Clean out your contacts, put everyone in BCC field: Make sure you don't end up emailing old bosses, roommates, and Craigslist correspondents next time this happens (if it happens). In worst-case thinking, too, if a hacker inserted a name or address in your contacts so that email would make it through spam and priority filters, you don't want them in there. Plus, are you not overdue to clean out those old never-seen-anymore names?
Most of all, put all the recipients in the BCC field. You do not want to start a reply-all spam chain. You do not want your Aunt Gertrude to discover you have emailed Cousin Maude even once, because they loathe each other and will bring it up the next time they see you.
Search for and delete passwords, social security numbers, account numbers, etc. from your email archives: Run your numbers and major passwords and license number and anything else personally identifiable and important through your entire email archives. This way, you know what details an email hacker might have had access to, and you can be relieved to learn what was not in there.
I just checked myself. I am a freelance writer who sends out invoices—oh, sweet providence, my SS# and bank account #s are in tons of emails. Time to start deleting!
Contact your banks, credit cards, and change your online banking passwords: Just in case, contact your money-holding and credit-granting entities and let them know they should keep an extra-focused fraud watch on your accounts for the next few weeks or months. Most importantly: get a number for the issue, and get the name of the person you talked to.
Some banks and cards can actually elevate their fraud detection, which is nice. With the others, you will at least have a record of notification, in case anything goes wrong later on. In any case, watch your statements carefully for the time being.
Securing after the fact: You have a mobile phone of some kind, right? Even if you have a regular ol' cellphone and despise the attention-destroying trend of smartphones, turn on two-factor authentication for your Google account.
This sounds really nerdy, but basically, it tells Google that “Anyone who tries to log into my Google/Gmail account needs to also be able to turn on my phone and run this app” (or receive this text message, in the case of vanilla phones). It‘s a bit annoying when you first log into your home computer, your iPad, and your work computer and have to pull your phone to type in a 6-digit code, after you have already entered your password. But! You can set your own computers to not bug you for the code again for 30 days (or sometimes longer), give yourself backup codes if you don’t have your phone handy.
Follow Kevin Purdy on Google+
