Microsoft revealed that a hacking attack on their Outlook email service through a customer support agent has taken place. This attack affected not just users of Outlook, but also other services such as MSN and Hotmail. The hackers gained login information, which allowed private emails to be read openly.
TechCrunch was the first to identify the security breach. They had determined that the hackers could potentially reach into an Outlook user’s email accounts and read data such as the email subject line, contacts’ email addresses, folder labels, and the actual content of the emails.
Microsoft initially released a statement that claimed there were no stolen login credentials. They further announced that the hackers were unable to access the email contents. However, the news website, Motherboard, released another report. They warned users that hackers were indeed able to read Hotmail, MSN and Outlook accounts thoroughly through exploiting Microsoft Support. That prompted Microsoft to issue another statement.
The follow-up said that the attack affected only a small group of users, estimated to be around 6%. Microsoft reassured Enterprise account holders that the attacks were not able to reach them. They also reported that the hackers were able to exploit this vulnerability from January 1 up to March 28 of 2019.
Although Microsoft has reminded its users to be wary of phishing messages and suggested changing their passwords, it is best to take your security into your own hands and employ other measures to further secure your email.
Here are five reliable security tips that you can use to secure your Microsoft Outlook account.
Set up a unique password
Having a straightforward and easy-to-remember password may be more convenient, but it also makes it easy for hackers to deduce your login credentials. Obvious passwords that are a derivation of your personal and public information, such as your birthday or family name, are bad ideas as well. To create a much stronger password, it should be more than ten characters, contain both upper and lower case characters, and include numbers and symbols.
Be sure to make it unique, too. That means you should avoid having just one strong password for multiple accounts. It is best to have different ones for various applications.
When changing passwords, do not use the same pattern. If you replace a single character of the same old login, then it will be another easy guess for hackers.
Set up Outlook’s two-step verification
Microsoft Outlook offers an additional layer of security with its two-step verification. When this feature is enabled, it asks for a security code whenever there is an unusual login attempt coming from an unrecognized device.
The security code is sent to the user’s registered phone number or Microsoft’s authenticator app if one is installed. In the event that someone could somehow get hold of your password, then they would still need the security code that gets sent to your phone in order to login. Additionally, if you see a security code sent to your phone, and you didn’t request it, that let’s you know someone is trying to get into your account.
To enable your two-step verification, go to your Microsoft account page, click on Security, then, on the following screen, click on the More Security Options. From there, you can turn the feature on and choose where you wish to receive the security code: in the app, to an alternative email, or at your phone number.
Never share your password and beware of phishing scams
Only you should know your password. When you need to give a trusted friend or family member access to an account for a one-time situation, be sure to change your password right after.
Also, never give your password to someone who calls or emails you asking for it, even if they say they work for Microsoft. These impersonators — who do not work for Microsoft — are employing a fishing scam in order to hack your account. A phishing scam is when someone misrepresents themselves or poses as someone from your official service provider in order to obtain your credentials. They will try to get information from you and even try to trick you into giving your password. In almost all cases, login details are never asked for by your service provider.
Consider using other options when logging in to Windows
It may be convenient to open your computer and log into Windows using the same password as your Outlook account, but doing so means exposing the even more sensitive files and applications on your computer to a hacker who obtains your email credentials. Consider using an alternative login method that goes beyond the password.
In Windows, go to Settings, then click on Accounts and tap on Sign-in Options. Depending on your device, the options you have include using a PIN, a picture password, your fingerprint, or face recognition.
Make sure your recovery details are up-to-date and review recent activity
Did you change your number? Or do you have a new alternate email? Go to the Microsoft Accounts page and click on Security. Then, click on the Update Info button. From there, you can check your details, add security information, or change alert options. Remember, the contact info you have listed here is what you will need when you have to verify that you are the real owner of your account when trying to login.
When you are in the Security Basics page, head to the Review Activity option. This tool acts as a history for your Outlook login activity. Here, you can verify that all login times and locations are correct, and there are no suspicious access attempts.
These tips listed above will help you increase the security of your Outlook email. Always be in control of your details and employ more than one layer of protection for your account.