SkipToMainContent

Malware

4 things to do if your email account is hacked

Scammers hack email accounts so they can send phony messages from a trusted email address in hopes of getting the recipients to take action.

The ultimate goal could be to get these email contacts to send money, turn over personal information, or click a link that installs malware, spyware, or a virus on the victim’s device.

One example: A few years ago, the U.S. Federal Trade Commission charged four scammers who hacked accounts to send millions of emails urging the recipients to try “miracle” weight loss pills. The email had a weight loss story from the sender and a link to fake endorsements from Oprah and other stars.

This could happen to you and the colleagues, friends, and family members in your email contacts list. Learn what to do if your email has been hacked so you can stop these scammers quickly.

How to know your email has been hacked 

You may get an urgent message from a friend or family member who received a suspicious email from you. They may ask if you sent the email. Or they may simply send these panic-inducing words: “You’ve been hacked.”

But you may be able to spot signs of trouble before you get tipped off by a friend. Here are three indicators that your email account has likely been hacked.

  • You can’t log into your email account. When you try to log in, you may get a message that your username or password is incorrect. This could mean the hacker changed your credentials to lock you out of your own account.
  • Your sent-messages folder looks odd. Your sent messages folder may hold scammy messages you didn’t write. Or, the folder may be sitting empty when you never deleted your sent messages.
  • Strange messages appear on your social media accounts. If your latest Instagram post or tweet is touting some product you’ve never used, a hacker may have gained access to both your email and social media accounts. You email account can act as a gateway into other accounts. The hacker can simply click “forgot password” at login and have a password reset link sent right to your email inbox, which they now control.

Your email also may contain a wealth of information about your bank account, credit cards, and other financial accounts. A hacked email can put you and your email contacts at risk for identity theft and bank account or credit card fraud. If you think your email has been hacked, take quick action to minimize the damage. 

4 things to do if your email account has been hacked

Wondering what to do when your email is hacked? Here are four steps you can take right now to regain control of your account, banish the hacker, and help protect yourself in the future.

1. Change your credentials.

The first step: Take back control of your account. If the hacker has locked you out, you may have to contact your email service provider for help. You will probably have to provide an array of information to prove your identity and regain control of your email. 

If you do still have access to your account, make these changes right away:

  • Get a new username and password. Choose a strong password. Secure passwords or passphrases should contain at least 12 characters, including numbers, symbols and a mix of capital and lowercase letters. Use a unique password for every account. Password managers offer an easy and secure way to create complex passwords and to keep track of your login credentials.
  • Change your security questions. The hacker may have gotten access to your account by guessing the answers to security questions. They could hack your account again if you don’t change these questions and answers. Avoid choosing questions with answers that can easily be guessed or found online. For example, don’t choose “What’s your mother’s middle name?” if your mom routinely uses her first, middle, and last name on social media.
  • Turn on two-step verification. Also known as multifactor authentication, this extra security measure typically requires you to enter your username and password along with a temporary passcode to get into an account. For example, the service provider may send the one-time passcode to your phone each time you try to log in. Without your phone in hand, a hacker will be much less likely to gain entry into an account that has two-step verification turned on.

2. Warn your contacts.

Tell the colleagues, friends, and family in your email contact list that your email has been hacked. Warn them to delete any suspicious messages that come from your account. Also tell them not to open applications, click on links, share credit card information, or send money. It can be embarrassing to let your contacts know you’ve been hacked, but the warning may save them from falling for a scam.

3. Look for signs of trouble.

Hackers may make changes to allow them to get into your account again or even to continue to scam people after you’ve taken back control of the account. To prevent this, you should take these steps:

  • Check your settings. Hackers who gain access to an email account may change settings to further compromise your security. Check your email signature to make sure it doesn’t contain any unfamiliar links. Look to make sure your emails aren’t being auto-forwarded to someone else. And get tips from your email service provider on any other ways you can make your account more secure.
  • Scan for trouble. Look for signs of a computer virus on your computer, phone or tablet. These signs may include strange pop-up windows, slowness, problems shutting down or restarting, and unfamiliar applications on your device.

4. Protect yourself for the future.

Finally, you can put a few simple measures in place to make it less likely that your email account gets hacked again. Here’s what to do:

  • Get up to date, frequently. Make sure you are running the latest versions of your apps, browser, operating system, and software. The newest versions often contain patches to fix security flaws hackers can exploit. You may also want to delete any apps you don’t use or that aren’t being updated regularly by their developers.
  • Add security software. Get security software from a reputable company and install it on all of your devices. If you already have security software, make sure you’ve got the latest version and run it to check for malware, spyware, and viruses.

Now that you know what to do if your email account is hacked, you can put a plan of action in place in case you ever do get the dreaded “you’ve been hacked” message from a friend. That will allow you to regain your account and your peace of mind more quickly.

Cyber threats have evolved, and so have we.

Norton 360™ with LifeLock™, all-in-one, comprehensive protection against viruses, malware, identity theft, online tracking and much, much more.

Try Norton 360 with Lifelock.


Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.