Netsafe regularly helps people who have had their email hacked or hijacked. In many cases, the account has then been used to send spam, scam or phishing emails to random addresses or the contact list for the email account holder.
People who gain unauthorised access may ask your business contacts, friends or family to send money urgently via Western Union or another money transfer service to help you.
Sometimes email account owners can still get access to their email with their own password. At other times they need to go through a lengthy recovery process to take back ownership of their email account.
How to recover your email account
Most major email providers have online forms that you can fill out to recover your account:
You should remember that providers of free email services have millions of customers and may not provide any support outside of the online recovery forms.
If you rely on always having access to your emails then read on for our security tips for email accounts below.
Prevention is better than cure
Most email or social media accounts are hacked due to one of these common vulnerabilities:
- You did not secure your account with a strong, unique password and a ‘dictionary’ or ‘brute force’ attack allowed the hackers quick access;
- Your computer or another device you used to access your emails was infected with malware or a virus or;
- You fell victim to a ‘phishing‘ email, logging in to a fake website that sent your account details to criminals.
How to prevent email hacking
If you rely on your email always being accessible, our advice is that you take the following steps to secure your account.
- Use two factor authentication: 2 factor or 2FA sounds complex but boosts your security by requiring something you know and something you have. A good way of understanding ‘two factor’ is your EFTPOS card – you have the plastic card and must know the correct PIN to use it to pay for things. Two factor for email security normally involves linking your email account with a mobile phone number that will receive numeric codes via text message when you try to login or use a new device.
- Create an alternative or ‘recovery’ email address: And make sure this email account is secured with a different strong password to avoid ‘daisy chaining’ or a hacker trying to get access to all your online accounts.
- Only login over a secured connection: Pick an email provider that uses an https:// web address when logging in. Look for a padlock icon in your browser or consider using a browser plugin or extension such as HTTPS Everywhere.
- Don’t publish the information you use for your secret or account reminder questions: Any information that you use to authenticate your account recovery or login should not be published online
REPORT A SCAM
If you would like to report a scam so that we can add it to our database to track trends and keep other Kiwis safe please complete our online report form.
Our help service is open from 8am – 8pm Monday to Friday and 9am – 5pm on weekends.