Helping you fight online identity theft

Identity theft is when a person’s personal details are stolen and fraudsters obtain enough information about someone’s identity (such as their name, date of birth, current or previous addresses) to commit identity fraud.

When identity theft happens over the internet it is called ‘phishing’. ‘Phishing’ is a scam where fraudsters use scam emails, text messages or phone calls to trick unsuspecting victims into revealing personal and financial information that can be used to steal the victim’s identity. The aim is often to make you visit a website, which may download a virus onto your computer, or steal bank details or other personal information. Phishing is one of the most common reasons why your email gets hacked. 

This article will provide you with some tips to protect your email account, alert you to signs of a possible hack and offer advice on recovering your email after you’ve been hacked.

Tips to protect your email account

Use a strong password. Create a password with upper and lower case letters, numbers and special characters such as #, ! &, and %. Don’t use your first or last name as part of your password, or a phrase that is easy to guess.

Protect your address and password. Your email ID and password are your confidential information. Don’t tell anyone your password or give them a clue to your password. Do not keep a copy of your email details on the internet or on your system.

Use the second sign-in verification option. If available from your email provider, this option looks for suspicious sign-in attempts from a new browser other than the one that you originally used to enable this option. If there is a suspicious attempt, you will need to enter a verification code that will be sent to your mobile phone or will need to answer two security questions that you established as part of the process. If you weren’t trying to access your account and you receive the code, you’ll also know that someone was trying to access your account.

Don’t click on links in an unsolicited email. Legitimate companies never send an email asking you to reset your password or ask you to provide personal information by clicking on a link. If you receive an unsolicited email asking you to click on a link, don’t. Instead, go to the company’s website by typing in the URL to access your account. 

Protect your computer. Install a good anti-spyware program and update it regularly. 

Take caution with public computers and Wi-Fi. If possible, avoid using public computers to access anything sensitive, such as conducting online banking, making purchases, or accessing email accounts. These computers could potentially have malware that is designed to capture the information you have entered. Avoid these same activities when using a public Wi-Fi connection as the information can easily be captured by criminals on the same connection. Make sure to use an encrypted Internet connection whenever you go online.

Signs that your email may have been hacked

  • Your inbox is full of Mailer-Daemon rejection notices.
  • Your contacts are getting mail from you that you did not send.
  • There are outgoing messages in your Sent, Drafts or Outbox folder that you didn’t send or create.
  • Your Address Book contacts have been erased or there are contacts that you did not add.
  • Emails you try to send are suddenly getting refused and returned to you.
  • You keep getting disconnected when you’re signed into your account.
  • You are not getting new mail, or your new mail is going straight into your Saved Instant Messages (IMs) folder.

Advice on recovering your email after you’ve been hacked:

Step 1: Change your password
If you’re able to log into your account (some hackers forget to change your password), then do so, and change your password immediately using strong password guidance.

Step 2: Regain control of your account(s)
If you’re unable to access your account, follow the directions on the email site help centre. Remember to change your security answer questions once you have regained control as the hacker may have noted this information.

Step 3: Report it
Report it to your email provider immediately.

You can also forward any suspicious emails to the Suspicious Email Reporting Service (SERS) at report@phishing.gov.uk. The National Cyber Security Centre (NCSC) will analyse the suspect email and any websites it links to. They'll also use any additional information you’ve provided to look for and monitor suspicious activity. Your report of a phishing email will help Action Fraud (the UK’s national reporting centre for fraud and cybercrime) act quickly, protecting many more people from being affected. 

Step 4: Communicate with your audience
Notify all of your email contacts so they can protect themselves. If emails were sent to your contacts by the hacker, send out an apology to any contacts who might have been the victim of your email hack. Explain what happened and advise your contacts that emails sent from your address might contain dangerous software so that they can protect their computers.

Other things to consider:

Scan your computer with an updated anti-virus program. It is possible that a Trojan, which runs in the background of your computer systems, was slipped in when your email account was compromised. Hackers can obtain your passwords or gain access to personal information through the Trojans.

Run your antivirus program. Remove any viruses, spyware, or malware that is identified. If you don’t have an up-to-date antivirus program, we recommend that you install one immediately. 

Review your internal email settings. Check for forwarding email addresses and delete any addresses that are not yours.

Check for a signature. This is personalised text that is automatically inserted at the bottom of every message you send - delete if it’s not yours.

Change your password. On all accounts that you used the same hacked password on, change your password. Remember to check:

  • Other email accounts.
  • Financial accounts.
  • Online merchant accounts.
  • Social media accounts.

Review your email folders for any data exposure. Check all folders for emails that may contain personal or account information. If you find any, immediately change the user id and passwords and contact a fraud specialist for further guidance.

Personal Cyber cover for peace of mind

Personal Cyber cover through NFU Mutual Bespoke Home Insurance gives you peace of mind, with dedicated support and cover up to £50,000 a year* should you fall victim to cybercrime, plus access to a 24/7 Cyber Assistance Helpline.

Expert help whenever you need it from your personal cyber security team

Want to learn more about how to prevent a cyber incident? Looking for a second opinion on a suspicious call or email? Need immediate support in the event of a cyber attack?

If you’re a NFU Mutual Bespoke Home Insurance policy holder, NFU Mutual Bespoke Cyber Assistance Helpline, administered by CyberScout, can offer advice and guidance and access to cyber experts and fraud specialists.

You’ve got 24/7 access, 363 days a year** - just call the Helpline and have your
NFU Mutual Bespoke policy number to hand.

Helpline number:  0800 138 8211

*Terms and conditions apply

**Closed Christmas Day and Boxing Day