How to check and secure web based email.

Checking and securing web based email (and your computer), by Ken Ranous.

For some time now, the unauthorized use of web based email accounts has been an issue I’ve received many tech support calls on. I often know when a friend, family or client has been hacked before they do because I’m in their contact list and get an email with a link to something strange. This happens when a hacker, often in another country gains access to an unsuspecting users yahoo or gmail email account and sends spam to everyone on that persons contact list.

How they gain access to the password may be a matter of password guessing, brute force hacking or mal-ware installed on the users web browser or computer. It may have happened during a login to an unsecured public WiFi. Regardless of how it happened, it’s a problem and here’s some help:

How to check a Yahoo! account:

1. Login to Yahoo! normally and check your Sent Messages folder for outgoing messages you don’t recognize.

2. At your main Yahoo email screen, in the upper right hand corner next to your name, you’ll find an arrow or a star shaped gear. Hover your mouse over this and click on ‘Account Info’. You’ll need to re-enter your password.

3. Under ‘Sign-In and Security’ click ‘View your recent sign-in activity’.

4. You’ll see a list of Date/Time, Access Type, Event and Location. You should recognize the dates and times you’ve logged in. Most importantly, look at the ‘Location’ column. All the entries should read something like AZ, US. If you’re seeing entries from other states or countries that you haven’t visited lately, there’s a problem. You have unauthorized access.

5. Click the down-arrow immediately to the right of Location and select IP Address. If you’re always logging in from the same location, this number will likely not change often. If you’re not sure of your IP, visit and be sure the address reported there matches to IP addresses listed. Keep in mind this may vary if you login from various places or devices. If there’s any addresses you don’t recognize, you may have a problem and should change your password.

How to check a gmail account:

1. Login to your gmail account normally and check the sent messages folder for items you don’t recognize sending.

2. Click the gear in the upper right corner then ‘Settings’.

3. Click the ‘Accounts’ tab, then ‘Other Google Account Settings’

4. On the left Under ‘Security’ click ‘Recent Activity’ which shows a list of when, where and from what platform and browser you logged in. If you don’t recognize any of these entries, you may have a problem and should change your password.

Note:  Sometimes the return address on these bogus emails is spoofed, and if that’s the case you probably don’t recognize the sender, or perhaps the sender appears to be you. If you’ve checked the above and found nothing wrong, then it’s most likely just typical harmless spam and isn’t much to worry about. But do read on.

I’ve been hacked! Now what?

1. Report it to Yahoo! or Gmail technical support.

2. Change your password. Use at least 8 characters, combine upper and lower case, use numbers and punctuation.

It’s happened again, or I want to prevent it from happening again. How do I help prevent this?

1. Stop using Microsoft Internet Explorer. Install Mozilla FireFox and install the add-ons ‘No Script’ and ‘Ad Block Plus’.

2. Clear your browsers cache. This can be done quickly by pressing Ctrl-Shift-Delete. Better yet, set your browsers preferences to not remember passwords or history and clear those when exiting. Yeah, it’s going to mean a bit more typing, but security comes at a slight cost to convenience.

3. Install, update and regularly use the following utilities:

  • Anti-virus software such as AVG or Avast.
  • A cleaning utility such a Ccleaner and/or Bleachbit.
  • A spyware/malware tool such as spybot.
  • Your operating system updates.

4. Check your recent sign in activity and change your password frequently.

5. Avoid file sharing or downloading pirated software, games, music or videos and use extra caution visiting those kinds of websites. It should also be noted that mal-ware can be installed from any site you might come across doing a routine search, but #1 will usually prevent this.

6. Never open suspicious emails, especially ones that have attachments or links to sites you don’t recognize. Seriously, pick up the phone and call that friend to see if they really meant to send you a file or link you weren’t expecting.

I do serious work on my computer and I’m ready to take it to the next level. How can I be even safer?

1. Consider ditching Windows in favor of Mac or Linux. They’re far less vulnerable, especially Linux.

2. Install a firewall/router.

3. Don’t login to sensitive accounts on public computers or networks such as the cafe, library or schools without utilizing a VPN.

4. Consider not keeping your contacts list or sensitive information stored in web based email services such as Yahoo.

5. Consider not using cloud services for backup of anything that could cause you trouble if the wrong person gets hold of it.

6. Study up on subjects such as Internet Security.

Happy Computing!

– Ken Ranous

%d bloggers like this: