By gaining access to a compromised mailbox, attackers can gain access to a user’s emails, files, contacts, and many other personal items.
Using a compromised mailbox, attackers can also gain access to other websites and services the user has registered for using this mailbox.
If you believe your mailbox was compromised, it is important to take immediate actions to secure your account and to mitigate any damage that may have been caused by the attackers.
What should my immediate actions be?
Reset your password:
- Make sure your new password is strong – it should be at least 8 characters long and should contain numbers, upper-case and lower-case letters.
- Do not re-use any of your last five passwords, so the attackers cannot guess it.
- Important - Make sure the compromised password is not used anywhere else. If the same password was used in other services/accounts, the attackers can gain access to those as well.
Enable Multi-Factor Authentication:
By enabling MFA, you will need to provide additional information to log into your account - preferably by a code sent to your phone.
An MFA-enabled account is much more secure and very hard to break into.
Anything else I should do?
Check for any new or suspicious forwarding rules:
Attackers often set up forwarding rules for compromised mailboxes, so they can keep receiving your emails even after your password has been changed.
If you find any forwarding rules you do not recognize, they should be removed immediately.
Check your contacts:
Attackers may change the names or addresses of your contacts to trick you into sending them sensitive information. Make sure the names and addresses of your contacts are correct.
Verify your sent items:
A common use for compromised email accounts is to send fraud emails from within a company.
Check your sent items to see if the attackers have sent any suspicious looking emails and notify the recipients of such emails that they were targeted by a fraud attempt.
Be aware of any suspicious activity:
In the days and weeks following an account breach, make sure to monitor your email activity closely.
Check your sent items often, make sure no new inbox rules or forwarding rules appear in your account, and pay attention to security alerts.
Report to your admin/supervisor:
If this is a work account, report to your admin or supervisor so they can investigate for additional suspicious activity.