My email has been hacked! What should I do next?

If you find that your email has been hacked, your immediate reaction is probably wondering what you should next.

The answer: take a deep breath and jump into action. Five steps can help you prevent or minimize any damage done by a compromised account.

So why do hackers go after email accounts? The fact is, that email account of yours is a treasure trove. There’s a good chance it contains years of correspondence with friends and family. Not to mention yet more emails from banks, online retailers, doctors, contractors, business contacts, and more. In all, your email packs a high volume of personal info in one place, which makes your email account a top prize for hackers.

Let’s look at the signs of a hacked email account, along with some things you can do to keep it from getting hacked in the first place.

Signs your email account is hacked

You can’t log into your email account

This one speaks for itself. You go to check your email and find that your username and password combination has been rejected. You try again, knowing you’re using the right password, and still no luck. There’s a chance that a hacker has gotten hold of your password, logged in, and then changed the password — thus locking you out and giving them control of your account.

One of your contacts asks, “Did this email really come from you?” 

Hackers often compromise email accounts to spread malware on a large scale. By blasting emails to everyone on your hacked contact list, they can shoot bogus, malware-riddled emails to dozens, even hundreds, of others. And no doubt about it, some of those emails can look a little odd. They don’t sound or read at all like the person they’re trying to impersonate — you — to the extent that some of your contacts might ask if this email really came from you.

On the flip side, this is a good reason to never open attachments you weren’t expecting. Likewise, if you get a somewhat strange email from a friend or business contact, let them know. You might offer the first sight that their email has been compromised.

What should I do if my email is hacked? And to prevent it from happening again

1) Use your email provider’s recovery service

Many email providers have web pages dedicated to recovering your account in the event of a lost or stolen password. (For example, Google provides this page for users of Gmail and their other services.) This is a good reason to keep your security questions and alternate contact info current with your provider, as this is the primary way to regain control of your account.

2) Change your password

If you can, change the password for your email account. Make it a strong, unique password — don’t reuse a password from another account. Next, update the passwords for other accounts if you use the same or similar passwords for them. (Hackers count on people using simpler and less unique passwords across their accounts — and on people reusing passwords in general.) A password manager that’s included with comprehensive online protection software can do that work for you.

3) Set two-factor authentication

Several email services support two-factor authentication, which requires a PIN in addition to a username and password to log in. If your service offers it, use it. This provides one of the strongest defenses against a hacked email account — and online accounts in general.

4) Check your other accounts

Sometimes one bad hack leads to another. If someone has access to your email and all the messages in it, they might have what they need to conduct further attacks. Look at your other accounts across banking, finances, social media, and other services you use and keep an eye out for any unusual activity. And if these accounts offer two-factor authentication, use it on them as well.

5) Reach out to your email contacts

A big part of the hacker’s strategy is to get their hooks into your address book and spread malware to others. As quickly as you can, send a message to all your email contacts and let them know that your email has been compromised. And if you’ve done so, let them know that you’ve reset your password so that your account is secure again. Likewise, alert them that they shouldn’t open any emails or attachments from you that were sent during the time your account was compromised.

The bigger picture: Keep tabs on your identity

More broadly speaking, your email account is one of the several pieces that make up the big picture of your online identity. Other important pieces include your online banking accounts, online shopping accounts, and so on. No question about it, these are things you want to keep tabs on.

With that, check your credit report for any signs of strange activity. Your credit report is a powerful tool for spotting identity theft. And in many cases, it’s free to do so. In the U.S., you can check yours weekly at AnnualCreditReport.com. Canada provides this service as well, in addition to several other nations as well. It’s a great idea to check your credit report, even if you don’t suspect a problem. Moreover, you can check yours any time you like as part of our credit monitoring service.

Beyond keeping tabs on your identity, you can protect it as well. Online identity protection such as ours can provide around-the-clock monitoring of your email addresses and bank accounts. Additionally, our Identity Theft Coverage & Restoration service offers up to $2 million in ID theft insurance in the event your identity gets compromised. Additionally, it can put an identity recovery pro on the case if you need assistance in the wake of an attack or breach. Taking a step like this can help keep your email account safer from attacks — along with your other accounts.

Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.

FacebookTwitterInstagramLinkedINYouTubeRSS

More from Internet Security

Back to top