This article discusses the best practices for preventing your Web-Based Email Account from being hacked.
If you share a desktop/laptop in your home or work, make sure all users of this computer are aware of these safe practices:
If your web-based email account has already been hacked, refer to this Knowledge Base article for instructions on how to recover your account: How to recover hacked email accounts.
Make sure your system has full and up-to-date Internet Security protection.
- If you’re using a Trend Micro Security software, make sure the Protection Against Web Threats and Prevent Unauthorized Changes features are enabled to protect against Phishing attacks and new/zero day threats.
- Most security software will display warnings, both in the product and in Windows Security Center, if it is not kept fully updated.
Do not, under any circumstances, open URLs, emails, and email attachments that you do not recognize.
- This is commonly how hackers take control of your system. Once an infection takes place, they can then get your email account username and password using special monitoring software.
Be mindful about exposing your personal information.
- Be mindful and alert when asked about your personal information - who is asking and why do they need it.
- Be mindful about what information you post on Social Media and Media-sharing sites.
Use strong and unique passwords on your email account.
- The strongest passwords utilize a combination of uppercase and lowercase letters, numbers and special characters.
- Do not use the same password on different sites.
- A weak password can usually be cracked using methods such as a brute force password attack. If you have used that password on other sites – they are already accessible to hackers.
Regularly review your email account profile.
- Get familiar with your email account password management feature and use it to regularly change your email account password.
- Regularly review your email account profile password verification/reset information.
- Make sure the date of birth, alternate email address, etc. are specified and accurate. These must be something that you can remember if you ever need to reset your email account password.
- Avoid using personal information/questions for any additional customized password reset questions.
- Make sure that you save any codes that are given to you when you first create your email account – these can be used to regain control of your account in the future.
Be mindful of your personal information that has already been exposed.
- Ensure that any additional password-reset questions that you have set up are not public knowledge.
- Use security questions that cannot be answered with a search engine.
- Be aware of how much of your personal information has already been exposed and made public through sites such as:
- Social Networking Sites – Facebook, LinkedIn, Orkut, MySpace, Twitter
- Media Sharing sites - Flickr, Youtube
- Government sites – Federal database, Local City and County database
- Press Articles, if you have a high profile or are a public figure
- Hackers can correlate your email to your name, to your address, to other additional personal information using a combination of the above sites. This information can then be used to answer email password reset questions and take control of your email account.
Avoid using public computers and unencrypted Wi-Fi networks to login to your email.
- Be mindful of the difference between Computer to Computer (Ad-hoc) networks and Infrastructure networks.
- Be mindful of the names of Wi-Fi networks. Wireless network SSID names may look similar to ones that you know of, but their type is different. This is very common in public areas such as airports.
- Never connect to/use a Computer to Computer (Ad-hoc) network in a public place.
Regularly keep Microsoft Windows fully updated by enabling the Windows Update feature.
- To update your Windows Operating System, refer to this Microsoft Knowledge Base article for detailed instructions and FAQs: Windows Update: FAQ. You can also access Windows Update via the shortcut button below:
Check Windows Update
Regularly monitor usage of your email account activity using the monitoring features of your provider.
- Email/Social Networking/Media Sharing Accounts – regularly make sure that you can sign into any accounts you may have
- Sent Items Folder – may store some evidence of potentially malicious emails that may have already been sent to your friends/colleagues
- Activity Logs – Some providers, such as Gmail, have an Activity Log feature that allows you to check recent activity on your account
Regularly archive and purge your web-based email to removable media and store it in a safe place.
- Purge all web-based email that you have already downloaded or no longer need.
- Most providers give you the ability to connect to their email service using a traditional SMTP/POP email client to perform this kind of backup.