Scammers hack email accounts for many reasons, including accessing personal information to commit financial or identity fraud. But an email hack can also expose your contacts to phishing campaigns, malware attacks, and other scams. Learn how email accounts can get compromised and what to do if your email is hacked. And get ironclad cybersecurity protection to help secure your email, block hackers, and keep your identity safe.
Get Norton 360 with LifeLock Select
Emailcompromised from a data breach
Adata breachis a common way to compromise an emailaccount. If you believe you're safe, just check out recent headlines aboutbreaches that involve hacked email accounts.
For example, car manufacturer GeneralMotors was hit by a data breach in April 2022. According toSecurity Magazine, hackers got hold of GMcustomer names, email addresses, physical addresses, GM account information,and more.
So, what happens if a hacker gets your emailaddress? If a cybercriminal were to gain access to your email address withoutalso getting hold of your email account password, it's unlikely they could domuch damage. But if they also get your password, they can cause you plenty ofpain.
They could send scam emails to everyoneon your contact list. And it’sno fun telling your boss that you didn't really send the message urging him totry the latest diet drug, or explaining to your aunt that, no, you’re notstranded in Aruba in need of $1,000 wired immediately.
Hackers could also use your email and password to reset other passwords and gain control of your social media accounts. In a worst-case scenario, they could lock you out of your accounts and post anything they want as "you." These posts could be scam posts containing malicious links that install a virus or spyware, or even posts that are embarrassing or personally damaging to you.
It's also possible hackers could useyour email account to gain access to your bank account or credit cardinformation, draining funds from an account, or racking up charges. They mighteven use your email and password to sign up for online sites and services,sticking you with monthly fees in the process.
As you can see, it's especiallyimportant to keep hackers fromaccessing your Gmailor other email accounts.
Tipsto help protect email account
You never know when a hacker might goafter your email account, but you can take steps to help protect yourself froma cybercriminal compromising your email.
First, never use the samepasswordfor your email account and the otherimportant sites you visit. If someone gains access to your email password, youdon't want that person to use this information to get into your bank, creditcard, or health care accounts. Make sure to use unique passwords for each ofthese key sites.
And make your passwords difficult tocrack. Include letters, capitalized letters, numbers, and symbols in yourpasswords. Never use your birthday, address, Social Security number, oranything that someone may be able to guess about you in your password.
Don't click on links in emails unlessyou absolutely know who sent the message to you and you're expecting thisperson to send you a link. If you aren’t expecting a link from someone youknow, avoid clicking links even if you know the sender. These fraudulent linkscan often lead to spoofed websites that look like they’re run by a bank orcredit card provider, but they’re created by fraudsters to scam you out of yourpersonal information.
Turn ontwo-factorauthentication. With this security measure, youmust first log into a site with your username and password — such as your bank,mortgage lender or credit card provider — and then wait for a code, usuallysent to your smartphone. You then enter that code to gain access to the site.This does add an extra step to logging into an account, but it also provides anextra layer of protection.
How to know if your emailhas been hacked
You may get an urgent message from afriend or family member who received a suspicious email from you. They may askif you sent the email. Or they may simply send these panic-inducing words:“You’ve been hacked.”
But you may be able to spot signs of ahacked email account before you get tipped off by a friend. Here are threeindicators that youremailaccount has likely been hacked.
- You can’t log into your emailaccount.Whenyou try to log in, you may get a message that your username or password isincorrect. In this case, a fraudster might have changed your email password,which often is one of the first things cybercriminals do after taking controlof your email account.
- Your sent-messages folder looksodd. Your sentmessages folder may hold scammy messages you didn’t write. Or the folder may besitting empty when you never deleted your sent messages.
- Your friends say they're gettingspam from you.If you get messages from your contacts asking why you’ve been sending themspam, that's likely an indication that a cybercriminal has gained access toyour email account and is using it to send messages in your name.
- Strange messages appear on yoursocial media accounts. If your latestInstagrampost or tweet is touting some productyou’ve never used, a hacker may have gained access to both your email andsocial media accounts. Your email account can act as agateway into other accounts. The hacker can simply click “forgot password” atlogin and have a password reset link sent right to your email inbox, which theynow control.
