Received this question:
- “How easy is it to either hack someone’s email or to create fake electronic correspondence?
- And if there was a hacking attempt, what are the warning signs that should alert the authentic owner of the email address?
https://www.ttcs.tt/blog/whether-email-accounts-can-be-hacked-and-how/ talks of the possible methods how your password to your email account can be leaked to unauthorised persons who can then access your email account. The common method is by a phishing email pretending to be from a person you know or organisation you know to click on a malicious link or run an attachment. See http://theonion.github.io/blog/2013/05/08/how-the-syrian-electronic-army-hacked-the-onion/ which has a screenshot of the phishing emails that were sent to the Onion’s staff members (one of whom fell for the phishing email and entered their username and password)
The method of phishing emails pretending to be from a friend or organisation you know underscores the ease of faking emails. The from field in an email can have any text (e.g “lldjlkdladajdlk@sdkaldjal”) that looks like an email address and not be from the “real” sender.
Sites like http://deadfake.com/Send.aspx allows you to create a fake email which you can send to yourself to further demonstrate the ease of faking the from field of an email message.
To detect hacking attempts, one should set up two factor authentication which improves the security of your email account. One common implementation of two factor authentication uses your cell phone. Whenever a new device or software is used to access your email account, the email provider prompts you to enter a second password that is sent to your cellphone via SMS. If you receive an SMS and you are not trying to access your email from a new device, then you are aware that someone else has your password and is attempting to access your account.
See a PC World article which illustrates how to set up two-factor authentication with Google, Facebook and Microsoft: http://www.pcworld.com/article/2036252/how-to-set-up-two-factor-authentication-for-facebook-google-microsoft-and-more.html
Detection of whether your email account is compromised without two factor authentication requires a regular review of your email account profile and/or settings.
You may also get a call from a friend or organisation asking you about the strange phishing email or “”the stranded traveler” scam email they supposedly received from your email address. Now these emails can be faked as mentioned earlier and your email and password is secure. However, undoubtedly hearing of these emails will raise concerns that your account was compromised or “hacked”.
First step : change your password to your account immediately. Then review your email account profile and/or settings to look for
-
changes to your email filters to forward emails to strange email addresses,
-
changes to the settings for a backup contact account (email and/or phone number) for the provider to contact you if you have problems with your account,
-
access logs showing irregular IP addresses where the email account was accessed.
Changes to these settings not done by you are a strong indicator that your email account was compromised.
You should also change the security questions used to recover your password and if you use the same password on other sites (which you should NOT do – you should have unique, strong passwords for each of your services you use), also change the passwords for those sites.
The complete, strange emails that your friend alerted you to, should be kept for study by you or pertinent authorities to study for clues as to the IP address where the email was sent from.
This requires the preservation of the email headers which are typically not shown by email clients nor included in the email when emails are forwarded. However, all email messages have e-mail headers. See http://www.emailaddressmanager.com/tips/headers.html which shows the typical email headers of a regular and a spam email for comparison.
Comments and suggestions to this post are welcomed.