Recently, one of my old friend needed to “borrow” my email account to send an email because he claims that he only has company email which he checks with Microsoft Outlook from his laptop. I wonder who doesn’t have a webmail account nowadays? Even my 62 years old mother has a GMail! Since we’re old friends, I didn’t want to hurt our friendship, I stupidly gave him my email login information for him to send the email. Immediately after he finished send the email, I immediately changed my password. After this incident, I thought to myself, I should have asked him to spend 5 minutes to sign up for a new account instead of me giving my password to him. Yeah, it was a bad move…
Even after changing my password, I still felt unsafe, thinking that he might have some way to check my email. The best way to know if someone has accessed your email is “IF” there is a last login information displayed. Unfortunately, Hotmail/Gmail/Yahoo doesn’t have this feature.
Many years ago, you cannot set an email “unread” if you’ve already read it. The only way is to delete it after reading to avoid being detected. Now, all webmails has this feature and the email snooper can read all your emails and then set it back to unread. The best way I can think of is to set a trap in my inbox so I can get notified when there’s an unauthorized login.
This concept is not something new but it works. The plan is to send yourself an email containing a HTML file which claims to be a password file. When the unauthorized user logged in to your email, he/she would definitely want to open the password file. Once the email snooper opens the HTML, you will be notified.
The original way suggested by Erik Larkin from PC World magazine is to use OneStatFree to track the hit when the hacker opens the HTML file. Problem with this method is you need to login to OneStatFree to know if someone has logged in to your email and open the attached HTML file. I’d like to improve this by automatically send a notification to your other email address when someone opens the HTML file.
Here’s how to do it.
1. Sign up for a free OneStatFree account. Accept Terms and Conditions. It’s not necessary to enter your real information in the registration form.
2. After signup, you’ll receive an email from signupfree@onestat.com which contains a text attachment OneStatScript.txt. Save it to your computer.
3. Now go to LinkBlip, a website that provides email notification when someone opens a link that you created from LinkBlip. Enter your OTHER email address, anything on the URL (you can use google.com) and hit the “Ok, Send me an email when someone visits the above URL” button. Now you’ll get a link something like this (http://lburl.com/xxxxx) from LinkBlip.
4. Open OneStatScript.txt and add this code at the first line above the OneStat code. Replace the xxxxx with the one that you got from LinkBlip in step 3.
5. Save the .txt file with a name that will catch an email snooper’s eye, like “BankPasswords”, or PasswordList and make it an .html file so it opens automatically in a web browser.
6. Send the file as an e-mail attachment to the Web mail account that you want to monitor. Use a similarly baited subject line, like “Account log-ins” for the message. Just be sure not to open the file when you send it — you don’t want to set off your own alarm.
When an unauthorized user opens the HTML file, you’ll get an email notification that looks like this. LinkBlip is able to tell you when the link was clicked and from which location.
You can then log in to your OneStat account to double confirm whether someone DID open the HTML trap file. OneStat gives you better information such as IP Address, Country, Referrer, Date & Time, and Organisation.
Here’s a VERY important information. I tested LinkBlip and it seems that it can only send the email once. I tried to visit the same link again for a few times but it won’t send a new email. I then created a new LinkBlip link, and it was able to send the email but also only once. Maybe Linkblip link on works once. To be on a safe side, make sure you’re using a NEW linkblip link that hasn’t been visited/used before.
Thanks to Eric Larkin from PC World for his original idea! Now we can know whether our email has been compromised or not.
[ Visit LinkBlip | OneStat ]
Related posts: