A Richfield, Ohio, woman's recent experience with hackers gaining access to her email is a prime example of the significance of email security. It's also a good reminder that your email contains the passwords to your online accounts.
Hackers attempted to transfer $35,000 from Anita Gantner's retirement IRA to a separate company and $350 from her bank. She has spent hours attempting to restore access to accounts and cleaning up the aftermath of identity theft.
Gantner's Windstream email account, which she uses on her phone and computer, stopped receiving new mail in early June. That struck her as unusual. It wasn't prompting her by saying her password was incorrect or requesting a new one. She simply wasn't receiving fresh emails.
She waited a day before trying again. Nothing has changed.
She looked on the internet to check whether there had been any news of a Windstream hack. She did not notice anything. She dialed Windstream's number. Gantner contacted a person after waiting on the phone for approximately an hour and being disconnected four times, who she said told her there had been an email hack of the system and that someone would get back to her after the problem was repaired.
Gantner called Windstream about a week later and requested that her account be disabled. However, a week later, when her husband wrote a "test email," it was received. When she called Windstream again, she was advised that her account would be terminated.
Did Windstream emails get hacked?
Windstream spokesman Scott Morris stated in many email correspondences that an examination uncovered no proof of a compromise of Windstream's network or systems, but the business did detect a phishing campaign targeting some customers.
Windstream spokesman Scott Morris indicated in numerous email exchanges that an investigation found no evidence of a hack of Windstream's network or systems, although the company did notice a phishing campaign targeting some customers.
"Windstream recommends using strong passwords, changing passwords on a regular basis, and adding security questions to help customers protect their email accounts." Customers should also use unique passwords for each of their password-protected accounts. We urge that email users protect their passwords by downloading anti-malware and anti-virus software on their personal devices and keeping them up to date."
Gantner was irritated by Windstream's response. She is aware of phishing emails and claims she did not click on one. She further claimed that many Windstream representatives informed her of a hack.
What information can a hacker get from my email?
According to Eva Velasquez, president and CEO of the Identity Theft Resource Center in San Diego, a charity that provides free consumer advice to ID theft victims, email access is just as crucial to secure as other information.
"The message here is that your email is not innocuous," she explained. "Because of that password reset function, it is the keys to the kingdom." Because of multifactor authentication, many people prefer the email version over receiving a text message on their phone.
"Consider it. "If you look at someone's inbox, you can get a pretty good picture of their life," she explained.
It's not always evident how a hacker obtained email account information or other account access.
"There are so many different ways to compromise an email account," she pointed out. It could be the result of phishing or smishing (a bogus SMS message). It could be a system breach or vulnerability, or an unrelated breach in another system.
How do I make sure my email is secure?
◾ Email passwords should be unique and should not be used on any other accounts. “It should be complex and 12 characters or longer or a combination of uppercase lowercase and characters,” Velasquez said. “It doesn't have to be gobbledygook that you're never going to remember. ... It can be kind of a passphrase,” which is a unique series of words strung together.
Use a different password, passphrase, and email address for each account. According to Velasquez, hackers will frequently use brute-force attacks and attempt to penetrate networks in order to obtain usernames and passwords for accounts that people believe are disposable, such as an online workout account or a subscription account. Make sure you use the same password for all accounts.
Restore email access as soon as feasible. Contact the provider directly at a valid phone number. You'll almost certainly need to go through a rigorous verification process "because you don't want the hackers to be able to just call customer service and say I lost access." As much as you may want to disable the account, she claims that regaining access to your email will make it simpler to gain access to your other accounts.
Should you use two-step authentication to protect your email?
She has now setup numerous emails (each with a unique password) for other accounts, just in case there is another hack.
"Even simple stuff, like airlines, and wherever I can, I set up two-step authentication," she explained.