Skip to main content

· credit, investment, savings, security

What to Do If Your Personal Email Account Is Hacked

If in your personal email inbox, your friends or businesses report that they are seeing messages from you that look odd, or your Sent messages folder has messages you don't remember sending, or you get a security message from your email provider saying that someone in a country you've never visited has just accessed your account, or that someone accessed your account during a time when you weren't using it, or if you are locked out of your account, then...

Your Email May Have Just Been Hacked

It can be enormously harmful if your email is hacked, potentially exposing personal information of many kinds, including sensitive financial, legal, and medical activity. It could also open your personal and business contacts to phishing or other types of online or mobile attacks. You need to act quickly to try to regain control of your account.

So, What Do I Do Now?

If you think your email account has been hacked, here are some actions that may allow you to take back control of your account and to try to prevent any more unauthorized access:

First, change your password and make it much stronger. If you can access your account, immediately change the password to something stronger than what you were using before. You should also consider changing the password of any accounts that may have been exposed by your email account breach. It’s possible the hacker has locked you out of your account; if that happened then account recovery becomes more challenging and time consuming. Start by contacting your email service provider to explain what happened; it's likely you'll need to prove your identity before they will be able to help you regain your account.

Next, carefully review your email account settings, including any security questions. If you've changed your password, next review all your account settings thoroughly and try to determine if any of the account settings have changed since the last time you looked at them. Especially check to see if you have any messages that are set to automatically forward to another address, since hackers may have changed that setting to get copies of your emails. If your account uses security questions to verify that you are you, then update those questions with harder questions. Also check your email signature for any changes to names, addresses, emails, or links.

Send an alert message to your personal and business contacts telling them that your email has been hacked and to be very careful of any suspicious messages that came from you. Strongly warn them not to open these messages or click any links in them. If you can, specify the time period when your account was hijacked so they have a better idea of which messages are suspect. Also let them know if—or when—you believe that you will be able to resolve the issue.Update your contacts when you believe your account is fully back in your control.

Update your antivirus and antimalware programs and run a full system scan using the most aggressive settings to enable a very thorough search. Update your antivirus and antimalware software (and make certain it is set to update automatically) and scan your entire system. Be certain not to exempt any types of files or folders from being scanned, regardless of how long it may take—it could be hours or maybe a full day (or more) if you have lots of programs installed or lots of files on your computer.

Check, double check, and try to confirm that anything you download is legitimate and is what it is supposed to be. This is extremely important; you should only download documents, software, videos, graphics, sound and other files that you can confirm come from sites or people you trust. Whatever you download, download it into its own, unique folder and immediately have your antivirus and antimalware software run a scan on it before you open or install it.

Look into two-factor authentication for your account and decide if it is appropriate for you. Two-factor authentication (2FA) is a robust, voluntary additional security measure offered by most email providers. 2FA requires both a password and another type of identification, such as a passcode, that is sent as a text to your mobile phone number. You will have to receive the passcode and input it on your phone or computer before you are allowed to access your account.

Use a Virtual Private Network (VPN). A VPN is software that encrypts all your internet data so you are much less visible and vulnerable to hackers. VPNs are usually a paid annual service, but some internet browsers provide some free VPN service, and some of the large VPN service providers will provide a limited amount of free VPN service monthly. Also, look into other actions that can help you secure your home network.

The above suggestions are just some of the steps that could help get your email account back in order. The U.S. Federal Trade Commission has some useful information on how to manage a hacked email account, and it's worth a look. Also, email providers often offer information on how to deal specifically with their users' hacked email accounts.

Dealing with a hacked email account can be very frustrating; it's easy to be upset when you think about the potential exposure of your confidential information. But you can get it back, recover from the breach, and harden your account against future attacks.