Security Check-up for Verizon and AOL email users
Verizon and AOL email users should do this security checkup, especially those who might have been hacked. Windows and Mac users should all check and are equally vulnerable to this type of scam.
Verizon email is hosted by AOL. If you have a Verizon or AOL email address, please check that you have Two-step Verification turned on. This will make your email account much safer.
- Sign into your email on the web at http://mail.aol.com.
- (If a text or phone call to you is required here, then you already have Two-step verification turned on)
- In the top-right corner, click Options, Account info. Since you are entering a secure area, enter your email address and password again if asked.
- In the left margin, click "Account Security".
- Under "Two-step verification", "Phone Number", the "switch" should be blue and switched to the right. If it is grey and switched to the left, click it once to turn it on. You will be asked for your phone number. Choose between SMS text or phone call. Enter the code that you received. If you don't have a mobile phone, use your home number and choose the calling method.
(The Security Key section is for a physical USB device that can be plugged into your computer. You can buy a FIDO U2F compatible security key for $25-$50 on Amazon. We are not addressing that here.)
Now that you have turned on Two-step Verification, take the time to review these other important settings on this page:
- Password. If you are using an old password that you've used for years, you should change it. The reason is that people's passwords, acquired from hacking various websites, are bought and sold on the black market. Your old password might have been compromised this way. Choose a password you've never used before. Do not re-use your email password on other websites.
- Phone numbers. Review the numbers listed. They should belong to you or a close friend or relative - you should certainly recognize them all. Scammers have been known to enter their own number here so they can get back into your email account. If you see "+ 1 more" on the page, you must click on this section to see all the numbers. Only mobile phone numbers can be used here, not land-lines. Remove numbers you don't recognize, and add at least one of your phone numbers if needed.
- Review the email addresses listed. The reason is the same as above. Emails addresses should belong to you or a close friend or relative. If you see "+ 1 more" on the page, you must click on this section to see all the email addresses. Scammers have been known to enter their own address here so they can get back into your email account. Remove email addresses you don't recognize, and add at least one alternative email address that is yours or a friend's.
- "Generate app passwords" section. If you see this, you have no "app-specific" passwords set.
- "Manage app passwords" section. If you see this, you have at least one app-specific password set. Hopefully it was set by you, or someone you trust. Perhaps you needed it so that your older email program would work. For example, if you have an older version of Outlook, Apple Mail, or Thunderbird, or an old cell smart phone. Each app-password is given a name which hopefully describes why it was generated, for example: "Outlook Desktop" or "Apple Mail". Click on "Manage app passwords". If you see a random name for a description, or if it was created recently, that's suspicious. On this page you can click the trash icon next to each password to delete it. Delete any that look suspicious - it might have been put there by a hacker.
- Review the Recent Activity tab (On the left of the page). If you see anything suspicious, change your password if you haven't already.
- Close this page to go back to your email Inbox in webmail, at aol.com. In the top-right corner, go to Options, Mail settings. In the General tab, check the "Forward To" setting to make sure that your email isn't being forwarded to a hacker (AOL addresses do not have this setting). If you changed anything on this page, be sure to click "Save Settings" button at the bottom of the page.
- In the left margin, click "Block Senders" and review to make sure you haven't blocked your best friend that you haven't heard from in months (!).
- In the left margin, click "Filter Settings" to see if a hacker has set any filters. If there are none, you'll see "You have not created any filters". Hackers sometimes create filters to hide email from you, such as error mail messages, or messages from particular people, by sending them to the Trash, Junk, or another folder. Delete any filters you didn't create by clicking on the "X" in the middle of the filter.
Thank you to Michael Casson of Computeroo for creating this document.
Northwest Neighbors Village, P.O. Box 39135 Washington, DC 20016
(202) 935-6060 - email@example.com