how to prevent hacking of accounts Protect your account and devices from hackers and . No one wants to become compromised by hackers or malware. Use this guidance to help you protect your accounts and devices. Protect your accounts. It's important that you protect your accounts whether it's a personal account such as a Microsoft account, or a work or school account someone in your organization created for you. Take precautions with sensitive info. Don't send that include sensitive information such as passwords, credit card numbers, passport numbers, or other government issued identification such as a social security number or other tax related identification. Watch out for scams. Watch out for attacks which try to trick you into providing sensitive information, or clicking a malicious link or attachment. Some examples of phishing scams look like messages from what appears to be a legitimate source such as a bank or an official looking institution. The message invites you to sign in with your email address and password, but it's actually a fake website. Other scams look like emails from someone you know which asks you to click a link or open an attachment. Phishing messages usually have links or attachments. When you click the link in the message or open the attachment, your computer can become infected or an attacker can gain access to your content. If you receive an email that looks even slightly suspicious, do the following: Hover over the link and look for the name of the actual website the link is sending you to. Make sure it's what you expect and not misspelled. Go to the legitimate website using your own saved favorite or bookmark, or from an internet search, instead of clicking a link in the message. If you receive a message from someone you know, but it looks a bit unusual, it could mean the sender's email account and contact list was compromised. Contact the sender directly and describe the mail you just received and ask if it was legitimate. Use two-factor authentication. Two-factor authentication (2FA), also called two-step verification, or multi-factor authentication (MFA) is an extra layer of security to ensure that only you are accessing your account. When you set this up, any time you sign in to your account from an unrecognized computer or other device, or if you add your account to an app or a service for the first time, you're prompted to verify that it's okay. The verification message can be sent via an authentication app such as the Microsoft Authenticator app on your smartphone, a text message, an email sent to an alternate address, or a phone call which requires you to enter a pin. If your work or school accounts are using Microsoft 365, your Microsoft 365 admin or IT department may have enabled this for all accounts in the organization. If so, you'll be prompted to take this extra step. For a personal Microsoft account, you can set this up yourself and indicate your preferred verification method. For example, you can request verification from an authentication app such as the Microsoft Authenticator app, a text message, or alternate email account. Protect your password. Don't use the same password for all your accounts. Make sure your password is strong and avoid using actual words. The current recommendations for strong passwords include at least 12 characters, a combination of upper and lowercase letters, at least one number from 0-9, and a symbol. Tip: Third-party online services are available to help you generate and remember unique passwords for sites you visit regularly. Protect your phone or tablet. Only run and install apps from a legitimate source such as the app store for your device. If you're using Microsoft 365, use Microsoft apps which work better with Microsoft 365 and are more secure. Keep your devices, and any software or mobile apps you're using up-to-date. Many of the updates you receive are security fixes so be sure to install operating system updates, and any software or app updates. Enable the lock feature on your phone or table that requires you to unlock the device with a PIN, fingerprint, or facial recognition. Protect a computer running Windows 10 or a Mac. The following are specific things you can do if you're computer is running Windows 10, or if you have a Mac. Turn on BitLocker device protection. Bitlocker protects data when devices are lost or stolen. BitLocker Drive Encryption provides full disk encryption on Windows 10 PCs. If the device is lost or stolen unauthorized users can’t gain access to files on the protected drives, including files synced from OneDrive for Business. Protect your PC with Microsoft Defender. When you start up Windows 10 for the first time, Microsoft Defender is on and actively helping to protect your PC by scanning for malware (malicious software), viruses, and security threats. Microsoft Defender uses real-time protection to scan everything you download or run on your PC. Windows Update downloads updates for Microsoft Defender automatically to help keep your PC safe and protect it from threats. Turn on Windows . You should always run Windows Firewall even if you have another firewall turned on. Turning off Windows Firewall might make your device (and your network, if you have one) more vulnerable to unauthorized access. Use FileVault to encrypt your Mac disk. Disk encryption protects data when devices are lost or stolen. FileVault full-disk encryption helps prevent unauthorized access to the information on your startup disk. Protect your mac from malware. Microsoft recommends you install and use reliable on your Mac. You can also reduce the risk of malware by using software only from reliable sources. The settings in Security & Privacy preferences allow you to specify the sources of software installed on your Mac. Turn on firewall protection. Use firewall settings to protect your Mac from unwanted contact initiated by other computers when you’re connected to the Internet or a network. Without this protection your Mac might be more vulnerable to unauthorized access. 