Millions of email accounts are being compromised every day without the knowledge of the user. It is extremely important to keep your eyes open and ensure you are not a victimLast week Kesha Mitra, 21, received a scary message — those dreaded four words for the tech savvy Indian today: You have been Hacked!She was shocked to hear that her friends were receiving spam messages from her Gmail account. “They received mails from my mail id asking them to click on a video link I recommended. The embedded link directed to a malicious webpage.”
HOW YOU CAN TELL IF YOUR EMAIL WAS HACKED
# You can’t log into your email account.
# Your sent folder contains messages that you never sent.
# Your email contacts tell you about spam messages from your account.
# Look out for warning messages from your service providers — these messages are usually not delivered to your inbox but is a scroll on top of the page
SECURING YOUR ACCOUNT
# If you think your account has been hacked, change your password immediately. Choose one that would not be easily guessed. Combine upper case and lower case letters, numbers and symbols.
# If the hacker has changed the password and that of the secondary email used by most sites to send a new password, then you will need to contact the site’s support staff (site’s Help tab)
# Ensure your other accounts are safe and renew their passwords. Often people use one password for all their accounts because it’s easier to remember. While this may be more convenient, think of the loss, you could suffer if a hacker gets into any one of your accounts.
# Delete all email accounts or social network accounts that you have not been using for a long time. Hackers love to get into accounts that you don’t use anymore, since it takes longer for you to realise that your account is compromised..
# Share your primary email address only with people and organisations that you trust. Some websites exist just to push out malware or spyware so think twice before providing your email address to websites.
# Avoid using unsecured or public wireless networks. Always check the security behind free wireless connections.
Mitra first refused to believe that her account was hacked and used for spamming her contacts despite having a legitimate PC security software on her laptop. But later she recalled that she had experienced problems with her account. “Every time I logged in I was logged out automatically with a message that I was logged in on another computer.” On contacting the Google support staff, Mitra was advised to reset her password to regain control of her email account.There are over 20,000 videos available on sites like YouTube that teach viewers the basics of hacking social media profiles, email accounts, smartphones and even Skype. Email and account passwords are the prime targets of malware writers, claim security experts. “Most account hijackings are not targeted; they are designed to steal identities, acquire financial data or send spam,” wrote Eric Grosse, engineering director, Google Security Team in an official blog.
While this might be true, in some cases hackers do target individuals. "Six to seven months back I got a call from a well-known personality. This person was contacted by people who had hacked into his social networking profile and asked for money if he wanted his password and page restored. For a person who might have 500 friends on his/her page or probably someone using this page for professional usage, this is bad news," said Vijay Mukhi, an IT & e-Secutiry expert.Dhananjay Patil, a student of Pune’s Film Institute, was another victim when his Twitter account was hijacked. Patil’s account, which had close to 200 people following him on the micro-blogging site, was hacked last month. “Due to my theatre schedules, I wasn’t able to tweet much in the last 2-3 months. So, my account was inactive. But suddenly last month someone began tweeting from my account and it was always some embarrassing message that was shared with my friends on Twitter.” Patil realised he could not log onto to his original twitter account and had to open another.
Niraj Kapasi, CISA, Chair ISACA India Task Force and IT Auditor, advises: "If you are unable to login to your account it could be that your account has been hacked and the password has been changed. Different service providers have different procedures to recover passwords. Some will allow you to reset the password by sending a link to your alternate email address, some send an SMS to your mobile, while others could ask you a security question or your date of birth that you would have entered at the time of opening of the account."It is evident that the need to secure email accounts is critical because people use it to store personal data, often passwords to bank accounts.Recourse available For starters, hacking of an email account or a social networking page is an act of cognisable offence under Section 66 of the Indian IT Act. This simply means that if someone has wrongfully gained access to your personal account then you can file a First Information Report (FIR) at the Cyber Crime Cell of the Indian police departments.
"Cybercrimes do happen but they hardly move up the ladder. The fact that most of the acts take place outside the country, it becomes difficult to handle. Two, the Indian judiciary (especially at the Magistrate and Session Court level) is still not well-trained to handle such cases. We are perhaps the only country in the world that does not have a judgment in this segment to go by," says Mukhi.Legal experts say on several instances the service provider sitting outside India finds hacking an email account or other such acts too trivial. "If your account is based out of US then you need to get in touch with the US office. For them other than a terrorist related offence, rest all is trivial," says an expert.Echoing his views, Mukhi says any recourse from the service provider is hard to come by. "In case of Facebook, if you tell them that such an act has happened they will just close down your account instead of trying to help you n retrieving the password and data.”Kartik Shahani, country manager, RSA (India & SAARC) says: “Users need to take security measures seriously. With today’s sophisticated attacks, and the newer and tougher viruses and trojan that are being developed every day, it has become tougher to deal with them. Data is stolen and sometimes it is even impossible to recover the information.”