SkipToMainContent

Malware

What to do if your email is hacked

June 10, 2022

Scammers hack email accounts so they can send phony messages from a trusted email address in hopes of getting the recipients to act. The goal could be to get these email contacts to send money, turn over personal information, or click a link that installs malware, spyware, or a virus on a device.  

An email hack could also put your colleagues, friends, and family members in your email contacts list at risk for getting scammed too. Learn how email accounts can get compromised and what to do if your email is hacked.  

Email compromised from a data breach

A data breach is a common way to compromise an email account. If you believe you're safe, just check out recent headlines about breaches that involve hacked email accounts. 

For example, car manufacturer General Motors was hit by a data breach in April 2022. According to Security Magazine, hackers got ahold of GM customer names, email addresses, physical addresses, GM account information, and more. 

So, what happens if a hacker gets your email address? If a cybercriminal were to gain access to your email address without also getting a hold of your email account password, it's unlikely they could do much damage. But if they also get your password, they can cause you plenty of pain.  

They could send scam emails to everyone on your contact list. And it’s no fun telling your boss that you didn't really send the message urging him to try the latest diet drug, or explaining to your aunt that, no, you’re not stranded in Aruba in need of $1,000 wired immediately.  

Hackers could also use your email and password to reset other passwords and gain control of your social media accounts. In a worst-case scenario, they could lock you out of your accounts and post anything they want as "you." These posts could be scam posts containing malicious links or even posts that are embarrassing or personally damaging to you.

It's also possible hackers could use your email account to gain access to your bank account or credit card information, draining funds from an account, or racking up charges. They might even use your email and password to sign up for online sites and services, sticking you with monthly fees in the process.  

As you can see, it's especially important to keep hackers from accessing your Gmail or other email accounts. 

Tips to help protect email account

You never know when a hacker might go after your email account, but you can take steps to help protect yourself from a cybercriminal compromising your email.  

First, never use the same password for your email account and the other important sites you visit. If someone gains access to your email password, you don't want that person to use this information to get into your bank, credit card, or health care accounts. Make sure to use unique passwords for each of these key sites. 

And make your passwords difficult to crack. Include letters, capitalized letters, numbers, and symbols in your passwords. Never use your birthday, address, Social Security number, or anything that someone may be able to guess about you in your password. 

Don't click on links in emails unless you absolutely know who sent the message to you and you're expecting this person to send you a link. If you aren’t expecting a link from someone you know, avoid clicking links even if you know the sender. These fraudulent links can often lead to spoofed websites that look like they’re run by a bank or credit card provider, but they’re created by fraudsters to scam you out of your personal information. 

Turn on two-factor authentication. With this security measure, you must first log into a site with your username and password — such as your bank, mortgage lender or credit card provider — and then wait for a code, usually sent to your smartphone. You then enter that code to gain access to the site. This does add an extra step to logging into an account, but it also provides an extra layer of protection. 

How to know if your email has been hacked

You may get an urgent message from a friend or family member who received a suspicious email from you. They may ask if you sent the email. Or they may simply send these panic-inducing words: “You’ve been hacked.” 

But you may be able to spot signs of a hacked email account before you get tipped off by a friend. Here are three indicators that your email account has likely been hacked.    

  • You can’t log into your email account. When you try to log in, you may get a message that your username or password is incorrect. In this case, a fraudster might have changed your email password, which often is one of the first things cybercriminals do after taking control of your email account.
  • Your sent-messages folder looks odd. Your sent messages folder may hold scammy messages you didn’t write. Or the folder may be sitting empty when you never deleted your sent messages.         
  • Your friends say they're getting spam from you. If you get messages from your contacts asking why you’ve been sending them spam, that's likely an indication that a cybercriminal has gained access to your email account and is using it to send messages in your name.
  • Strange messages appear on your social media accounts. If your latest Instagram post or tweet is touting some product you’ve never used, a hacker may have gained access to both your email and social media accounts. Your email account can act as a gateway into other accounts. The hacker can simply click “forgot password” at login and have a password reset link sent right to your email inbox, which they now control.        
  • Your IP address log looks fishy. Your IP address is a type of digital address that shows where you are located when you log onto the internet. If you mostly log onto the internet from your home or work, a record of your IP addresses will show mostly the same numbers repeatedly. However, if your IP address log shows many different IP addresses, it could be a sign that a fraudster is logging into your email account from different locations. 

