We stand with Ukraine to help keep people safe. Join us

Topic Secure Inbox

What to Do If Your Email Gets Hacked?

Table of contents

If you suddenly see signs that your email has been hacked — is it such a big deal?

 

Well, how many passwords to your online accounts can you realistically recite by heart? The chances are that instead of using a unique login and password for every service, you use your primary email account as a single sign-on provider to access numerous web resources.

 

These web resources include your banking services, other email and instant messaging accounts, your social media profiles — basically your whole digital life.

 

Having a single entry point to all of them is convenient. But, unfortunately, it's just as convenient for the cybercriminals looking to target your personal information and access your credentials. If someone has really hacked into your email account, consider all those other accounts hacked, too.

 

Pro tip: Use Clario’s all-round cybersecurity protection to keep your devices safe from viruses and malicious actors. If you suspect that your email was hacked, Clario’s team of security experts is available to help you with this 24/7. Start your free trial by downloading Clario now, no credit card needed.

 

Read on to learn what to do if your account has been hacked and what are the signs that will help you detect and prevent this in the future.

How to tell if your email has been hacked

If you suspect that somebody has hacked your email account, here are some warning signs to look out fo

  • Your password stops working. The most obvious indicator of a hacker attack is the inability to log into your email account with your password because the attacker changed it.
  • Unfamiliar emails in your "Sent" folder. Sometimes attackers don't completely lock you out when they take over your account. Instead, they hijack it to send spam, find out more information about you, or trick your friends into thinking that they are talking to you while it's the attacker who is sending emails on your behalf. If you can still log in to your account, and the hackers keep immediately deleting incoming emails, it might take a while before you spot the signs that your email has been hacked.
  • Complaints from contacts. This one is directly related to the previous point. If your contacts tell you to stop sending them weird or suspicious emails, this might indicate someone else is using your account (or that you're not as funny as you think you are).
  • Random password reset emails. Search through your email box to check for password reset emails you don't remember requesting. You might also find traces of an intruder trying to access your banking or shopping information. Regularly check your email for suspicious messages requesting your private data or claiming to be from your bank or accountant. Never share your PIN codes or passwords via email, phone, or messengers that don't use end-to-end encryption.
  • Unusual IP addresses, devices, and browsers. Most email services allow you to check your login activity and show the locations, devices, and IP addresses from where someone has logged into your account. If you don't recognize them, someone may be using your account without your knowledge or permission. And it better be your ex rather than an unscrupulous hacker.

 

If your email account activity matches one or more of these clues, unfortunately, your answer to "has my email been hacked?" is yes. In this case, let's get into action and look for an answer to a different question — namely, "what to do if my email is hacked."

 

Remember, you can turn to an automated service to check if your email has been hacked — by visiting haveibeenpwned.com. It is a website created by a reputable security expert Troy Hunt that allows you to input your email address or phone number and see if your login credentials have been leaked online. You should visit and check this website often because new data leaks happen regularly — for example, the largest-ever batch — more than 8 billion leaked credentials! — called RockYou2021 only surfaced online in June 2021.

How to fix a hacked email: 7 steps to protect yourself

Here's what you need to do to minimize the damage if your email account was hacked and take action against any possible future attacks.

Step 1: Change the password

What is the first thing to do when your email is hacked? If you still have access to the hacked email account, start by logging in and changing your password. If you're unable to do it, but you're sure that you're using the correct password, initiate the password recovery process. If the recovery process doesn't work, try to get in touch with the email provider's customer service team.

 

Step 2: Check your email settings

Examine your email settings to check if anything has been changed. Look for:

  • any copies of your messages forwarded to unknown addresses
  • contacts in your address book you don't remember adding
  • new links in your email signature file

As a next step, tighten your security:

  • Update the security questions and answers your email provider typically uses to confirm your identity when you're going through the password recovery process.
  • Add or update your recovery email — a different email address that hasn't been compromised, which you can use as a backup for your recovery information.

 

Step 3: Set up two-factor authentication

Two-factor authentication (also known as 2FA or two-step verification) is an additional layer of security for your account. It gives your email provider the means to verify that the person who is trying to log in to your account using your password is in fact you. Most email providers now offer this option.

 

After enabling 2FA, the provider will request additional authentication if you're trying to log into your account from a new device. This can be a 5- or 6-digit code provided via a text message or a special app on your mobile phone.

 

Sometimes you can be asked for biometric information (usually that's a fingerprint provided via a built-in sensor in your laptop or phone). Two-factor authentication is one of the most efficient ways of keeping your information safe, so please don't ignore this step even if it seems like a hassle to set up — it's not, and it will protect you.

 

If you're using Gmail, this is how you can turn on the two-factor authentication for your personal email account:

  1. Go to your Google Account
  2. Open the navigation panel
  3. Select Security
  4. In the Signing in to Google section, select 2-Step Verification > Get started
  5. Follow the on-screen prompts to enable the 2FA for your Google account
Google notification about the attempt to log into your account from a new device
This is what happens if you try to log in from a new device now. You'll see a similar notification if a stranger tries to log in to your account and block their attempts.

Step 4: Check your account recovery information

If you went through the recovery process, double-check if your account recovery information is still valid and what you set it to be. Namely, check email addresses and phone numbers listed as recovery contacts. If the emails or phone numbers look unfamiliar, change them immediately.

 

Step 5: Inform your contacts that you've been hacked

Hackers may use your email account to send spam, phishing emails, or try to get some personal or business information from your contacts pretending to be you. If your email has been hacked, one of the first things you need to do is inform everyone in your contact list that your account has been compromised, then ask them to ignore any suspicious messages "you" have sent.

 

Step 6: Check if your other accounts were affected

Once you've secured your main email account (the one that also granted access to your other accounts), you need to change the passwords for those other accounts, too. This includes:

  • your social media profiles
  • internet banking apps
  • cloud storage and various online backups

If you experience any issues accessing other accounts connected to the hacked email, try resetting your passwords immediately and contact customer service.

 

Step 7: Run an antivirus check

Apart from email, attackers could also infiltrate your device with malware. You need to run an antivirus scan to check your computer. Then, make sure your browsers and apps are updated to the latest version.

 

If you have any third-party extensions or apps installed, it's better to remove them, especially if you're not using them anymore. Any of these apps could become a gateway to still more malware, even if you're using a Mac.

 

Pro tip: Not only Windows devices can be infected by viruses. More and more malware for Mac computers emerges every day. This means that even if you're running the latest M1 MacBook Pro, you still can get a virus and still need to have to use anti-malware software. Clario will help you detect and remove any threats from your computer. Plus, it also offers VPN, 24/7 live chat with cybersecurity professionals, and other privacy and protection-related features. Download Clario and start your free trial now.

How to prevent my email from getting hacked in the future

Dealing with a hacked email account can sometimes be overwhelming. But we hope this guide was helpful in showing you what to do when your email is hacked. Once you've put out the fire, it might be a good idea to consider the steps you need to take to prevent any future attacks.

 

We recommend that you follow our blog for regular safety tips. This way, you can learn more about the types of suspicious activities and cyber threats that might be targeting your devices and help you identify problems early on.

 

We also encourage you to check out how Clario identity theft protection works to help you protect your identity and keep your overall digital experience safe online.

 

Read more:

Keep reading

Clario anti-malware protects users from sketchy websites.

Try Clario free
Click here to start installing