What to do if email is hacked
Skip to main content Skip to main menu Skip to footer

What to do if email is hacked

What to do if email is hacked

Decrease Text Size Increase Text Size

Page Article

You might have been hacked if:

  • Friends and family are getting emails or messages you didn’t send.  If people report receiving odd emails from you, your email account may be compromised.  
  • Your Sent messages folder has messages you didn’t send, or it has been emptied.  Email hackers know to delete emails after they’ve sent them, you may not always notice this red flag.
  • Your social media accounts have posts you didn’t make.  A hacker could use your email to access your social media accounts.
  • You can’t log into your email account. After obtaining control, email hackers may change your email password to prevent you from getting back in. Make sure that you’re entering your password correctly — but if your password doesn’t work anymore, you may have a compromised email account.
  • Your account settings have been changed. Critical account settings, such as your recovery email and phone number or 2FA options, shouldn’t be changed by anyone but you. If you notice these are different, you could have a hacked email.
  • You’ve received password change requests or confirmations. Hackers can go around to popular banks, social media platforms, online shopping, and other sites and test your email address there. Unrequested password change emails can indicate that someone is trying to figure out which sites you use, then get control of your accounts.
  • You notice logins from unfamiliar IP addresses and locations. Your email provider should let you view the login history for your account. You’ll see the IP addresses used to access your account along with the location, and in some cases, the browser and device type. Unrecognized IP addresses may belong to an email hacker.

What a hacker can do with your email account:

  • Search the dark web.  Hackers can use your email to identify and purchase relevant leaked and stolen personal information about you.  This includes phone numbers, addresses, SSNs, login credentials, accounts, credit card numbers, etc.
  • Send phishing emails to your contact list.  Hackers with access to your email also have access to your contact list.  That means everyone you know or have ever emailed could suddenly be the target of a phishing scam or other types of social engineering attacks. And because the hacker is using your email, your family, friends, and other contacts are more likely to open them and even click links. 
  • Hackers can gain access to your other accounts (like social media, bank, etc.).  If you don’t have other cybersecurity measures in place, this now means that a hacker has access to any account with a stored password. For example, your social networking accounts and banking information. 
  • Hackers can steal your identity and lock you out of your accounts.  Access to your email can often be enough for hackers to commit all different types of identity theft fraud. A cybercriminal could root through everything you’ve ever saved on your devices and in the cloud. Your email folders can contain tax information, government benefits that include your Social Security number, medical records, pay stubs, tax forms, vacation rental deposits, receipts, DocuSign requests, online banking information, federal taxes, medical bills, online purchases, etc.
  • Reset and redirect your existing accounts.  Since your email is like your online ID, if we forget a password or need to reset an online account, those messages get sent to your email. 
  • Create new fraudulent accounts.  Scammers can use your email to sign you up for almost anything. 
  • Create phishing posts on your social networking accounts.  A hacker could use your email to access your social media accounts.
  • Hackers can blackmail you with sensitive photos and information.  Many of us use our emails as file storage or have sensitive information we wouldn’t want to be leaked. If a hacker gets access to your email, they can find all these files and use them to extort you for money or access to other accounts

What to do if the email is hacked:

  • Update your system and delete any malware.  The first thing you should do if your account gets hacked is to run an end-to-end antivirus scan. This means skipping the "quick scan" setting in favor of a deep scan to identify and eliminate not only all forms of malware (including Trojans and spyware to keyloggers that could be tracking your keystrokes even after the hack has been identified) and potentially unwanted applications.  It's important to make sure you're clean before you change any of your other sensitive information to avoid restarting the cycle.  Also, set your security software, internet browser, and operating system to update automatically.  Click here for a list of free online security scanning software.
  • Review Social Media Accounts.  Look for changes to your social networking sites, and look for changes to the account since you last logged in.  Look at your personal details, review any third-party apps connected to your account, and check your security questions and answers and your backup email addresses and/or phone numbers. If you think your hacker had a chance to scan your security questions and backup accounts, try to change these on the compromised account and on any other account that relies on the same information. This will prevent the bad actor from using your personal details to breach other accounts in the future.
  • Change Your Passwords.  Once your computer is free of malware, it's time to change your password. If you've lost access to your account, you may need to contact the email provider directly, prove who you are, and ask for a password reset. Choose a new password that is very different from your old one and make sure it doesn't contain strings of repeated characters or numbers. Your password should be unique for each account, complex (i.e., a mix of letters, numbers, and special characters) and at least 15 characters long.  Learn more about passwords here.
  • Contact Other Online Services.  It's critical to change your passwords with other payment-based accounts such as Amazon, Netflix, LinkedIn, credit card companies, etc. Make sure you use different passwords for every online account.
  • Notify People You Know.  Tell your friends, family, and anyone else on your email contact list that they might have gotten a malicious link. During the period when attackers had control of your account, they could have sent dozens or even hundreds of fraudulent emails to everyone you know, in turn giving them access to a new set of victims. 
  • Change Your Security Questions.  While your password was the most likely attack route, it's also possible that hackers broke into your account after answering your security questions. Many users choose the same answer to common security questions.  In order to further protect your email, be sure to employ the multi-factor authentication that many providers allow gaining access to your password, including using secondary email addresses or text messages, since security questions alone are not enough.
  • Report the Hack.  If you haven't already, contact your email provider and report the hack. This is important even if your hacked email didn't cause you to lose access since it helps providers track scam-based behavior. In addition, your email provider may be able to offer details about the origin or nature of the attack.
  • Contact Credit Agencies.  Contact the three credit reporting agencies TransUnion, Experian, and Equifax to monitor your accounts in the months after you've been hacked.  Click here to contact credit report agencies.
  • Consider Your ID Protection Options.  If you've been hacked, another idea worth considering is an ID protection service. These services typically offer real-time email and online retail account monitoring, in addition to credit score reporting, and personal assistance in the event of identity theft. Your financial institution will offer this program for a small monthly fee.
  • Review All Email Accounts.  If the breach affected a service that includes email, such as your Google account, check the email account for sent messages or for new filters. For example, clever hackers can set up filters that forward all incoming mail to an address you don't recognize. Delete such filters to prevent people from worming their way back into your account in the future. This is particularly important because you can reset many other accounts' passwords, and receive notifications about suspicious activity, over email. You don't want an eavesdropper to nab those recovery messages.  Also, check that your email signature and "away" message don’t contain unfamiliar links or forwards. 
  • Create a New Email Account.  Sometimes it's not worth picking up where you left off. If this isn't the first time hacked email has been a problem, or if your provider doesn't seem to be taking steps to mitigate the amount of spam you receive, it may be time for a switch. Look for a service that offers default encryption of your emails and solid customer service in the event of an issue.



Page Footer has no content