- Your IP address log looks fishy. Your IP address is a type ofdigital address that shows where you are located when you log onto theinternet. If you mostly log onto the internet from your home or work, a recordof your IP addresses will show mostly the same numbers repeatedly. However, ifyour IP address log shows many different IP addresses, it could be a sign thata fraudster is logging into your email account from different locations.
Some email service providershave tools that you can use to check your IP address. If you use Gmail, for instance,you can scroll to the bottom of the page and look for the word “details” in theright corner. Click on this and you will see a log of IP addresses from whichyour account has been accessed.
What to do if your email is hacked
A hacked email can put you and youremail contacts at risk for identity theft and bank account or credit cardfraud. If you think your email has been hacked, take quick action to minimizethe damage.
Here are four tips for what to do if youremail is hacked to banish the hacker and help protect yourself in the future.
1. Change your credentials.
The first step: Take back control ofyour hacked email account. If the hacker has locked you out, you may have tocontact your email service provider for help. You will probably have to providean array of information to prove your identity and regain control of youremail.
If you do still have access to youraccount, make these changes right away:
- Get a new username and password. Choose a strong password.Secure passwords or passphrases should contain at least 12 characters,including numbers, symbols and a mix of capital and lowercase letters. Use aunique password for every account. Password managers offer an easy and secure wayto create complex passwords and to keep track of your login credentials.
- Change your security questions. The hacker may have gottenaccess to your account by guessing the answers to security questions. Theycould hack your account again if you don’t change these questions and answers.Avoid choosing questions with answers that can easily be guessed or foundonline. For example, don’t choose “What’s your mother’s middle name?” if yourmom routinely uses her first, middle, and last name on social media.
- Turn on two-step verification. Also known as multi-factorauthentication, this extra security measure typically requires you to enteryour username and password along with a temporary passcode to get into anaccount.
2. Warn your contacts.
Tell the colleagues, friends, and familyin your email contact list that your email has been hacked. Warn them to deleteany suspicious messages that come from your account. Also tell them not to openapplications, click on links, share credit card information, or send money. Itcan be embarrassing to let your contacts know you’ve been hacked, but thewarning may save them from falling for a scam.
3. Look for signs of trouble.
Hackers may make changes to allow themto get into your account again or to continue to scam people after you’ve takenback control of the account. To prevent this, you should take these steps:·
- Check your settings. Hackers who gain access to anemail account may change settings to further compromise your security. Checkyour email signature to make sure it doesn’t contain any unfamiliar links. Lookto make sure your emails aren’t being auto forwarded to someone else. And gettips from your email service provider on any other ways you can make youraccount more secure.
- Scan for trouble.Look for signs of a computer virus on your computer, phone or tablet. These signs may include strange pop-up windows, slowness, problems shutting down or restarting, and unfamiliar applications on your device. If you notice any of these signs, get Norton 360 with LifeLock Select to help identify and remove malware that may be infecting your device.
4. Protect yourself for thefuture.
Finally, you can put a few simplemeasures in place to make another email hack less likely to happen in thefuture. Here’s what to do:
- Update frequently. Make sure you are running thelatestversionsof your apps, browser, operating system, and software. The newest versionsoften contain patches to fix security flaws hackers can exploit. You may alsowant to delete any apps you don’t use or that aren’t being updated regularly bytheir developers.
- Add security software. Get security software from areputable company and install it on all your devices.If you’re concerned about hacked email accounts, it’s a good idea to consider trusted security software likeNorton 360 with LifeLock Select,which provides all-in-one protection for your devices, online privacy, and identity. If you already havesecurity software, make sure you’ve got the latest version and run it to checkfor malware, spyware, and viruses.
Get Norton 360 with LifeLock Select
Now that you know what to do if youremail is hacked, you can put a plan of action in place in case you ever do getthe dreaded “you’ve been hacked” message from a friend. That will allow you toregain your account and your peace of mind more quickly.
- Allie Johnson
- Freelance Writer
Allie Johnson is a freelance journalist who covers cybersecurity, privacy, and consumer topics. She has written for Bankrate, CreditCards.com, and Discover.
Editorial note:Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc.
Scammers hack email accounts for many reasons, including accessing personal information to commit financial or identity fraud. But an email hack can also expose your contacts to phishing campaigns, malware attacks, and other scams. Learn how email accounts can get compromised and what to do if your email is hacked.Who do I contact if my email is hacked? ›
If you haven't already, contact your email provider and report the email hacking. This is important even if your hacked email didn't cause you to lose access. Reporting a hack helps providers track scam-based behavior.What is the first thing you do when you get hacked? ›
Step 1: Change your passwords
This is important because hackers are looking for any point of entry into a larger network, and may gain access through a weak password. On accounts or devices that contain sensitive information, make sure your password is strong, unique—and not easily guessable.
No, don't delete your email, even after it's been hacked. This is because most email providers will recycle old and deleted email addresses. If you're concerned, stop using your email for sending or receiving messages, but don't delete it.Will changing my email password stop hackers? ›
A hacker may attempt to access your account more than once over a period of time. Changing your password often reduces the risk that they will have frequent access.What happens if someone gets your email address? ›
Once scammers have your email address, they can send you phishing emails in an attempt to get credentials for other important accounts. Phishing is when a cybercriminal sends a message pretending to be someone else in order to obtain confidential information.What are the 2 possible signs that you have been hacked? ›
- Password reset emails. ...
- Random popups. ...
- Contacts receiving fake emails or text messages from you. ...
- Redirected internet searches. ...
- Computer, network, or internet connection slows down. ...
- Ransomware messages.
Responding to infected emails can also reveal your location, which cyberattackers use to locate the server and attack your network. You also may share personal details in your response. Cybercriminals only need a few pieces of identifiable information to hack your accounts.Can you recover a hacked email account? ›
If you cannot login to your account, contact your email host provider to get your account reset. Once you do this, be prepared with additional information that your email provider might need to reset your email account.Should I do if I've been hacked? ›
What to do: Contact your mobile carrier and ask them to “lock” your account with a PIN or security question. Change your SIM card's default PIN to protect it if your device is stolen. Here's how to change your PIN on iOS devices (iPhone and iPad) and Android devices.
- Browser hijacks.
- Denial of service (DDoS) attacks.
Unfortunately, in 2023, it's pretty easy for hackers to guess uncomplicated passwords, particularly ones that aren't very long. In fact, if your password is under 10 characters, it'll only take 2 weeks to crack. Simple 10-character passwords made up of just numbers or lowercase letters can be cracked in under 24 hours.Is it common for emails to be hacked? ›
According to the Identity Theft Resource Center (ITRC), there were 1,291 publicly reported data breaches and ~166 million victims in 2022 [*]. That means there's a good chance that hackers already have access to your email account information.Can someone hack my bank account with my phone number? ›
Once hackers have your number, they can use it to gain access to your most sensitive and valuable data, such as your: Email accounts and contact lists. Financial assets and bank accounts. Current and previous home addresses.Can hackers intercept my emails? ›
Mail interception fraud is when criminals steal information such as email usernames and passwords allowing them to hack personal or business email accounts. They monitor incoming mails and intercept emails with private information such as invoices with banking details or account information.Should I worry if a scammer has my email address? ›
Personal and company email addresses can provide cybercriminals with a wealth of new opportunities to execute their schemes and scams. Infiltrated email addresses can supply a mine of useful information for hackers to exploit by providing a portal into our personal and working lives.What to do if I gave my address to a scammer? ›
- Notify Affected Banks or Creditors.
- Use a Fraud Alert on Your Credit Report.
- Check Your Credit Reports.
- Freeze Your Credit.
- Report to the FTC (Federal Trade Commission)
- Report to the Police.
- Remove Fraudulent Information from Your Credit Report.
- Change Your Passwords.
- Research public databases for further pieces of information about you.
- Get yet more personal information about you from online data brokers.
- Send you phishing attacks and scams by physical mail.
- Redirect your physical mail, essentially committing mail fraud.