My mum's email has been hacked

[RubyToogood]

The hackers sent out a scam email to all her contacts which ends up as a request for money if anyone answers. I think we've done everything necessary but...

• She's changed her password. It's a bit short so I've suggested she use a stronger one.
• They were auto forwarding all her email to their spoof account, so I've taken that off and disabled rules
• I've set up two factor auth
• I've advised her to cancel her credit card if she sent details via email ever.
• She's warned all her email contacts.

Anything else?

They basically did the same thing to my aunt last year.

 

[Pickman's model]

The hackers sent out a scam email to all her contacts which ends up as a request for money if anyone answers. I think we've done everything necessary but...

• She's changed her password. It's a bit short so I've suggested she use a stronger one.
• They were auto forwarding all her email to their spoof account, so I've taken that off and disabled rules
• I've set up two factor auth
• I've advised her to cancel her credit card if she sent details via email ever.
• She's warned all her email contacts.

Anything else?

They basically did the same thing to my aunt last year.

Think you've covered all the bases

 

[RileyOBlimey]

Remember we all use email accounts as the root of our online security. That means we registered for many services with our email accounts. Thus means whatever accounts she’s registered with that address are potentially vulnerable. What to do? Teach her how to install and use a password mananger, protect that with 2FA and then go through her online accounts and change the passwords to strong, unique, password manager generated passphrases.

 

[RileyOBlimey]

There are free and easy to use password managers that have apps for smartphones, browser addons and stand alone apps.

Lastpass is a commonly used option. Bitwarden is open source and recommended.

 

[RileyOBlimey]

Getting started with Bitwarden: Bitwarden 101 Video Series - Getting Started | Bitwarden Help & Support

 

[two sheds]

Do you know how they hacked it?

 

[Magnus McGinty]

Make sure important accounts are backed up with dual protection which usually means a phone number that sends a text alert and code if used on a new browser. I know it’s a pain but it’s a massive extra step that prevents this stuff.

 

[Raheem]

Anything else?

Ask if she uses the same password anywhere else.

 

[gentlegreen]

They basically did the same thing to my aunt last year.

 

[RubyToogood]

Ask if she uses the same password anywhere else.

Did that. Thankfully not.

 

[RubyToogood]

Good point.

 

[RubyToogood]

There are free and easy to use password managers that have apps for smartphones, browser addons and stand alone apps.

Lastpass is a commonly used option. Bitwarden is open source and recommended.

Is Bitwarden intuitive? She mainly uses an iPad and has just been using the icloud password storage facility.

 

[UnderOpenSky]

Is Bitwarden intuitive? She mainly uses an iPad and has just been using the icloud password storage facility.

It's not bad, but if she already has something that works, then no need to add confusion by changing it.

 

[RubyToogood]

It's not bad, but if she already has something that works, then no need to add confusion by changing it.

Well, for certain values of "works". She doesn't let it generate her passwords because she wants to be able to use them on her PC if necessary, and if, say, she went into hospital and took her ipad with her it would leave her accounts fairly vulnerable. All you'd need is the unlock code for the ipad and you'd be away.