What to do if your email is hacked (2023)

Scammers hack email accounts for many reasons, including accessing personal information to commit financial or identity fraud. But an email hack can also expose your contacts to phishing campaigns, malware attacks, and other scams. Learn how email accounts can get compromised and what to do if your email is hacked. And get ironclad cybersecurity protection to help secure your email, block hackers, and keep your identity safe.

Emailcompromised from a data breach

Adata breachis a common way to compromise an emailaccount. If you believe you're safe, just check out recent headlines aboutbreaches that involve hacked email accounts.

For example, car manufacturer GeneralMotors was hit by a data breach in April 2022. According toSecurity Magazine, hackers got hold of GMcustomer names, email addresses, physical addresses, GM account information,and more.

So, what happens if a hacker gets your emailaddress? If a cybercriminal were to gain access to your email address withoutalso getting hold of your email account password, it's unlikely they could domuch damage. But if they also get your password, they can cause you plenty ofpain.

They could send scam emails to everyoneon your contact list. And it’sno fun telling your boss that you didn't really send the message urging him totry the latest diet drug, or explaining to your aunt that, no, you’re notstranded in Aruba in need of $1,000 wired immediately.

Hackers could also use your email and password to reset other passwords and gain control of your social media accounts. In a worst-case scenario, they could lock you out of your accounts and post anything they want as "you." These posts could be scam posts containing malicious links that install a virus or spyware, or even posts that are embarrassing or personally damaging to you.

It's also possible hackers could useyour email account to gain access to your bank account or credit cardinformation, draining funds from an account, or racking up charges. They mighteven use your email and password to sign up for online sites and services,sticking you with monthly fees in the process.

As you can see, it's especiallyimportant to keep hackers fromaccessing your Gmailor other email accounts.

Tipsto help protect email account

You never know when a hacker might goafter your email account, but you can take steps to help protect yourself froma cybercriminal compromising your email.

First, never use the samepasswordfor your email account and the otherimportant sites you visit. If someone gains access to your email password, youdon't want that person to use this information to get into your bank, creditcard, or health care accounts. Make sure to use unique passwords for each ofthese key sites.

And make your passwords difficult tocrack. Include letters, capitalized letters, numbers, and symbols in yourpasswords. Never use your birthday, address, Social Security number, oranything that someone may be able to guess about you in your password.

Don't click on links in emails unlessyou absolutely know who sent the message to you and you're expecting thisperson to send you a link. If you aren’t expecting a link from someone youknow, avoid clicking links even if you know the sender. These fraudulent linkscan often lead to spoofed websites that look like they’re run by a bank orcredit card provider, but they’re created by fraudsters to scam you out of yourpersonal information.

Turn ontwo-factorauthentication. With this security measure, youmust first log into a site with your username and password — such as your bank,mortgage lender or credit card provider — and then wait for a code, usuallysent to your smartphone. You then enter that code to gain access to the site.This does add an extra step to logging into an account, but it also provides anextra layer of protection.

How to know if your emailhas been hacked

You may get an urgent message from afriend or family member who received a suspicious email from you. They may askif you sent the email. Or they may simply send these panic-inducing words:“You’ve been hacked.”

But you may be able to spot signs of ahacked email account before you get tipped off by a friend. Here are threeindicators that youremailaccount has likely been hacked.

• You can’t log into your emailaccount.Whenyou try to log in, you may get a message that your username or password isincorrect. In this case, a fraudster might have changed your email password,which often is one of the first things cybercriminals do after taking controlof your email account.
• Your sent-messages folder looksodd. Your sentmessages folder may hold scammy messages you didn’t write. Or the folder may besitting empty when you never deleted your sent messages.
• Your friends say they're gettingspam from you.If you get messages from your contacts asking why you’ve been sending themspam, that's likely an indication that a cybercriminal has gained access toyour email account and is using it to send messages in your name.
• Strange messages appear on yoursocial media accounts. If your latestInstagrampost or tweet is touting some productyou’ve never used, a hacker may have gained access to both your email andsocial media accounts. Your email account can act as agateway into other accounts. The hacker can simply click “forgot password” atlogin and have a password reset link sent right to your email inbox, which theynow control.
• Your IP address log looks fishy. Your IP address is a type ofdigital address that shows where you are located when you log onto theinternet. If you mostly log onto the internet from your home or work, a recordof your IP addresses will show mostly the same numbers repeatedly. However, ifyour IP address log shows many different IP addresses, it could be a sign thata fraudster is logging into your email account from different locations.

