Most of us have got our email accounts or social networking accounts hacked at some point of time. But what was the real reason for this? Was it our fault? Could we have prevented these intrusions? Till we don’t try and investigate, we will never know and will never be able to correct it if it happens in future. This article discusses the possible causes of your email account being compromised and how you could prevent this.
99.9% of the times, email hacking can be attributed to the email account owner itself. Either knowingly or unknowingly they have revealed their password to an unknown person or spammer or hacker, who has used their login credentials to access their account. Phishing scams are the simplest way of getting a password i.e. by simply fooling the user into giving their password, by portraying that they are required to enter their login credentials into a website, to access some service or facility. The victim himself provides the username and password to the phisher and gets himself into trouble. Using password expiry systems, 2 factor authentication and alternate systems of authentication, you can avert this security breach.
Badly coded websites can sometimes give access to your email accounts very easily. One of the simplest and silliest ways of getting your email account compromised is by using the username and password in the submission code of the web form. Newbie programmers sometimes, to make things easier for themselves, put in the email account login credentials in plan text in the source code of the web form. You don’t need to be Einstein to figure out a password and how to access the email account. As a best practice, a separate email account may be given only for authentication of web forms which send out mail. This email account can be kept separate from actively used ones, so that even if it is compromised, your real data is protected.
Bad password security practices on the part of your webmaster or system administrator is also a cause for password theft and a compromised account. Setting simple passwords or maintaining user passwords in a plain text file are all silly yet simple ways for your email security to be compromised. Setting up password age, password complexity standards and even login alerts, the system administrator can prevent these things from happening.
When none of the above seem to be true, it is time to question your mail service provider. If there are other users on the same service or server who are facing a similar issue, it is time to bring this to the notice of your mail service and ask them to investigate into the matter. It is very possible that their mail servers or systems are compromised and a trojan or malware inside their system is causing account to be hacked and send out mail. A good way of identifying this is to ask for the logs of your account and to determine from the logs, what is going wrong and where. If the problem keeps recurring, it’s time to change to a safer provider.