My Email Got Hacked - Now What Do I Do?

Andrew Sanders Andrew Sanders Writer

The thought of having one’s email hacked is devastating. I personally know that if I lost access to my email, I’d immediately lose a lifeline to some of my closest friends and business associates. What’s more, my email address serves as the hub that connects me to my bank, my social media accounts, my e-commerce accounts, and more.

Anyone who gains access to my email address would very easily be able to access these connected accounts as well.

In short, if my email address gets hacked, I’m going to have a very bad day. What precautions should you take?

For most people, their email address has become about as central to their lives as their home address. Research from 2015 shows that the average American has 90 accounts associated with their email address. That means that every attacker who breaches your email account has around 90 opportunities to mine data about your personal life, steal your money, and cause havoc.

What should you do when this happens, and how should you protect against it?

What does “hacked” mean anyway?

People often use three scenarios to describe their email being hacked. Fortunately, these things have differing levels of severity. People may say that their email is hacked if:

  • People are receiving phishing emails from you that you didn’t send
    Every so often, people might tell you that they’re receiving phishing emails that appear to be from your address. This may be a sign that your account has been taken over – especially if you check your sent items and see phishing emails there. More likely, however, you’re the victim of “email spoofing.” This is when an attacker sends emails that appear to be from your account in order to fool your trusted contacts. Although this should be dealt with by warning your friends, it doesn’t mean that an attacker has stolen your password.
  • Their email address has been released as part of a data breach
    In January 2019, approximately 773 million email addresses were leaked as part of what’s now known as the Collection #1 data breach. If your email address is part of a data breach, that means that one of the services you subscribe to was hacked – but it doesn’t necessarily mean that hackers have access to your email account. You should probably change your password as a preventative measure, however. Meanwhile, you can check here to see if your email address has ever been part of a data breach.
  • You are being prevented from logging into your email account
    If you wake up one morning and find that you can’t login to your email account, people you know are getting suspicious messages, and that there’s strange activity on your social media profiles, then it’s likely your account has been compromised. You can still get it back, however, if you can follow the steps below.

Steps to recover a compromised email account

Step 1. Immediately Reset Your Password
Most popular email services such as gmail will prompt you to set up a password recovery method. This usually involves a secondary email address or your phone number. Your provider will email a password recovery link to your secondary account or text it to your phone and you’ll be able to recover from there.

If you don’t have a secondary email set up, or if an attacker is preventing your from re-authenticating your account (for example, by changing your phone number to that an account recovery text can no longer be sent to your device), there are still a few options. Gmail, for example, has a dedicated account recovery page that will let you recover your account by verifying your personal details.

Step 2. Warn your contacts

Attackers will commonly use compromised email addresses to send phishing emails to their contacts. Make sure your friends don’t get hacked by sending them a quick warning.

Step 3. Check your settings

Even if you’ve regained control over your account, your attacker can leave the equivalent of a time bomb by changing you email settings. This involves changing your settings so that a copy of every email you send or receive is forwarded to a secondary account controlled by the attacker without your knowledge. They can also add spam links to your signature or even change the email address that your contacts are supposed to reply to.

Step 4. Get an antivirus program

Attackers have different ways of stealing an email address. Some might simply have guessed your password. Others might have infected your computer with malware designed to steal your password instead. Whatever the case may be, it’s still a great idea to make sure your computer is protected after your email account is hacked – all the better to prevent it from happening again. If you’re interested in learning more about how to protect your computer, look at our list of Top 10 Antivirus Programs.

About the Author

About the Author

Andrew is a former writer for SafetyDetectives. He specializes in technology, information security, telecommunications, and more.