I have previously stated the importance of keeping your email address safe from being hacked by turning on the 2-step verification on your Gmail account. Although this prevents unauthorized user from logging in to your web-based Gmail or changing the password, they can still login to check your emails using the application-specific password that can be easily harvested from your computer.
For example, if you use an email client software such as Microsoft Outlook to check your Gmail, then you must create and use an application specific password because Outlook does not support the 2-step verification. Some software such as KeyFinder Thing or Multi Password Recovery (MPR) can easily scan your computer and decrypt the password, allowing the hacker to access your Gmail using POP. Once they have access to your Gmail, they can now perform password recovery to reset the password on services that is signed up on your Gmail account.
I recently found out that someone from Korea has successfully logged in to my FastMail account which the IP address which doesn’t seem to be an open proxy based on Geobytes IP Address Locator. I instantly changed my FastMail password. I requested FastMail to provide more detailed information on that specific activity like what mails are being downloaded, but they were unable to provide.
It is important to periodically check your email account activity to identify if there is any unknown IP address that has logged in to your email. Unfortunately this feature is only found on some email providers via web interface. I have checked a few email providers and found that Gmail, FastMail, Yahoo Mail and Hushmail allows you to see the recent sign in activity while Hotmail, AOL Mail, GMX and Mail.com doesn’t have such feature. Here is how you can view who logged in to your email.
After logging in to your Gmail, it shows the last account activity at the bottom right and you can click on the Details link which will open a new window showing you last 10 login activities. The activity information window contains the access type, IP address and location, and the date & time.
What I like about FastMail is the support for YubiKey. After logging in to FastMail, at the top of the screen will show the date and time of your last successful web login. To view more detailed information of login attempts for the past 2 weeks, click on Options and then followed by Login Log. You get to see the login status such as failed or success to know if someone is brute forcing in your Fastmail account, service, IP, country, date and time.
Yahoo Mail allows you to view your recent sign-in activity but this option is hidden in your account information page. After logging in to your Yahoo Mail, click on your name that is displayed at the top left that says “Hi, YourName”. Select Account Info from the menu and type in your Yahoo Mail password. Finally click on the View your recent sign-in activity from the Sign-In and Security. You get to see the date and time, access type, event, location and IP address of every sign in attempts to your Yahoo account, not limited to only Yahoo Mail.
Hushmail is one of my favorite email account because of the ability to remove the sender’s IP address from the email headers. After logging in to your Hushmail, at the bottom of the page will show the date and country of your last signed in. You can click on the “See other recent activity” link to view the date, time, IP, and country of the last few login activity. Do take note that the report does not include IMAP/POP activities.
Although the popular Hotmail does not offer the user to check who logged in to their email address, but there is a possible way through the help of a moderator in Microsoft Answers forum. Before you can request for the access logs, you will need to go through the password recovery option to verify that you are the owner of the Hotmail account. Once you’ve successfully gone through the password recovery, you will need to create a new thread in Microsoft Answers forum requesting the access logs. A forum moderator will reply your post via private message requesting the email address that you’d like to obtain the logs and will send it to you. I’ve personally tested this but did not receive a reply after nearly a week. The detailed steps can be found in Microsoft Answers written by a forum moderator which is worth a try.
For email accounts that do not allow you to view who access or logged in to your email, you can consider creating a baited email message where you will receive an instant notification when an unauthorized user opens the message from your inbox.