What to do after your email account is compromised

Change any password that is the same as your email: First off, if any of your passwords are the same between email and banking, or email and Facebook, or Facebook and banking, you get the picture: change them imediately. You may have regained your email account and changed its password, but it is an unwritten assumption that people use the same passwords between accounts. This is partially how Mat Honan lost everything to hackers, and how my former client Gawker Media was split wide open. This is the first thing you do after getting your email back.

My Experience and Assumption About Most Email Hacks: They are muggings more than burglaries: one and done. Email hackers want to get in, send out a link, and get money sent to them through a single way they know how to get money—in this case, an email address that probably hooked up to a wire/cell transfer service. In other hacks, it's an eBay purchase to a drop site from which they can pick up.

They are not, generally, genius social engineers looking to re-mortgage your house, clone your identity, or open a line of credit on your name. Just look at the text in their spam-bait email. They are going to do what they did to your sister to 26 other people this week, and the money they get is quick, hard to trace. They do not have time to play Sneakers with someone whose resources they do not know. Those people are the ones going through your trash (I kid! Perhaps!).

You will not track down who did it: They will have moved to another IP address, another VPN network, a different internet café. Nigerian scammers are so prevalent because it is really hard to track down scammers in Nigeria. If you have incurred theft or definitive loss of data, you can and should file a report with your local police, if for no other reason than proof for insurance and future banking needs. But your energy is better spent on cleaning up. Speaking of which!

Write a very short, to-the-point clean-up letter to your contacts: "This account was compromised. Please disregard and delete any messages that encouraged you to (click a link/send money). My apologies for any inconvenience." You don't want to spend time telling everybody that you are fine now, and they do not have a lot of time to read about an email drama. Carry on.