I recently received an email from my brother’s email account which was clearly not sent by him. He is a good writer, and this email was an English grammar nightmare. The message also used jargon that he would never use. The email talked about how he was in a lot of trouble because he was visiting the UK and someone stole his passport. It made me laugh because I know my brother has never flown internationally and I’m pretty sure he doesn’t even have a passport.
Knowing that this wasn’t my brother sending me this message, I did the typical things I do when I get spoof emails. I double checked the “reply to” or “return path” field (not the “from” field because anyone can fake this) to see where the email really came from.
In this case the “reply to” address was in fact my brother’s address, which really got me scratching my head. I figured he had a virus on his computer that was sending emails to the people in his address book. Instead of replying to the email, I forwarded it to him and manually typed in his email address just to be sure there wasn’t something I overlooked. Never reply directly to an email when there is fraud suspicion.
What I eventually found out was that someone had actually figured out his password and broke into his yahoo account, emailed everyone in his address book and changed his password so my brother could no longer login to the account.
Yikes! I was wondering why the email I received did not give me an address or account number to wire money. The impostor was waiting for me to reply and ask for that information.
This made me a bit nervous and I immediately started to think about all the things anyone can do once in someone else’s email account:
- Email friends and family to receive personal information, such as addresses, Social Security numbers, etc.
- Search the deleted mail box to find out what online service are being used, then go to those web pages to request a password reminder be sent to the email on file.
- Search emails that were sent from the account to obtain personal information and records.
- Once in, they can use your personal information to commit identity theft, charge your credit cards, empty your bank accounts, read your email, and lock you out of your online account by changing your password.
How Do They Steal Your Email?
There are a couple ways that hackers can break into your email account.
- Use a random password generator that tries and retries the password until it gets it right
- Installs spyware on your computer that tracks keystrokes
- Use phishing techniques, which is an email that appears to be from a service you belong to, such as Hotmail or PayPal, and tricks you into thinking you are logging into your actual account.
- Use fake time-out or re-login screen, which makes you think you need to re-login to your email account because it timed out, when really this is just a tricky html email.
These are just a few common ways. Hackers and online identity thieves are getting more and more creative on how to steal your identity and scam money online.
How Do I Avoid Being Scammed?
Here are some tips on preventing getting scammed online through your email account:
- If you are using a public computer, make sure the “remember me” feature is disabled
- Make sure you completely log out and close all browser windows on public computers
- Look at the “return path” or “reply to” address carefully on emails you receive
- Do not post your email address online where it is hot linked. If you want to leave your email address posted in a discussion board, put a space between the username and @ sign so spam bots do not find your address
- Change your password regularly
- Use more characters, symbols and numbers. Use other characters other than the ones found by using shift + a number key.
- Use a lengthy password, and do not use a word or phrase that can be found in a dictionary
- Do not use your login name as your password
- Contrary to popular belief, writing your passwords down and keeping them in a safe place is much more secure than storing them online in a document or with password storage software
What Do I Do if I am Scammed?
If someone breaks into your account, assume they have access to all of your information. This includes bank accounts, credit cards, anything with a login.
- Notify your email provider immediately so they can close your account or reset the password.
- Change all of your passwords for every other service and monitor those accounts for suspicious activity
- Contact everyone you know and tell them about the situation and to stop using that email address to contact you
- If fraudulent activity continues on your other accounts, file a police report and notify the respective service provider immediately
Millionaire Money Habit: Identity theft is a serious crime that continues to grow as web popularity and access is increasing around the world. You can help prevent the stress and losses that can occur from online identity theft by being aware and following some preventative steps. Don’t waste another moment keeping yourself vulnerable to email theft. Go make those passwords extra secure.