Pages

Thursday, April 16, 2020

16 Tips I Learned From Having My Email Hacked


As many of my clients, colleagues, family and friends know, many of you got a ton of unsolicited spammy emails from me earlier this week. I got hacked and it WAS NOT FUN & BEYOND STRESSFUL!! In fact, it was such a major nightmare / hell where I had mini meltdowns in between being on the phone with tech support and answering the calls, emails and texts I was getting from clients and colleagues at least every 10 minutes from 12:30pm - 11pm and then again the next morning. Also, besides me being on the phone with tech support off & on from 1pm - midnight and then again the next morning.

I first learned that I got hacked when colleagues started emailing and texting me. Of course I immediately changed my password and got on the phone with tech support. GoDaddy is who hosts my website and email and they were very helpful, but everyone I talked to knew something completely different. This was a major help to me to speak to an actual person and I was oh so thankful for that. They think the hackers ran bots to get into my account. Basically they hacked other sights, took my email and used various passwords until they figured it out. They also told me they didn't think that they were actually "in" my email they were using spoofing and aliases emails and somehow got the information. Honestly, that is the part I still don't understand because how can you not be "in" my email, but responding to old correspondence with people?

The tech people gave me a couple of different options and I didn't like any of them.

I could:

  • Upgrade my email from GoDaddy and migrate to a new server through GoDaddy, which I did. It cost extra yearly, but I didn't care and honestly I would only by paying $70 and in my eyes that was 100% worth it to hopefully not deal with this nightmare again. Honestly, I was willing to do almost anything to make it go away at the moment. 
  • Shut down my email completely to make sure it would go away immediately, but then I would not be able to access incoming or outgoing emails for 24 - 72 hours. I chose not to do this.
  • Change my password and let things run their course for up to 24 hours. With the server they were currently using for my website email address it could take up to 24 hours to "kick" the hackers out.  I chose to do this. 

Why did I choose to let things run their course vs shutting my email completely down? I am still corresponding / communicating with clients via email, I have projects & articles I am contributing to, certifications & classes I am taking, and I have have applied for so many different grants & loans I really did not want to miss anything during this time. I wanted to get an email out to clients warning them that it was happening and would not be able to do that and answers questions / concerns if I shut my email completely down. I think once it was all said and done the spamming actually lasted about 12 hours. Believe me I was STRESSED OUT completely that whole time. My fear was annoying clients and potential clients and possibly loosing them or having them not want to interact me. That is the last thing I wanted to do. I don't exchange a lot of sensitive things through email, but I was still worried on that front as well.


Here are some things I learned from the various tech experts I have talked to the last several days:

  1. It can happen to anyone. Literally anyone, anywhere can get hacked and it sucks.
  2. It is not your fault. There was very little that I had actual control over once I was being hacked.
  3. Calm down. This is WAAAYYYY easier said than done, but in reality I got to a point that there was nothing else I could physically do to stop the situation and just had to weigh my options and what I could control was anger, stress and emotions. So my husband made me go for a walk and get some fresh air thank goodness.
  4. Hackers are in full force right now during this pandemic. Several tech experts said hackers are bored and are preying on a lot of people right now, so be careful.
  5. Change your password. This seems like an obvious thing, but you may forget about it. Several tech experts suggest changing passwords every 3-6 months.
  6. Make sure you are using the latest email version if you use a host site. GoDaddy informed me I was not using their most up to date email service, so I promptly paid for that upgraded version and security for the Microsoft Office 365 version. They then migrated my information. After going around and around with them they finally did an emergency migration. Typically migration takes several days and you can still access email on the old server, but they did an emergency migration for me where most things got migrated in a 24 hour period with the final migration step happening tomorrow. They did this to hopefully get the hackers out quicker. 
  7. Make sure to have your email list up to date and let your contact list know. This is especially important if you have a business. I am thankful I had all my clients in an updated email list already, so it was easy for me to send them an email from myself informing them that I got hacked. I did get emails, texts and calls from some people I don't ever remember corresponding with from 3-5 years ago, vendors, etc. I do not have a list of all the vendors, inquiries I have gotten through the years, etc. because I don't have a need to use it currently, but may start a list of those people now. I also decided to post on social media to inform clients that I knew it was happening, I was working on it and I was VERY VERY SORRY!!
  8. Use 2 factor authorization. If you have not been doing this you need to. You can do it for many things like your email, bank accounts, social media sites, various apps, etc. I have this on almost all my important stuff like email, accounts, etc., but it is not foolproof. For example, I had it on for my Starbucks app and someone hacked into it days before all this started. Thankfully Starbucks gave me back all the money the hackers took off of it. *If you saw my Instagram story recently on how to add money to a Starbucks card, no it did not happen because of that post because I had already transferred the gift card amount to a new account before I posted that video. 
  9. Always make sure you know the sender by seeing the actual email address it was sent from. The hackers were using my name to reply to old email correspondence, but they were sending it from a different email address trying to "spoof" people into clicking the links. This is why I was not able to see any of the messages as sent from my sent inbox. It is so weird and annoying because I have no idea who all got emailed besides the people who actually contacted me. 
  10. Don't click any random links that are sent you. Evaluate the correspondence and see if it even seems like the senders "voice & tone". If it doesn't sound like the person report the spam, contact the "sender" who got hacked and don't click links.
  11. If you click links, get out of it right away and change your email password. Although nothing may happen, it doesn't hurt to err on the side of caution.
  12. Do not have your host email being redirected to another email account like GMAIL, Outlook, etc. I had my work emails from the GoDaddy server redirected into my Gmail account because it was easier to have everything come into one account. Every technology person said that this is just another security "risk" you are taking because it is being redirected to a whole other server. Even though I have 2 factor authorization on my Gmail account and Gmail is probably not how they hacked me. You just don't want to make it that much easier for hackers.
  13. Use Chrome. They said it is one of the safer web browsers.
  14. Use different passwords for different sites. I think we are all guilty of not doing this all the time, but I do have different passwords for all of my email accounts. All the tech support people I talked to said how important it was to have a different password for different websites in order to make it harder for hackers to hack into your various accounts.
  15. Check your computer for Malware. There are various things you can use to make sure nothing threatening was put on onto your computer. 
  16. Make sure your email settings were not changed. Make sure the hackers did not go in and change a bunch of your email settings and have things being redirected to them. 
Silver linings:
  • I was able to talk to actual tech support with GoDaddy.
  • I was able to handle it for 12 hours straight because of quarantine. Normally I definitely would not be able to do this and I would have been so much more stressed out trying to juggle work and this. I had just gotten off of a virtual session at noon right before I knew all of this was happening.
  • One of the spam emails went to my clients technology guy they use and he was so very helpful in talking me through it and basically saying calm down, there is nothing you can do about it at the very moment, this to shall pass and then take extra measures when it is all over. He was also beyond generous to send me some verbiage to send to clients in an email because he knew I couldn't think straight. If you want his info I am happy to pass it along. He is located in Houston in the River Oaks area.
  • Some of my clients along with the various technology people reported the spam emails to their IT departments and websites who track hackers.
  • No one was down right hateful to me that they were getting spammed and most of them understood the stress I was under.
Although I did most of the right things based on the tips from the technology experts and support teams, there was still some things I could improve on. It is freaking scary and I don't wish this upon anyone. 


Photo by Corinne Kutz on Unsplash


2 comments: