Your best friend messages you on Facebook, “I just got a weird email from you. Did you really send this?” Below that is a screenshot of an email that you definitely didn’t send. You panic, wondering who sent the email. Were you hacked? What do you do if your email account gets hacked?
We don’t rely on email for communication as much as we once did, thanks to social media and other channels. But email accounts are just as valuable to hackers as they ever were, and probably more so. Why?
Your email account is the gateway to many of your accounts, because they’re almost always tied to an email address. If a hacker can get into your email account, they can get into many of your accounts, because the password reset option on many websites simply sends a password reset email. If the hacker gets this reset email, they can change your password and log into your other accounts as you. See why your email account is such an attractive target?
By the way, this is another reason it’s critical that you enable two-factor authentication.
What if a friend tells you your email must be hacked, because they received a strange email from you? You may have been hacked, but that’s not necessarily the case. It’s possible for someone to send an email and make it look like you sent it, when it wasn’t actually sent from your account. It’s called email spoofing, and it’s pretty common.
Check your Sent folder to see if the email is there. If it is, then the email was sent from your account, and you should follow the steps in the rest of this post. If the email isn’t in your Sent folder, then it may not have been sent from your account, but you don’t know that for sure, because a hacker could have sent it from your account and then permanently deleted the message.
Many email services allow you to review your account activity; for example, Gmail lets you see the date, time, general location, and software that has been used to access your email. Reviewing this activity can help you determine if your account has been hacked.
Unfortunately, there’s nothing you can do to stop your address from being spoofed. But there are steps you can take to reclaim your email account after it’s been hacked, and make it more secure against future hacking. Let’s see how.
How to Increase Your Security
If you know your email account was hacked, or you even suspect it, follow these steps.
Some email services have an option to log out other devices or sessions. If someone else is logged into your account in another location, this will log them out. Look for this option in your email account settings. For example, in Gmail, in the bottom right, click Details, then Sign out all other web sessions.
Change your email account password. If you’re still able to log into your account, go into the Account, Settings, or Privacy section of your account and change your password. If you’ve been locked out of your account, try a password reset. The login page usually has a link that says something like “Forgot your password?” which you can use to get back into your account. If you still have trouble, contact the support department at your email provider.
Now that you’re in your account, email all your contacts (everyone in your address book) to warn them about any emails they may have received from your address within the last few hours or days (however long it has been that you think your account has been hacked). Tell them to avoid clicking links or opening attachments for those emails. Be sure to put everyone’s email addresses in the BCC (blind carbon copy) line, not the To or CC lines. BCC hides the email addresses, which protects the privacy of the recipients.
Enable two-factor authentication to make it harder for your account to be hacked in the future.
Review your account recovery options (which could be called something like “recovery,” “rescue,” or “backup”). Your account may allow you to set recovery methods such as a phone number or different email address, or security questions. Make sure these are all set as they should be. This is a good time to change your security questions and/or answers, to reduce the risk of them being used to hack your account in the future.
Check your Sent folder to see if the hacker sent any emails. Act on them as necessary.
Check your Trash folder to see if the hacker deleted any emails. Act on them as necessary. Unfortunately, you won’t be able to see any emails that the hacker permanently deleted.
Check your forwarding settings, in case the hacker set your account to forward emails outside of your account. Take note of any you find, then disable them.
The hacker may have accessed your email account remotely, from the other side of the world or just a few houses away. Or, they may have used malware running on one of your own machines to get access to your account. Just in case, on any device that you use to check this email account (phone, tablet, computer, etc.), run a malware scan. Choose the most thorough full system scan option, which could be labelled something like “full scan” or “deep scan.”
When you’re confident that you’ve retaken control of your email account, it’s a good idea to reply to that email you previously sent to all your contacts, telling them that you’ve solved the problem. It would help to include something in the email that would identify you as the sender (a phrase you commonly use, or some personal detail that a hacker is unlikely to know but your contacts would recognize). As before, be sure to put everyone’s email addresses in the BCC (blind carbon copy) line, not the To or CC lines.
Don’t be surprised if some people are skeptical of this email and contact you through a different channel (Facebook message, text message, phone call, etc.) to confirm you actually sent it. That’s a wise move!
- What To Do If Your Email Is Hacked (mcafee.com)
- Hacked Email (ftc.gov)
- Secure a hacked or compromised account (google.com)
- How to access a compromised Microsoft account (microsoft.com)
- Recognize and secure a hacked Yahoo Mail account (yahoo.com)
- If you think your Apple ID has been compromised (apple.com)
What You Should Do
Follow these steps if your email account has been hacked, or you suspect that it has been.
- Log out other devices or sessions from your email account.
- Change or reset your email account password.
- Email all your contacts to warn them about any emails the hacker may have sent. Tell them to avoid clicking links or opening attachments for those emails.
- Enable two-factor authentication.
- Review your account recovery options.
- Change your security questions and/or answers.
- Check your Sent folder to see if the hacker sent any emails. Act on them as necessary.
- Check your Trash folder to see if the hacker deleted any emails. Act on them as necessary.
- Check your forwarding settings. Take note of any you find, then disable them.
- On any device you use to check this email account, run a full system malware scan.
- Email all your contacts again, to let them know you’ve regained control of your email.