What to Do If Your Email Is Hacked
A hacked e-mail account is more than an annoyance - it can lead to identity theft and financial losses. If a compromise occurs, it is vital to take these timely steps. While we encourage working with a computer professional to evaluate and correct shortcomings, below is a list of corrective and preventative recommendations:
1. Change your password
The first, and the most important step, is to change your password immediately after you discover your e-mail account has been compromised. In some, if not most cases, hackers don’t change your account passwords. This means you still have access to your account, and you can prevent further or future attacks from happening.
To change your password, simply use the “Forgot Password” link at your login page and reset your password. If you save your passwords on your devices (e.g., your mobile phone, tablet computer), you will have to update the password on each device to match the new password.
Use long, unique, and complex passwords or passphrases for different accounts. Never use the same password for different accounts. Password managers can help create and manage multiple password accounts. Dashlane and KeePass are reputable password managers that allow you to access and manage accounts across multiple platforms and devices.
Use 2-step authentication. The extra step would require a special code sent to your phone whenever account settings are changed. Unless the hacker has your device, you alone can access the code and gain access. Check out two-step authentication setup instructions for Gmail, Microsoft’s Outlook.com and Hotmail and Yahoo!. AOL doesn’t yet support two-factor authentication.
It is very important to contact your financial institutions so they may monitor your accounts for irregular activities. As an additional precaution, you may want to change the passwords for these sites.
As for your e-mail contacts, send an alert message informing them that your e-mail has been hacked and to ignore any suspicious message or post coming from you, or bearing your name, until you let them know that you have resolved the issue. Additionally, warn them about clicking on links embedded in suspicious e-mails that appear to be coming from you.
3. Check Your E-mail Settings
Scan your e-mail account settings and check if anything was changed. Hackers can have your e-mails forwarded to them, which would easily allow them to receive login information and obtain e-mail addresses on your contact list. If you use an e-mail signature, check for any dubious changes that may have been made (e.g., redirecting links to other websites).
4. Scan Your Computer and Other Devices for Malware
Run a full scan with your anti-malware program. If you do not have one currently installed, download the free version of Malwarebytes and run a full scan with it. We recommend running Malwarebytes even if you already have another anti-malware program. You may discover that your original malware program didn't prevent the attack. Scan other computers from which you log in, such as your work computer, as well.
If any of your scans detect malware, follow the program’s suggested steps to clean, and then rerun.
If your scans detected malware, change your password again and re-check your settings. Changing your passwords without cleaning your system might not lock hackers out of your accounts if you have malware sending them your updated credentials.
5. Implement Preventive Measures
Don’t allow hackers to compromise your accounts again. You can start by avoiding suspicious phishing e-mails (a phishing e-mail appears to be from a legitimate source but is actually fraudulent and typically contains links to malicious websites or content), or links and attachments. This applies to social networks as well. Clicking on dubious links or posts can lead to phishing pages or the download of information-stealing malware.
Use trusted networks (which are secure and private), that you have credentials assigned to you. Avoid using free WiFi. There are many reasons why this can be dangerous, most importantly is that you do not know the credibility of the connection.
Limit your exposure on social networks and the amount of information you display in public. Hackers and identity thieves are quick to gather personal information on social media. So be careful and keep personal details (birthdate, favorite color, pet names, etc.) private.
Bookmark trusted websites, including online shopping sites you frequently use. This will prevent you from accidentally landing on the wrong website where hackers could slip malicious code or links that take you to sites that phish for information.
6. Keep Software Up to Date
Without current web browser support and critical security updates from Microsoft, your PC may become vulnerable to any number of harmful viruses, spyware, and other malicious software which can steal or damage your identity, personal finances, and information. It is equally important to ensure that software programs are also up to date. Software makers often release updates to address specific security threats that have come to their attention. By downloading and installing the system and software updates, you patch the vulnerabilities that virus writers rely on to infect your computer. Common software to be updated include the following:
Configure updates to install automatically.
Given its lucrative nature of containing valuable information, e-mail is prone for attack by fraudsters. If your e-mail is compromised, we hope these steps will provide you some direction during a difficult and stressful time. Also, taking preventative measures will help reduce the likelihood of your falling victim to such perpetrators.