Somebody recently asked me this question. Many people have seen, every now and then, the weird emails coming from a friend or relative that could not possibly be sent by them, so I thought it’s worthwhile to make the answer broadly available:

If you want to inform someone that their email account has been hacked, it is usually wise to use an alternate mode of communication if possible (Another email address than the one being the source of suspicious emails or even a phone call). Sending an email to the email address that seems to be hacked might only worsen things if the account is actually under the control of a hacker, for it only confirms your email address is valid and makes you prone to receiving spam (your email address will be sold in the black market for a price).

If YOUR email has been hacked, the first immediate action is to change your password, preferably from a different computer than then one you normally use, just in case the cause of the email hacking is password-stealing malware implanted in your computer. The next action is then to do a thorough malware check to make sure the source of the security breach in your computer is NOT malware (weak passwords can be guessed without needing password-stealing malware to perpetrate, plus in rare cases passwords are stolen from the computers running the email service on the Internet – the servers), or get rid of any malware if there is any.

There is a possibility that your hacked email account has had its password changed to lock you out. To regain control of your email account you might need to reset the password. Most email services provide methods of doing that. Security questions that only you know the answer to, a cell phone number a new password can be sent to as a text message, a secondary email to send a new password to, all these must be pre-set for this kind of eventuality. So a good preventive measure is to make sure these reset password mechanisms are in place for your email address.

A summary of recent and upcoming updates you should know about:

Windows Updates: Microsoft has published a Security Bulletin Advance Notification indicating that its May release will contain seven bulletins (updates). These bulletins will have the severity ratings of critical and important.  The release of these bulletins is scheduled for Tuesday, May 8, 2012.

Google Chrome web browser: Google has released Chrome 18.0.1025.168 for Linux, Macintosh, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. It also contains an automatic update for Adobe Flash (covered next). To check what version of Chrome you have and to update as needed, click on the wrench symbol on the upper right corner of a Chrome window, and then select About Google Chrome.

Adobe Flash: Adobe released a Security Advisory for Adobe Flash Player a couple of days ago to address a vulnerability affecting the following software versions:

• Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh, and Linux operating systems
• Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x
• Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x

This vulnerability may allow an attacker to take control of the affected system. There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. To check what version of Flash you have installed in your computer, click here.

 Keeping your computer(s) up-to-date with the latest patches from the various software vendors is one of the key steps to fend off malicious cyber-attacks.