11 Ways to Prevent Your Email From Getting Hacked. #1. Whenever possible, configure your Internet connection to always use HTTPS. This is the "https" that appears before the "www" in a Web address, and the https is preceded by a padlock icon. For Gmail, this works by clicking Settings in the top right; select the General tab, then hit Always use HTTPS, then save this setting. This option is not available for those who access email via Hotmail. #2. Do not open unfamiliar emails. If you open one you think is from someone you know but realize it's not, delete immediately. Do not click any links in the message or send the sender personal or banking information. Once you open that link, your computer could become infected by a phishing scam and your information stolen. #3. Install anti-virus, anti-spyware and firewall on your computer and keep them updated. Automated updates are the ideal choice. #4. Do not log into your accounts from an untrusted computer (e.g., at the coffee house, library), or one that you don't maintain (e.g., friends' and family's). Even if you trust your friends and family, their computer could be infected from spyware. #5. Make sure your passwords, plus security questions and answers are strong. Every six months, change your passwords. Never use the same password for different accounts. A strong password has upper and lower case letters plus numbers and punctuation, forming a non-English word. For questions and answers, they don't have to be true; false information cannot be researched or discovered on your Facebook page, such as the name of "your first pet" when you never had a pet: "Fuzzie-Glow" -- who's ever going to figure that out? #6. Find out just how secure your passwords are. Some setups indicate strength with a rating of "weak" to "strong." Always choose "strong." If there's no rating, go to How Secure Is My Password to see how fast your account can be hacked. On the "How Secure" site, don't type in your actual password if you're skittish about doing that (even though the site is secure and will never release it anywhere), but type in something similar. So if your password is "catlover," type in "horselover" and see what happens. #7. Your password should not be on the list of the most popular passwords. Here is the full list. If yours is there, change it immediately, even if you must give up an easy-to-type sequence. #8. Enable two-step verification if you use Google for any activity. The two-step adds additional security to a Google account. After entering your username and password, you'll then enter in a code that Google sends out via voicemail or text when you sign in. This will make it harder for someone to guess a password. #9. Use a password manager. This service eliminates the need to type in a password at log-in; log in with one click. A master password eliminates having to remember all your different passwords. #10. You may think your password is unique because it's a jumble of characters, but it may not be very strong simply because it's not long enough. The longer that uniqueness, the more uncrackable the password will be. #11 Use a virtual private network software to encrypt any wireless communications. A virtual private network (VPN) is a network set up to communicate privately over a public network. For example: You occasionally want to or need to work from home and your employer knows that if you do, the data that travels between your PC and an office PC needs to be protected. Another example is when you use public WiFi, knowing your wireless data can be sniffed out by criminals . Using a VPN solves that problem. Hotspot Shield VPN service is a great option that protects your entire web surfing session, securing your connection on both your home internet network and public internet networks (both wired and wireless). Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. How to Protect Your Email Account from Hackers. This article was co-authored by Yaffet Meshesha. Yaffet Meshesha is a Computer Specialist and the Founder of Techy, a full-service computer pickup, repair, and delivery service. With over eight years of experience, Yaffet specializes in computer repairs and technical support. Techy has been featured on TechCrunch and Time. The wikiHow Tech Team also followed the article's instructions and verified that they work. This article has been viewed 332,042 times. This wikiHow teaches you how to keep your email account safe from hackers. Sadly, hackers and scammers often target peoples' email accounts to gain access to sensitive information, and their tactics can be pretty convincing. Having a secure password is just the beginning—you'll also need to watch out for scam emails with redirected login links, fake technical support representatives, attachments and software that install malware, and people looking to steal your identity. What To Do If Your Email Is Hacked. I think I could count on my hand the people I know who have NOT had their email hacked. Maybe they found a four-leaf clover when they were kids! Email hacking is one of the very unfortunate downsides to living in our connected, digital world. And It’s often a situation that even the savviest tech experts find themselves in. In August this year, over 700 million email addresses (and a large number of passwords) were leaked publicly courtesy of a misconfigured spambot (a program designed to collect email addresses). Many savvy tech types were caught up in the hack including Troy Hunt, a leading Australian computer security expert and creator of Have I Been Pwned?. So, in short – it can happen to anyone… But Why Should I Worry? I Have Nothing Valuable in My Email. If you have an identity and email address you are very valuable to a hacker – no exceptions! Even if you don’t consider yourself to have Kim Kardashian’s celebrity status or the CEO power of James Packer, a hacker is still very keen to collect every piece of information they can about you. Remember, hackers want to get their hands on your data. Why – I hear you ask? So, they can cash in! Some will keep the juicy stuff for themselves – passwords or logins to government departments or large companies they may want to ’target’. But the more sophisticated ones will sell your details including name, telephone, email address and credit card details and cash in on The Dark Web. They often do this in batches. Some experts believe they can get as much as AU$140 for a full set of details including credit cards. So, you can see why they’d be interested in you! How Big Is the Problem? There is a plethora of statistics on just how big this issue is – all of them concerning! According to IDCARE – a support service for Australian and New Zealand victims of identity fraud – about 1 million Australian have their identity stolen each year at a cost of about $1 billion. The Australian Competition and Consumer Commission (ACCC) recently revealed that hacking scams cost Australian businesses close to $3 million during 2016 with the number of people reporting scams activity at record levels. The Australian Cyber Security Centre nominates $20 million as the fallout from ‘phony emails’ aka phishing in 2016/7. Regardless of which statistic you choose to focus on, we have a big issue on our hands! So, What Do I Do If My Email Is Hacked? If you find yourself a victim of email hacking there are a few very important steps you need to take. But the key here is to act FAST!! 1. Change Your Password. This is the very first thing you must do to ensure the hacker can’t get back into your account. It is essential that your new password is complex and totally unrelated to previous passwords. Always use at least 8-10 characters with a variety of upper and lower case and throw in some symbols and numbers. I really like the idea of a crazy, nonsensical sentence – easier to remember and harder to crack! If you find the hacker has locked you out of your account by changing your password, you will need to rest the password to by clicking on the Forgot My Password link. 2. Let Your Email Contacts Know. A big part of the hacker’s strategy is to ‘get their claws’ into your address book with the aim of hooking others as well. Send a message to all your email contacts as soon as possible so they know to avoid opening any emails (most likely loaded with malware) that have come from you. 3. Change Your Security Question. If you have a security questions associated with your email account, please change this too. And please make it unpredictable and niche! It is possible that this was how the hackers broke into your account in the first place. When Yahoo had 500 million accounts hacked in 2014, not only were the passwords stolen but the security questions too. If you have a security question associated with your account, make up a response that makes no sense. This is the perfect opportunity to tell a lie! 4. Commit to Multi Factor Authentication. Yes, multi-factor authentication adds another step to your login but it also adds another layer of protection. Enabling this will mean that in addition to your password, you will need a special one-time use code to login. This is usually sent to your mobile phone. So worthwhile! 5. Check Your Email Settings. It is not uncommon for hackers to modify your email settings so that a copy of every email you receive is automatically forwarded to them. Not only can they monitor your logins for other sites but they’ll keep a watchful eye over any particularly juicy personal information! So, check your mail forwarding settings to ensure no unexpected email addresses have been added. Don’t forget to check your email signature to ensure nothing spammy has been added. And also ensure your ‘reply to’ email address is actually yours! Hackers have been known to create an email address here that looks similar to yours – when someone replies, it goes straight to their account, not yours! 