Some email service providershave tools that you can use to check your IP address. If you use Gmail, for instance,you can scroll to the bottom of the page and look for the word “details” in theright corner. Click on this and you will see a log of IP addresses from whichyour account has been accessed.

What to do if your email is hacked

A hacked email can put you and youremail contacts at risk for identity theft and bank account or credit cardfraud. If you think your email has been hacked, take quick action to minimizethe damage.

Here are four tips for what to do if youremail is hacked to banish the hacker and help protect yourself in the future.

1. Change your credentials.

The first step: Take back control ofyour hacked email account. If the hacker has locked you out, you may have tocontact your email service provider for help. You will probably have to providean array of information to prove your identity and regain control of youremail.

If you do still have access to youraccount, make these changes right away:

• Get a new username and password. Choose a strong password.Secure passwords or passphrases should contain at least 12 characters,including numbers, symbols and a mix of capital and lowercase letters. Use aunique password for every account. Password managers offer an easy and secure wayto create complex passwords and to keep track of your login credentials.
• Change your security questions. The hacker may have gottenaccess to your account by guessing the answers to security questions. Theycould hack your account again if you don’t change these questions and answers.Avoid choosing questions with answers that can easily be guessed or foundonline. For example, don’t choose “What’s your mother’s middle name?” if yourmom routinely uses her first, middle, and last name on social media.
• Turn on two-step verification. Also known as multi-factorauthentication, this extra security measure typically requires you to enteryour username and password along with a temporary passcode to get into anaccount.

2. Warn your contacts.

Tell the colleagues, friends, and familyin your email contact list that your email has been hacked. Warn them to deleteany suspicious messages that come from your account. Also tell them not to openapplications, click on links, share credit card information, or send money. Itcan be embarrassing to let your contacts know you’ve been hacked, but thewarning may save them from falling for a scam.

3. Look for signs of trouble.

Hackers may make changes to allow themto get into your account again or to continue to scam people after you’ve takenback control of the account. To prevent this, you should take these steps:·

• Check your settings. Hackers who gain access to anemail account may change settings to further compromise your security. Checkyour email signature to make sure it doesn’t contain any unfamiliar links. Lookto make sure your emails aren’t being auto forwarded to someone else. And gettips from your email service provider on any other ways you can make youraccount more secure.
• Scan for trouble.Look for signs of a computer virus on your computer, phone or tablet. These signs may include strange pop-up windows, slowness, problems shutting down or restarting, and unfamiliar applications on your device. If you notice any of these signs, get Norton 360 with LifeLock Select to help identify and remove malware that may be infecting your device.

4. Protect yourself for thefuture.

Finally, you can put a few simplemeasures in place to make another email hack less likely to happen in thefuture. Here’s what to do:

• Update frequently. Make sure you are running thelatestversionsof your apps, browser, operating system, and software. The newest versionsoften contain patches to fix security flaws hackers can exploit. You may alsowant to delete any apps you don’t use or that aren’t being updated regularly bytheir developers.
• Add security software. Get security software from areputable company and install it on all your devices.If you’re concerned about hacked email accounts, it’s a good idea to consider trusted security software likeNorton 360 with LifeLock Select,which provides all-in-one protection for your devices, online privacy, and identity. If you already havesecurity software, make sure you’ve got the latest version and run it to checkfor malware, spyware, and viruses.

Now that you know what to do if youremail is hacked, you can put a plan of action in place in case you ever do getthe dreaded “you’ve been hacked” message from a friend. That will allow you toregain your account and your peace of mind more quickly.

Allie Johnson is a freelance journalist who covers cybersecurity, privacy, and consumer topics. She has written for Bankrate, CreditCards.com, and Discover.

Editorial note:Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc.