It seems to be a question that’s being raised on a regular basis now on support tickets, so I think its time to blog about it.
Firstly, the question are you hacked?
This is dependant on how you manage passwords for your accounts, a large proportion of people still use the same password across different email account, and across different systems.
Scenario
My email address is greg@atadomain.com, with password of dolittlesecurity. Then I decide to sign up to social media or another site and signup with greg@atadomain.com with the password dolittlesecurity.
Now if for any reason that social media site gets hacked, then the first thing an opportunist will do (not always a real hacker) will try and login to your email account with the password dolittlesecurity.
So have you been hacked?
If you deal with your passwords as I have given in the above scenario, then its only a matter of time before this happens.
Why are people asking and why have I created this blog post?
Interestingly I received an email from an apparent hacker sending it to my email address, from my email address, stating a password in the email that I have used before. A number of customers have stated the same.
The hacker also stated that there is nothing I can do, and even if I change my password it doesn’t stop them getting access again.
Not only do we use strong passwords we also use strong malware protection on the office machines as well.
So, the 2 big questions?
1. How did they send it from my email address?
Firstly, it’s unlikely they sent it from your email account and if you have concerns we can always check for you (especially if you have used passwords in the same way as our scenario above) as they would just use a bot to spoof your mail address.
2. How did they get my password?
In my case this was the email address and password combination that I used on my personal social media account, I will let you guess who that may be. This was the only place I used this combination, so that’s the reason I know where the breach has come from and let’s be fair the breach has been well covered.
How can I protect myself from this happening?
- Make sure that you don’t use the same password and email combination for 3rd party sites, no matter who they are.
- Never use the same password for all your email accounts as they will try that as well.
- Always scan your machine on a regular basis for malware. We always use paid virus and malware protection. This is a matter of choice on who you use, however I always believe that you get what you pay for in this area.
One thing is for sure they haven’t physically hacked your account with brute force as this isn’t possible on our cPanel servers, as they are blocked with a few tries.
Top Tip
One thing you may find of use and a really great way of understanding where issues come from moving forward.
Setup your email accounts the ones that you want to use on a regular basis then set one mal account as a catchall. In cPanel and the SSD hosting you can set the default mailbox to forward and email address that’s sent to that account.
Example
Catchall@atadomain.com (or any mailbox of your choice) then you can set the default mailbox to deliver all email to this address (this must be a local mailbox to guarantee delivery) forwarded emails from server to server is very unreliable now as most treat as spam.
The result will be anything before the @atadomain.com would be delivered to catchall mailbox.
This means that when you signup anywhere you can use an email address that identifies them as the only place the email address has been used.
Example
I go to WebsiteA and signup, I could use websitea@atadomain.com then go to WebsiteB and signup as websiteb@atadomain.com
This means when you receive an email from any of these email addresses into your catchall mailbox you know where the source of the leak is. Furthermore, you will know who is sharing your email address knowingly or not, we have been doing this for years and the results are surprising. As these are not real email accounts and just aliases, they cannot login even if they were compromised however don’t use the same password for different sites as mentioned above.
I hope you have found this helpful, if you have any questions raise a hosting support ticket and we will be happy to help.