Your email is a digital treasure chest. Not only does it contain everything from your contacts to your calendar to personal information like doctors' appointments and employment history, but a hacker could also use the "forgot password" feature to take over a long list of your other accounts.
Once a hacker has gained control of your email, they could potentially lock you out of your own accounts, drain your financials, and commit identity theft, among other malicious behaviors. That makes it a particularly attractive target for threat actors, which means you'll want to make sure it's secure at all times.
However, what do you do if you suspect something has gone wrong – or worse yet, you know it definitely has? Here's a short list of ways to know how emails get hacked, ways to tell if your email has been hacked, and what to do when you know your account has been taken over by a bad actor.
To start, if you don't already have one of the best antivirus programs installed on your device, start there – and make sure it has an identity theft or identity monitoring service feature. Those services work best when you have them in place ahead of time because they can watch and alert you to suspicious behavior ahead of time so you can act quickly.
Emails are easy to hack through a few methods: phishing scams are often successful because they mimic real brands or emails to convince you to click through links or buttons to enter in login details or other personal information, which is then sent back to hackers who then have your account details.
A data breach of a large or small business is another way that your account details can be compromised; if you know that you have an account that has been involved in a data breach, it's important that you update your passwords immediately and keep a close eye on all your accounts for suspicious behavior.
Other methods include credential stuffing attacks, which are automated attacks that involve a bot. The bot takes a list of stolen usernames and passwords, then "stuffs" them into forms across the web, eventually taking the chance it will find one that accepts it as it's been used in multiple places.
And lastly, a malware infection like a keylogger or spyware that captures keystrokes and can steal your login details as you type, then sends that information back to a hacker, can cause an email takeover.
How to know if something has gone wrong with your email account:
You cannot log in: If your username and password are being rejected, that’s a big indicator that someone else has gotten hold of your login credentials and changed them. You’re locked out, and someone else has gained control.
A contact asks if you sent them a message: Hackers like to send malware or spam from compromised accounts, so if your contacts are asking if you’ve sent them spam, adult messages, mass messages, or iffy content with weird messages or links, that’s a pretty big indicator that someone else has control of your email account. Let your friends know – from another channel – that your account has been compromised and they should not open any messages from you.
Settings have been changed: If you see unauthorized changes to your email, like the signature line in your email containing strange links or information, or the forwarding rule redirecting to an unfamiliar address, that's suspicious behavior.
Password reset notifications: Two-factor authentication is a great way to protect your account from hackers, but if you're getting notifications for access that you don't recognize, it means that someone else is attempting to access your account.
Deleted or missing emails: Missing emails, emails moved to trash, or even emails that have been marked as read that you don't recall reading might mean someone else has been in your inbox.
How to recover control of your email:
- Your email provider should have a recovery service or a web page that will assist you with recovering your account in the event of a lost or stolen password. Google has one broken down into seven easy steps.
- Make sure that your security questions and alternate contact information, like phone numbers and backup emails, are kept up to date and accurate. Sometimes hackers will change these to their own information.
- If you’re still able to, update your password and ensure that it is a strong, unique password that isn’t being used for any other account. If you use a password manager, update your email account with your new password.
- Enable 2FA: if your account offers it and you don’t already have it enabled, set up two-factor authentication or multi-factor authentication, which will ask you for a PIN or secondary access info to get into your account. This is one of the strongest ways to protect your accounts since it usually requires a PIN from your phone, which a hacker will not have access to.
- Check your other accounts: make sure you don’t see any suspicious behavior in your other accounts, checking particularly for high-profile accounts like social media, other email, and financial and banking accounts. If those accounts offer 2FA or MFA and you don’t already have that set up for them, make sure you enable it for them as well.
- Alert your contacts: through an independent channel, to let them know that your email account may have been compromised, and that you’ve taken the appropriate steps to secure your account. You can also tell them that they shouldn’t open any emails or attachments during the time that the account was unsecure, so they can protect their own accounts from any phishing attempts.
Once you have secured your account, alert your email provider (and potentially authorities if necessary). Reporting the incident to your provider lets them minimize the damage to you personally, and also helps them investigate the attack to prevent similar incidents to others.
Report the unauthorized access directly to your provider's official support or account recovery page. Then review and reset your security questions, recovery phone numbers, and alternate email addresses, which will prevent the hacker from using them to get back in. You can file a report with the FTC at IdentityTheft.gov and with the FBI at IC3.gov.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
More from Tom's Guide
- Google issues warning to 2.5 billion Gmail users — change your password right now
- More than 4 million people exposed in TransUnion data breach – what you need to know
- Over Half a Million Hit in Major Healthcare Data Breach With SSNs, Financial Info and More Exposed — What to Do Now
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