6. Scan Your Computer for Malware and Viruses. This is essential also. If you find anything, please ensure it is addressed and then change your email password again. And if you don’t have it – please invest. Comprehensive security software will provide you with a digital shield for your online life. McAfee Total Protection lets you protect all your devices – including your smartphone – from viruses and malware. It also contains a password manager to help you remember and generate unique passwords for all your accounts. 7. Change Any Other Accounts with the Same Password. Time consuming but very worthwhile! Ensure you change any other accounts that use the same username and password as your compromised email. Hackers love the fact that many of us use the same logins for multiple accounts, so it is guaranteed they will try your info in other email application and sites such as PayPal, Amazon, Netflix – you name it! 8. Consider Creating a New Email Address. If you have been hacked several times and your email provider isn’t mitigating the amount of spam you are receiving, then consider starting afresh but don’t delete your email address! Many experts do warn against deleting email accounts as most email providers will recycle your old email address. This could mean a hacker could spam every site they can find with ‘forgot my password’ request and try to impersonate you – identity theft! Your email is an important part of your online identity so being vigilant and addressing any fallout from hacking is essential for your digital reputation. And even though it may feel that ‘getting hacked’ is inevitable, you can definitely reduce your risk by installing some good quality security software on all your devices. Comprehensive security software such as McAfee Total Protection will alert you when visiting risky websites, warn you know when a download looks ‘dodgy’ and will block annoying and dangerous emails with anti-spam technology. It makes sense really – if don’t receive the ‘dodgy’ phishing email – you can’t click on it! Smart! And finally, don’t forget that hackers love social media – particularly those of us who overshare on it. So, before you post details of your adorable new kitten, remember it may just provide the perfect clue for a hacker trying to guess your email password! Six Tips for Protecting Your Email Privacy. Sending an email message is certainly more private than posting on a social networking site, but email has its own dangers. Here are six tips to help you communicate without risking your privacy. By now we all know not to post sensitive information on social networking sites. Even with privacy settings enabled, that angry political rant or embarrassing beach photo can easily become the next viral Internet sensation. By comparison, email seems like a much safer communications medium, but you can still get into trouble if you lose control of your account. In addition, email messages bounce unprotected from server to server, so private information might be compromised. Here are six tips to protect your email account and your private messages. 1. Use a Strong Password. You give out your email address all the time; it's not really private information. That being the case, the only thing protecting your account from misuse is the password. A malefactor who guesses your too-weak password gains full control of your email account. Protect your account with a , especially if you use a Web-based email provider like Gmail or Yahoo mail. 2. Beware Public PCs. If you check your email on a public computer in a library or Internet café, be absolutely sure you've logged out before leaving. Even then, you might be leaving behind traces that could give the next user too much information about you. Follow PCMag's advice to . 3. Protect Your Address. It's true that you give out your email address every time you send a message, but there's no need to give it to the whole world. Don't include your email address in comments on blog posts, or in social media posts. Spammers and scammers scrape pages all the time looking for new victims. 4. Lock It Up. If you step away from your desk, lock the Windows desktop or close your email client. Otherwise a sneaky co-worker could read your mail or even reset your login password. Hold the Windows key and press L to lock the desktop instantly. 5. Don't Be Fooled. Oh, dear. Your email provider has sent you notification of a security breach, with a link to reset your password. Don't click that link! It's almost certainly a fraud, designed to steal your email account password. If you have any doubts, navigate to the email provider's site directly and double-check. 6. Use Encryption. Sometimes you just have to send sensitive information by email. To keep your data safe, save it as a document and use your word processing application's built-in encryption, or store the document in an encrypted ZIP file. Then share the password with the recipient separately. If you need encryption frequently, try a free product like or . Does implementing these tips seem like too much trouble? That's nothing compared to the trouble you'll face when you log on one morning and find that your email account just sent a million advertisements for "gentleman's enhancement" products. A little effort now can head off big problems later.