Have you been scammed by an email from a friend?
There has been a wave of phishing emails going around lately, targeting peoples’ email accounts and tricking people into logging into their accounts via ‘spoofed’ web pages that look like webmail logins from their mail host. A significant number of iTandCoffee clients have been taken in by this scam.
One of the key reasons people have fallen for this one is that the email has come from someone they know (who has previously fallen for the same scam), so looks like a trust-worthy email. They think that they have been sent a message or a document from the person, and that they are logging in to their account so that they can view what they have been sent.
As soon as they log in, they give away their email account’s password and allow the scammers to send phishing emails to all their contacts - so more people can be taken in by the same scam.
If the victim does not reset their email password very quickly, they may find themselves locked out of their own mail account!
They have also then given the scammers access to all sorts of confidential information held in their mail account, and perhaps left themselves open to further attack through online account password resets and much more.
Critically, they may have used the same password for other online accounts - so by giving away one account’s login details, they may have inadvertently given these undesirables access to so much more!
Protect yourself now - change your password/s
It is essential that, if you think you may have been the victim of such an attack, you change your email account’s password immediately. And, while you are at it, make sure you change the password on any other online account for which you have used the same email address and password combination.
When you change your email account's password, it is highly recommended that you also set up a feature called 2-step authentication (if your email host provides this).
In the remainder of this article, we will look at how to do this for your Hotmail, Live, Outlook and Bigpond accounts (for Bigpond accounts created since 2011) - or for any other account that is hosted by Microsoft. (Similar steps apply for Gmail, iCloud (Apple), Yahoo and other email accounts - the website you go to will be different though.)
To set up 2-step authentication for all accounts that are hosted by Microsoft, you need to log into your account via your web browser (which we will describe in more detail shortly).
This is also where you go to to change the password of your hotmail.com, live.com or outlook.com email address.
For email accounts that are hosted by Microsoft, but are operated by businesses or other ISP’s, you will need change your password in a different place. For example, for Bigpond mail account holders, you will need to log in to your Bigpond account via the Telstra website, and change the password there.
(Some background: hotmail.com and live.com accounts are now considered Microsoft accounts, but still have their @hotmail.com and @live.com suffixes. Other mail providers are also using Microsoft to host their mail - for example, newer @bigpond.com mail accounts are hosted by Microsoft, so webmail for these accounts is accessed using the Microsoft mail website. Telstra started hosting their new mail accounts with Microsoft after about 2011.)
Securing your Hotmail, Live, Outlook - all Microsoft mail
Visit https://login.live.com and sign in with your email address and password.
Click on your account name at the top right to see the set of options shown below, then click on Account Settings.
To change your password and/or set up two-step authentication, click on Security & password.
(Note. If you are concerned about fraudulent activity on your account, click on the Recent Activity option to see details of attempted accesses to your account.)
You will then be taken through a series of screens that help you set up the improved security on your account. There is even an app (Google Authenticator) you can install on your Smartphone or Tablet to provide a security code every time you log in.
We will not go through all the steps in this setup, as they are quite self-explanatory. (But if you do get stuck, make a time to see iTandCoffee to assist you with this setup.)
Logging into your account with 2-setup Authentication
Once you have set up 2-step Authentication, the next time you log into your account you will be asked to enter the verification code that has been provided to you.
If you chose to use the ‘Authenticator’ app on your Smartphone, your screen will look like that below. Open the Authenticator app on your Smartphone or tablet. A code will appear - enter that into the Code text box.
If you asked for authentication via SMS, you will need to check your phone and enter the code shown there.
If you have provided several options for provision of the security code, you will be able to choose which form of authentication you wish to use this time.
Defining ‘Trusted’ devices
You can specify that a particular device is a ‘trusted’ device, and that you don’t need the be asked for a security code every time that device accesses your mail account.
When you enter your the provided verification code during login, just tick the box below to say that you sign in frequently on this device.
From that point on, you will only need your password to log into your mail account from that device.
Need more information?
So, hopefully that gives you enough information to set up your improved email account security for Microsoft accounts.
iTandCoffee can provide further help for anyone who has difficulty with any of the above - call 1300 885 420 to make a time, or email email@example.com
Call 1300 885 420
iTandCoffee Pty Ltd, 34 High St Glen Iris, VIC 3146 ACN: 606 340 434
© 2012-2017 iTandCoffee Pty Ltd. All rights reserved
© 2012-2017 iTandCoffee Pty Ltd. All rights reserved