Some email service providers have tools that you can use to check your IP address. If you use Gmail, for instance, you can scroll to the bottom of the page and look for the word “details” in the right corner. Click on this and you will see a log of IP addresses from which your account has been accessed. 

What to do if your email is hacked

A hacked email can put you and your email contacts at risk for identity theft and bank account or credit card fraud. If you think your email has been hacked, take quick action to minimize the damage.

Here are four tips for what to do if you email is hacked to banish the hacker and help protect yourself in the future. 

1. Change your credentials.

The first step: Take back control of your hacked email account. If the hacker has locked you out, you may have to contact your email service provider for help. You will probably have to provide an array of information to prove your identity and regain control of your email.

If you do still have access to your account, make these changes right away:         

  • Get a new username and password. Choose a strong password. Secure passwords or passphrases should contain at least 12 characters, including numbers, symbols and a mix of capital and lowercase letters. Use a unique password for every account. Password managers offer an easy and secure way to create complex passwords and to keep track of your login credentials.
  • Change your security questions. The hacker may have gotten access to your account by guessing the answers to security questions. They could hack your account again if you don’t change these questions and answers. Avoid choosing questions with answers that can easily be guessed or found online. For example, don’t choose “What’s your mother’s middle name?” if your mom routinely uses her first, middle, and last name on social media.
  • Turn on two-step verification. Also known as multi-factor authentication, this extra security measure typically requires you to enter your username and password along with a temporary passcode to get into an account. 

2. Warn your contacts.

Tell the colleagues, friends, and family in your email contact list that your email has been hacked. Warn them to delete any suspicious messages that come from your account. Also tell them not to open applications, click on links, share credit card information, or send money. It can be embarrassing to let your contacts know you’ve been hacked, but the warning may save them from falling for a scam. 

3. Look for signs of trouble.

Hackers may make changes to allow them to get into your account again or to continue to scam people after you’ve taken back control of the account. To prevent his, you should take these steps: ·        

  • Check your settings. Hackers who gain access to an email account may change settings to further compromise your security. Check your email signature to make sure it doesn’t contain any unfamiliar links. Look to make sure your emails aren’t being auto forwarded to someone else. And get tips from your email service provider on any other ways you can make your account more secure.
  • Scan for trouble. Look for signs of a computer virus on your computer, phone or tablet. These signs may include strange pop-up windows, slowness, problems shutting down or restarting, and unfamiliar applications on your device. 

4. Protect yourself for the future.

Finally, you can put a few simple measures in place to make another email hack less likely to happen in the future. Here’s what to do:         

  • Update frequently. Make sure you are running the latest versions of your apps, browser, operating system, and software. The newest versions often contain patches to fix security flaws hackers can exploit. You may also want to delete any apps you don’t use or that aren’t being updated regularly by their developers.
  • Add security software. Get security software from a reputable company and install it on all your devices. If you already have security software, make sure you’ve got the latest version and run it to check for malware, spyware, and viruses. 

Now that you know what to do if your email is hacked, you can put a plan of action in place in case you ever do get the dreaded “you’ve been hacked” message from a friend. That will allow you to regain your account and your peace of mind more quickly. 

Try Norton 360 FREE 30-Day Trial* - Includes Norton Secure VPN

30 days of FREE* comprehensive antivirus, device security and online privacy with Norton Secure VPN.

Join today. Cancel anytime.

*Terms Apply


Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2022 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.