It’s Friday before a long weekend and hackers are up to their old tricks! Today, Neoscope assisted a user with a hacked email account and advised multiple clients on phishing attacks! Hackers often attack before a long weekend to give themselves an extra day hacking your network, email, and data.

This article outlines steps to take (do them now!) if your email account has been compromised.

Step #1: Change your password (immediately!)

The very first thing you should do is keep the hacker from getting back into your email account by changing your password to a strong password. Make sure its not related to your prior password; if your last password was SpotBeagle2, don’t pick SpotBeagle3 —and if your dog Spot is a Beagle, you shouldn’t have been using your dog’s name and breed as your password in the first place. Better yet, move to the strongest password you can stomach!

Level 1 Strong Passwords (strong): Try using a meaningful sentence as the basis of your new password. For example, “I go to swimming twice a day in my pool” turns into “Igs2AdimP” using the first letter of each word in the sentence, mixing uppercase and lowercase letters and replacing the word “twice” with “2.” Weakness: length.

Level 2 Strong Passwords (stronger): Use a full sentence or a set of words without abbreviating them to create a Pass-phrase. “Jellyfish Sandwiches are yummy!” is nonsensical, memorable, arguably easy to type, but certainly easy to remember and nearly impossible to hack using brute force. Hackers absolutely hate you when you do this!  Even Edward Snowden agrees. Weakness: your ability to memorize one of these for each and every account you own.

Level 3 strong Passwords (strongest): Level 3 is not for the faint of heart. It involves beginning the journey into adopting, learning, practicing, and using a Password Manager. Neoscope recommends LastPass as a great commercial grade password manager that integrates well with personal users at businesses. Other options includeDashLane and 1Password. Password Managers allow you to move to 15-20 character random passwords without sweating it. I no longer know any of my passwords except the Master Password that unlocks my password manager. All Password Managers can generate random passwords for you like these: $4tV$mrWcVqj2X8oY3p or uQ2d@L9xRglLIcn*ZY0 or 4#4r8FFzz6Bi7@i0BR7. Weakness: your master password must be super strong – I recommend using a Level 2 pass-phase as outlined above.

Whichever method you choose, you need to do this step quickly to boot the hacker out of your account before they do other damage such as resetting your accounts elsewhere online (remember the Password Recovery links go to your email account which has just been compromised). Time is of the essence!

Step #2: Recover access to your email account

If you’re lucky, the hacker only logged into your account to send a mass email to all your contacts. If you’re not so lucky, the hacker changed your password too, locking you out of your account. If that’s the case, you’ll need to reclaim your account, which is usually a matter of using the “forgot your password” link and answering your security questions or using your backup email address. Hopefully the hacker did not change your password recovery questions as well.

Check out the specific recommendations for reclaiming possession of your account for GmailOutlook.com and Hotmail, and AOL.

Step #3: Enable two-factor authentication

One of the best methods to prevent your email account from being taken over again (and hackers who were in once, often try hard to return), is to set your email account to require a second form of authentication in addition to your password whenever you log into your email account from a new device. When you log in, you’ll also need to enter a special one-time use code the site will text to your phone or generated via an app.

Check out two-step authentication setup instructions for Gmail, Microsoft’s Outlook.com and Hotmail, and AOL. And for a full list, check out twofactorauth.org

Step #4: Check your email settings

Sometimes hackers change your email settings to forward a copy of every email you receive to themselves so that they can watch for any emails containing login information for other sites. Check your mail forwarding settings to ensure no unexpected email addresses have been added.

Next, check your email signature to see if the hacker added a signature that will continue to advertise their malware even after they’ve been locked out.

Next, check your “reply to” email address. Sometimes hackers will change your “reply to” email address to one they’ve created that looks similar to yours. When someone replies to your email, it goes to the hacker’s account, not yours.

Last, check to make sure the hackers haven’t turned on an auto-responder, turning your out-of-office notification into a spam machine.

Step #5: Scan your computer for malware

Run a full scan with your anti-malware program. You do have an anti-malware program on your computer, right? If not, download the free version of Malwarebytes and run a full scan with it. I recommend running Malwarebytes even if you already have another anti-malware program; if the problem is malware, your original program obviously didn’t stop it, and Malwarebytes has resolved problems for me that other anti-malware software wasn’t able to resolve. Scan other computers you log in from, such as your work computer, as well.

If any of your scans detect malware, fix it and then go back and change your email password again (because when you changed it in step #1, the malware was still on your computer).

Step #6: Find out what else has been compromised

Some computer users have been known to store usernames and passwords for accounts in obvious places inside their email. One user I’ve seen had a folder called “Sign-ups” while another simply called it “Passwords”. Considering the hacker was inside your email, what could they easily discovered about your other logins? Tip: search for the word “password” in your mailbox to determine what other accounts might have become compromised. Change these passwords immediately; if they include critical accounts such as a bank or credit card account, check your statements to make sure there are no suspicious transactions.

It’s also a good idea to change any other accounts that use the same username and password as your compromised email. Spammers are savvy enough to know that many people reuse passwords for multiple accounts, so they may try your login info in other email applications and on PayPal and other common sites.

Step #7: Humbly beg for forgiveness from your friends

Let your contacts know that your email was hacked and that they should not open any suspicious emails or click on any links in any email(s) they recently received from you. Many people will realize that the 0365, Gmail, Yahoo, or Hotmail login page your email directed them to was hosted at a very suspicious looking URL that has nothing to do with those sites, but there might have been someone who clicked and entered their credentials to the hacker.

If the hacker was lazy, they may have left your sent messages alone and you can see all the SPAM messages your account sent out in your sent items folder. Alternatively, you could check your deleted or trash folder. However, most average-skilled hackers know to delete sent and trash history to avoid detection for as long as possible.

Step #8: Prevent it from happening again

While large-scale breaches are one way your login information could be stolen, many cases are due to careless creation or protection of login information. Picking a strong password is your best protection from this type of hacking. It also is prudent to use a different password for each site or account, or, at the very least, use a unique password for your email account, your bank account and any other sensitive accounts. If you’re concerned about keeping track of your passwords, find a password management program to do the work for you.

Password management programs have some interesting advantages you might not be aware of. One such advantage is when you accidentally land on a malicious website that is going to stealing your username and password (perhaps it was made to look exactly like O365, Linked In, or DropBox), your Password Manager is wicked smart and will refuse to enter your credentials into that bogus website because Password Managers monitor what website you’re on. Phishing sites that look like another login portal will have a bogus domain name and your Password managers will not be fooled! This saved me one-time when I thought I was logging into Linked In and my password Manager refused to input my credentials. When I checked the domain, it was a website in Italy! Even security professionals are sometimes duped!