Nick Leader is an Information Security Engineer at the UVM Medical Center. He loves soccer, technology, food, security research, and long walks on the beach.

Nick Leader is an Information Security Engineer at the UVM Medical Center. He loves soccer, technology, food, security research, and long walks on the beach.

Checking my email recently, I noticed that a friend’s message had ended up in my spam folder. Taking a closer look at the message, it did appear to be malicious: the message contained a link to a phony sounding website, with no context. I immediately reached out to my friend to let him know his account had been compromised and recommended he change his email password. He thanked me and then asked, “What else should I do?”

Unfortunately, account compromises do happen. Email accounts are prime targets for spammers. Gaining control of the account allows them access to a ”trusted” email account, which also gives them access to the user’s address list. Here’s how to minimize the damage for yourself or someone you know:

  • Immediately reset the account password to a new, strong password. 
  • Immediately change any passwords to accounts that share the compromised password. Attackers will try using the same password to access other accounts.
  • Check the” sent” and ”deleted” folders in your mail account to see what emails may have been sent from your account. Consider notifying your contacts, letting them know to not click or respond to the previous malicious message.
  • Review other information contained in your email account. Are there additional passwords that need to be reset?
  • Avoid the behavior that caused the account to be compromised. Try to remember any suspicious sites, forms or email links you may have clicked on or responded to.
  • Educate yourself on identifying phishing /spam messages.
  • Let your contacts know if you think their accounts are compromised:
    • Is the account sending spam or phishing messages?
    • Reach out to your contacts using a different method, such as a text message, because they may not be able to receive messages in the affected account.

By taking these actions and precautions, you can help prevent account compromises from becoming an unmitigated personal information breach, which could be a disaster.

Nick Leader is an Information Security Engineer at the UVM Medical Center. He loves soccer, technology, food, security research, and long walks on the beach.

Subscribe to Our Blog

Comments