Recently, one of my old friend needed to “borrow” my email account to send an email because he claims that he only has company email which he checks with Microsoft Outlook from his laptop. I wonder who doesn’t have a webmail account nowadays? Even my 62 years old mother has a GMail! Since we’re old friends, I didn’t want to hurt our friendship so I hesitantly gave him my email login information for him to send the email. After he finished sending the email, I immediately changed my password to avoid him logging in to my email in future without my knowledge and permission. Later I thought to myself that I could have either asked him to spend 5 minutes in signing up for a new email account or wait for me to set a generic password for my email before telling him my password. Even after changing my password, I still felt that my email is unsafe.
Fortunately in Gmail, we are able to check the last account activity that is located at the bottom right of the screen. Clicking the Details link will show us the 10 last login activities containing the IP address, country, access type and the exact date and time. Gmail is also smart enough to inform you of any suspicious login by only displaying the email alert to you and not the to the suspicious user. What if the person is located at the same city or country as you? Gmail may not even detect any suspicious login plus the unauthorized user can mark the email as unread after reading it and you wouldn’t even notice if your emails has been read or not.
One way that I can think of on how to get notified when an unauthorized user logs in to my email is to set a trap. This concept is not something new but it works. The plan is to send yourself an email containing a piece of code that will track if it has been opened and then notifies the owner at another email address.
Here’s how to do it.
1. Sign up for a free account at WhoReadMe and activate the account by clicking on the verification link from your email.
2. Login to WhoReadMe if you are not automatically logged in after activation, then go to Account tab. At the Settings tab, you can configure how you would like to receive the notification when the email has been opened. If you use Twitter, enter your Twitter username and click the Follow @whoreadme button. It also supports Boxcar where notification can be sent to your iOS devices such as iPhone and iPad. Keep both of the primary email address and originating email address checked.
3. Now if you’ve signed up WhoReadMe using the email address that you want to track, it doesn’t make sense to be sending the notification to the same email where the unauthorized user has access to as this will only trigger his attention. What you can do is add another email from the Email Addresses tab and activate it like what you did in step 2. Once the email has been activated, click the Make Primary link for the new email address from the Email Addresses tab.
4. Click on the Compose button to send a baited message to the email address that you want to monitor for unauthorized user access. You should use subject like “My List of Password” or “Bank Password” which will instantly attract the user to open it when they log in to your email. As for the message, you can simply enter any dummy login information.
5. Click the Send button.
6. When someone logs in to your email and open the specially crafted email, you will instantly receive a notification. This is when you should immediately change all your password because someone probably has access to all of your accounts.
What WhoReadMe does is it embeds an invisible tracking image to the email and when it is opened, WhoReadMe will instantly know that the email has been read and followed by sending a notification according to your settings. Do take note that WhoReadMe will not send the notification if the IP address that was used to send the email and also to open the email is the same. To test if you will receive the notification, you will need to use a different IP address when opening the email that is sent by WhoReadMe.
Hotmail works fine but the problem with Gmail is by default it doesn’t automatically load images that is in the email. You will need to allow Gmail to automatically display images by logging in to your Gmail, open the email message and click the link that says “Always display images from email@example.com”.
Delete off the email and resend another baited email from WhoReadMe. The next time when someone opens the email that is sent by WhoReadMe, the tracking image will automatically load and instantly notifies the owner.
You should also make sure that the email is sitting in your inbox and not the junk or spam folder. If it’s in junk/spam folder, simply mark the baited email as “Not Spam”. Another important tip is to make the baited email message more visible. For Hotmail, make sure you click the flag icon to keep the message at the top of your inbox for highest visibility. As for Gmail, you can add a star by clicking on the Star icon and also the important icon to make the message stand out even more.