Email accounts are prime targets for spammers, who can no longer send spam directly from malware-infected computers because of improved spam filtering and steps that major providers like Verizon/Comcast/Cox have taken. If a spammer can hijack an email account, he’ll be able to send spam at high speed from a legitimate account until he gets caught. We’re good at detecting this, but when it happens it’s inconvenient for the legitimate account holder, since we have to change the password and the account owner will be locked out until they set the password again and update the password on their computer/phone/etc.
The most common ways that bad guys obtain login info are:
- phishing email – the kind that takes you to a supposedly legitimate web link where you’re tricked into entering your email username and password.
- Some of these messages are very real-looking. Best practice: never enter login info on a web page that you got to by clicking a link in email.
- Hotel wi-fi or a public wi-fi hotspot and bad guys were sniffing the network.
- We’ve seen quite a few of these cases. Hotel wi-fi is particularly dangerous. You’re better off using your phone’s wireless connection at hotels and coffee shops.
- You’ve used the same username and password somewhere else (adobe.com, ebay.com, etc.) and that site got hacked.
- This is probably the #1 way people get hacked. Never use the same username and password on multiple sites. You will get bitten if you do.
- malware on your computer that’s sending your keystrokes & other info the the bad guys’ mother ship.
- When this is what’s happening, your account will usually get hacked again quickly after you’ve changed your password. Set your PC to scan for malware daily, and run a full scan every now and then so the anti-virus scanner will check everything (default scans usually scan only the most likely locations for malware). Make sure your PC is set to receive automatic updates to virus definitions – there is a new virus every few minutes, so you need to update your definitions at least daily.
- Your password is easy to guess. Our systems lock out password-guessers quickly, but they get a few tries before they’re locked out and if your password is super simple (12345 / ILoveAndy / etc.) they might get lucky.
There are a lot of bad guys and they’re highly motivated, but if you’re careful, odds are your account won’t get hijacked.