When your email account is compromised the attacker typically starts sending thousands of spam or phishing emails. You will quickly notice that there is an issue, as many of these emails will bounce to your inbox. By that time we will also have noticed the issue, as we actively monitor our servers for unusual SMTP activity.
From a security standpoint, email isn’t great. Anyone can try to sent emails from your email address, and such attacks happen all the time. The attacker just needs to guess the password. And, there are still many people that use weak passwords.
The firewall on our servers stops most of the attacks. Unfortunately, it is not possible to completely prevent email accounts from being hacked. It all comes down to password hygiene. In particular, if you use one password for your email and websites you are registered with then your email account is bound to be hacked. If one of the websites you are registered with gets compromised the attacker will have both your email address and password, and the attacker can do with your email account what they like.
In general, if you are using a unique, random, complex and long password your email account will be safe. However, if you are using simple password then your account is vulnerable. And, if you are reusing a weak password then it is just a matter of time before your email account gets compromised.
As said, we actively monitor email traffic for unusual patterns. If we notice a mailbox is sending spam we typically reset the email account’s password.
Not all email hacks aim to use your email account to send spam. It may be that you suspect someone is secretly accessing your emails. If you think that is happening, reset your email password and feel free to contact us.
You have probably received quite a few emails from criminals who claim to have hacked your email account. These emails usually claim that the attacker has accessed your web cam while you were viewing porn, and they demand you quickly pay ransom money. To “prove” that you have been hacked the email will appear to come from your own email address. Often the email also includes a password you have used in the past.
Such emails are so-called sextortion scams. The attacker got your email address (and any password shown in the email) from a compromised website you were registered with and spoofed your email address. If you know how to view the email’s headers you will see that the email was actually sent from another email account. You can safely delete such emails. Or, if you want to be sure, feel free to submit a support ticket. If you can add the email as an attachment then we can check the email’s headers – it will almost certainly show that the email was not sent from your email address.
As an aside, the large amount of sextortion emails that are doing the rounds demonstrate how important it is to use unique and strong passwords. If you get a sextortion email that shows a password that you are using for various websites then please make sure you reset the password. And please choose a strong and unique passwords for the websites!