FineMark National Bank & Trust

Skip Navigation
Skip Navigation

Menu

July 21, 2017

When Your Email Is Compromised

FineMark Bank
FineMark Bank

Safe laptop on white backgroundThere are many signs that may lead you to believe your email has been hacked. A friend may reach out and question a suspicious email from you; you may no longer be able to log in to your account; or you may find that your inbox is suddenly empty and all of your contacts have been deleted. No matter what tips you off, when your email is hacked, the impact can be devastating.

Since many of us rely on email for business and personal interactions, it can be pretty unsettling when your account is compromised and you notice unwanted activity on your account. When these things happen, we can’t simply hope they will resolve on their own or go away with time. Email hijacking is often the precursor to identity theft and it’s important to take the following steps to minimize your risk:

  1. Change your password: If you use the same password in other places, be sure to change it everywhere it is used. It is best to never use the same password in more than one place.
  2. Change your username: This may not be possible with your email account, but if there is a way to change the username, it’s a good idea to do so.
  3. Check for suspicious activity:
    • Check your deleted items, sent items and other folders – fraudsters sometimes use the deleted items folder for their malicious activity. You may also find emails you didn’t know were sent or received in the sent folder or other folders on the account.
    • Check your security settings – If a fraudster has access to your account, check your security settings to make sure they did not disable any recommended security measures.
    • Check your email rules – many email services offer a way to set up email rules. Make sure there aren’t any rules setup that you don’t know about. Here are a couple malicious email rule examples:
      • Keyword rules: the fraudster sets up a rule that looks for keywords or contacts. For example, the rule could direct any email coming from *@finemarkbank.com to bypass your inbox and go straight to the deleted items folder. The criminal then logs into your email account and checks the deleted items where they can correspond with your bank without being noticed.
      • Forwarding rules: another type of rule can be set up to forward all of your email to a separate malicious account. This rule allows a criminal to read everything coming to you and use that correspondence to commit fraud.
  4. Prevent future hacks:
    • Never accept something you didn’t ask for:
      • Fraudsters can gain access to systems by pretending to be support and eliciting information from their victims.
      • If a message shows up telling you that an update is needed, or a payment is due, or that you need to install something – Instead of clicking the message, go directly to the website and install the software or update from the trusted source, not from a message prompting you.
      • Never open attachments or click links in an email that you are not expecting. Always ensure the source is reputable; when in doubt, verify the email by contacting the sender.
    • Setup multi-factor authentication: Most email sites have options to setup a second means of authentication. These methods are usually only required to login for the first time on a new device. They typically require you to enter your username and password like normal, then a second step confirms the login attempt, such as:
      • A text message to your mobile phone
      • Security questions
      • A time-based authentication app – like Google authenticator or Microsoft authenticator.
  5. Remember:
    • FineMark and other legitimate businesses do not issue unsolicited e-mails to account holders. It is important to note that FineMark will never ask for personal or confidential information in this manner.
    • Do not reply to email, text or pop-up messages that ask for your personal or financial information. Don’t click on links within them either. Even if the message seems to be from an organization you trust, it isn’t. Legitimate businesses do not ask you to send sensitive information through insecure channels.

If you have questions about this article or if you think your email has been compromised, give us a call.

Share: