding it to her address book.  The next time the spam bot makes its rounds through her contacts, it’ll try to send out to fakeyaccount@gmail.hah but the mail delivery will fail which means you’ll get a Return to Sender error in your inbox.

Can someone say gotcha?

Forwarding anyone?

The other thing your wife should do is check her mail forwarding rules.  Sometimes when an email account gets hacked the nosy perpetrator sets up a forwarding rule that siphons all your messages to his personal account. That way, even if you change your password, he still gets your messages.

Beef up the password

And that brings me to my third point: Make sure your wife changes her password to something beefier.

Ramesh Natarajan at thegeekstuff.com has a helpful mnemonic for making strong passwords.  He uses the eight four rule.

That is, your password should have a minimum of 8 characters.

One should be lowercase + another upper case + you should have one number + and symbol (= 4).

I think this is a good rule to follow.  Also see if your email service offers two factor authentication.  This means that your email service won’t authenticate access unless there are two distinct forms of authentication: for example a password AND a four digit code sent to your cell phone.  Fortunately, major email providers such as Gmail and Yahoo make it easy to set this up.  You can read Nishit Shah’s Gmail two-factor setup post on the Google blog or Any Wu’s post on how to configure strong-authentication in Yahoo.

2. Become a Scan Fan

Alright I’m going to endorse paranoia here: become a fan of regular virus scans.  But this is the thing: just because you have antivirus software doesn’t necessarily mean you’re protected.

Yup, I said it.

Antivirus software is necessary but NOT sufficient; therefore, I strongly suggest you augment your antivirus strategy with a free anti-malware program such as Malwarebytes.

Malwarebytes saved my butt today as I was scanning a computer that was exhibiting suspicious behavior.  Even though AVG had the latest signatures, it failed to find the malware that was causing the problem.  But Malwarebytes got in there and fixed the problem like a champ.

3. Unremitting Updates!

I should also add that you ought to run regular Windows updates.  Microsoft periodically releases critical software updates to patch known vulnerabilities in both the OS and internet explorer so running regular updates can help you stay safe.

In Windows 7 you can click Start and enter:

windows updates

Next, click Change settings in the left pane and make sure Windows is set to Install updates automatically.

Windows 7 Check for Updates

4. Check the attachment extension

When spam bots or malware gremlins send unsolicited emails as your friends and family pay attention to the sender’s email address.  Upon closer inspection you may discover that the familiar display name actually obfuscates the real email address which is really from Russia or Tanzania.

Also, whenever you get an attachment from anyone, including someone you know, always be wary about opening attachments — even if it looks innocuous.  If it ends in .exe or .bat then you should impulsively delete it. Don’t even give it a chance; however, if it has a standard .jpg, .jpeg, .png, or .tiff extension then it’s safer because it’s most likely an image.  Also usually .mp4, .mp3, .wav, .mov and .3pg extensions are safe too but the best thing to do is scan before opening.

Finally, be circumspect about double extensions that actually end in .exe.  For example, some cantankerous hackers think they are clever by naming their viruses like this:

looseweightwithoutdoinganything.pdf.exe.

The goal is to trick the victim into thinking, “Oh gee, this is a free PDF on how to loose weight without doing anything!” but don’t fall for it.

99.99% of the time, when it comes to attachments, the .exe extension is a harbinger of doom.

5. Where did the email really come from?

Finally, back to our Brad Pitt example: ask yourself: “where did this email, claiming to be from my wife, REALLY come from?  Did it really come from her?”

Every single email in the world contains information about who sent a message and who it was sent to.  Just like a postal message contains a sender and from field, email message contain the digital equivalent colloquially known as headers.

In Gmail, you can view your headers by opening the message and clicking the little down arrow to the right of the reply arrow icon.   A drop down menu will emerge with an option to Show original.

Show original headers gmail

Click that and you’ll see a cryptic file with lots of text.

Scroll to the bottom of the headers but right before the message body begins to find a line that reads:

Received: from

Viewing internet headers

The last part of that line lists the IP of the email server that sent you the message.

As you can see, the IP address is 63.143.37.162.

Now you can copy and paste that address into an IP lookup site such as MaxMind so you can see where that server is located.

I dropped in 63.143.37.162 and discovered that email was sent from someone in Dallas, Texas.  See the info bar along the bottom of the screen below:

Maxmind GeoIP

If you want a better visual, just copy and paste the coordinates into Google Maps like this:

Google Maps coordinates

If you want more detailed information you’re probably going to need an injunction from a court.  But that shouldn’t deter you.  Pop open whois.net, enter the IP address of the offending email server then study the beefy results.

Who-is

You can see the unruly IP of that spamming email server belongs to Limestone networks and in a network called DANIEL-1.

The Bottom Line

Even scrupulous, adept users can succumb to compromised email accounts.

As large companies such as LinkedIn, and  more recently Adobe, have demonstrated, millions of password can be stolen without warning.  The problem is that most people use the same password for multiple accounts.  In fact, according to a 2011 PayPal survey of Australians, nearly 60% of all Australians share the same password across more than one account.  That’s a problem because it means when mega companies such as LinkedIn and Adobe get hacked, other services that use the same password are vulnerable.

Stay safe and smart and use unique passwords for different accounts.  There are some noble sites out there, such as Passwordgenerator.net, that make it easy to generate strong passwords but as you know that’s only half the battle.  Remembering it without writing it down is the other half.

That’s why  I actually prefer the LastPass Chrome extension because it helps you generate and safely store secure passwords that look like this:

**ADo@#is!@!#

Lastpass encrypts the password with 256Bit AES encryption (which is, currently, impervious to being cracked).

Moreover, LastPass helps you create a master password that corrals all your passwords in a vault.  It’s so secure that if you forget your password even LastPass can’t reset it because they don’t have it.  Usually, you’ll have to delete your account to start over.

The bottom line is that you should always use distinct passwords for multiple sites.  Lifehacker has a great resource to help you remember the secure passwords you create so you should definitely check that out.

Has you email account ever been hacked?  Have you noticed suspicious activity in your inbox?  Please share your experience in the comments below.

About

Connect with Vonnie on Twitter

Posted in How To, Security, Windows 7, Windows 8, Windows 8.1, Windows Vista, Windows XP