Scammers send out dubious e-mails attempting to obtain sensitive data from internet users every day. This is known as phishing and isn’t just annoying; fraudulent e-mails cost millions each year as internet users fall victim to them. We reveal how to identify phishing e-mails and how to render your inbox harmless.
“Has my e-mail been hacked?.” Millions of users around the globe ask themselves this question when an attack by a hacker on a big company becomes public knowledge. Customers and users of the affected site are concerned about their data, especially if they use the corresponding password for their e-mail account. Countless account details are stolen every year due to these hacking attacks, Trojans, and phishing scams.
One example is the internet portal, Yahoo, which fell victim to a major cyber attack in August 2013. More than 1 billion user accounts were compromised, making it the largest breach of its kind in history. If hackers are in possession of access data, the damage can be considerable. Our overview shows you how to check if your e-mail has been hacked and which websites and tools can help you.
Why is my account’s security so important?
Criminals can use a hacked e-mail account to steal your identity. This is known as identity theft. This allows hackers to access your contacts, purchase goods in your name, or misuse your account to send spam or Trojans. This can lead to significant financial damage. Online shops, for example, will take money from your account even though you didn’t make the purchases yourself and you will also be held accountable for any criminal actions that originate from your e-mail account.
The financial implications can also affect others e.g. if your e-mail account sends out Trojans that paralyse company networks. It is, therefore, all the more important to secure e-mail accounts with strong passwords and, ideally, with two-factor authentication.
Has my e-mail been hacked? These websites reveal the truth
Fortunately, it isn’t too difficult to work out whether your e-mail account has been hacked: there are websites, for example, which can be used to determine whether an e-mail account has been hacked by analysing botnets or data breaches. Botnets are networks of thousands of infected computers, which are usually used for criminal purposes without those affected knowing. The bot software usually infiltrates the victim’s computer through fake e-mail attachments.
There is still no 100% protection against spyware and bot software. The precautions are still quite basic: install an antivirus software on each computer and turn on the firewall. You need to regularly update your protection program and operating system. Do not open suspicious attachments and always check the plausibility of e-mails in your inbox.
Have I Been Pwned?
One way to check if your e-mail has been hacked is to go to the website, Have I Been Pwned? (HIBP). The word “pwned” was taken from internet and gaming slang and is a joking way of spelling “owned”. Its origins come from the fact that p and o are located next to each other on qwerty keyboards, creating frequent misspellings. Much more serious than the name of the tool suggests, is the functionality of the site, which was developed by Troy Hunt: you enter your e-mail address to check that it hasn’t been compromised in a breach. The test procedure uses numerous well-known data breaches on popular websites - over 350 different pages and 7.8 billion hacked addresses are already in the database.
In addition, the site offers other features e.g. the “notify me” feature. HIBP will let you know if your e-mail address or username ever come up in any future data breaches. All you have to do is enter your e-mail address and solve a small captcha puzzle for security reasons. The purpose of this is to identify that you’re a real person and to protect the service from bots. If you aren’t sure whether you have been affected by a popular website that has had its data security breached, you can look at the “Who’s been pwned” tab to obtain an overview of previous data breaches and their extent.
Has my e-mail been hacked? Has my password been stolen? These questions can be answered by BreachAlarm. The verification tool is similar to HIBP: after you enter your e-mail address in the field on the website, it scans the internet for stolen passwords that hackers have posted online. Stolen e-mail addresses along with their passwords are often traded on the darknet or in hacker forums. BreachAlarm states: “We comb the depths of the Internet to find stolen password lists that have been hacked […]”. Meanwhile, the service’s database contains over 828 million unique e-mail addresses.
In addition, the service also offers the possibility of signing up for their notification service Email Watchdog: if the password corresponding to a listed e-mail address is published online in the future, BreachAlarm immediately sends you a warning e-mail. This enables users to react quickly and change their passwords - hopefully before something really dramatic happens. Another feature that is mostly suited to business users can be found under the tab entitled “Business”: here you can enter company domains and have them checked. In just a few clicks, you can determine how many employee accounts have been affected by a possible data breach. This feature also comes with a “warning” mode for possible password theft in the future.
Since September 2018, the browser developer Mozilla has offered a web tool you can use to check whether your e-mail has been hacked. The solution called Firefox Monitor gets its data from the already-mentioned “Have I Been Pwned?” (HIBP). The verification works just like with the other services: You enter your e-mail address and then click on “Search Firefox Monitor”. After a short while, you will receive a message stating whether your e-mail account has been hacked or if the address has been affected by known data leaks.
Firefox Monitor also offers the option of being informed by e-mail if your address is no longer secure due to a breach. You will also receive regular information on the current security situation. To take advantage of this offer, however, you have to create a Firefox account: Click on “Sign Up”, enter the e-mail address that you want to be monitored and then create login data for the Firefox account. Mozilla will then send you a confirmation message so you can activate the account and the warning message.
Identity Leak Checker
The last tool in this overview comes from the Hasso-Plattner Institute, based in Germany. The tool searches internet databases for stolen identity data. To start the process, you have to go to the HPI website, enter your e-mail address and click on 'Check e-mail address!'. However, the tool doesn’t only provide information on whether the password associated with the e-mail address has been stolen, it also checks whether other personal information has been published or misused online. This includes phone numbers, addresses, and dates of birth.
An e-mail will be sent from the HPI institute to the address you entered, stating whether your account has been hacked and if personal details have been shared online. In addition, HPI will reveal when and how the data theft occurred.
What do I do if my e-mail has been hacked?
All four tools provide you with reliable information and check whether your e-mail has been hacked. There’s never a 100% guarantee that your account hasn’t been hacked. If the tool doesn’t find anything, the probability that unauthorised persons have access to your account is minimal. For security reasons, however, you should regularly change your passwords. But what should you do if you become a victim of data theft? Don’t panic: the hackers probably haven’t done anything malicious with your account yet. You should change your password immediately. We prepared an article on what to do if your e-mail account is hacked.