Q: If an e-mail account has been hacked, is it advisable to delete the old account to keep it from continuing to be used, or is it too late? —Kathy
A: There is much confusion about what many perceive as having their e-mail account “hacked.”
When I hear that term in that context, I envision an e-mail account that has been taken over by a third-party and the rightful owner has been locked out.
If a “hacker” wants to gain access to your e-mail account, it’s for nefarious purposes and if they don’t lock you out, you can easily lock them out once you realize something funny is going on (being locked out is standard operating procedure in “hacking” an account).
If you have been locked out, you can’t shut down the account until you regain control of it and depending upon which e-mail service you are using, doing so can be fairly easy to impossible.
If you are part of a corporate mail system or a national Internet Service Provider, contact the tech support departments to work through the process of regaining control of the account.
If you are using a free-mail system like Yahoo! Mail and Gmail, they required you when you originally setup the account to designate a “primary” e-mail address (usually on another system) in case you forget or need to reset your password.
If you can’t use this method to regain access, then the “hacker” has already changed the primary e-mail address (the one that allows you to reset) to something they control, so you’ll need to report it to the mail service provider.
If you still have access to the account but think someone else may have the password and is using the account to send unauthorized messages, you need only to look in the “Sent” folder to see if any messages that were sent aren’t familiar.
If you see anything along those lines, make sure to change the password immediately so they can’t continue to access the account.
A more common scenario that causes many to proclaim that their e-mail address has been “hacked” is actually the simple tactic of “spoofing” the return address on messages.
It’s the same lack of control with standard postal service mail; anyone can jot down any address as the “sender” without any way to verify if it’s true and drop the mail into any mailbox.
E-mail spoofing is a common tactic with spammers because you are more likely to open a message from an e-mail account that you recognize.
Most Internet Service Providers and spam detection systems employ a process that tries to validate the senders address via the “header” tucked inside of every message, but it’s pretty easy to fool these filters into thinking the message is righteous.
If you think about it, you get e-mail every day that has a spoofed senders address (most phishing scams and spam use spoofed “From:” addresses).
Even if you switch to another e-mail address, it’s just a matter of time before the new address starts getting used in spoofing scams, so I wouldn’t get too carried away with switching e-mail accounts if this is what is happening to you.
Understanding the difference between having your e-mail account compromised and having it spoofed is critical.
If, in fact, your e-mail account has been compromised (even for short period of time) your identity may be at risk.
Any e-mail account that is used in conjunction with an online banking account is the gateway to your personal identity (think about where the reset instructions are sent when you tell your online bank that your forgot your password); if you suspect someone has gained access to an account that you use for banking purposes, be sure to also change the passcodes and review your “challenge” questions to play it safe!