Recover from a hacked email account
Email accounts are a common target for cyber criminals. They contain lots of sensitive information and are often the key to accessing other accounts. When your email account is compromised it is critical that you act fast.
We want to better understand the impact of you experiencing this issue, can you share your experience by filling in this online form? This will help us better protect future victims.
Hacked email account - Do this first!
Change your password - If you can still log into your email account then follow the usual process to reset your password. Make this a strong password that you have never used before.
Turn on two-factor authentication - Almost all good email accounts now give you the option to turn on two-factor authentication. Turn this on now. This guide from Consumer Reports will help you understand what it is and tell you how to turn it on. If possible, use token based two-factor authentication through a mobile app, instead of text based authentication as this is more secure.
Change your log in details to other sites that use the same - or similar - username and password - Any other online accounts with the same or similar log in details need to be changed immediately. It is highly likely that a cyber criminal will check other popular sites as soon as they get into your email account.
Check for password resets on other accounts - If you have other accounts registered to the breached email, make sure that passwords for those haven’t been reset by the attacker.
Report the unauthorized access to the email provider - Let the provider know your account was hacked and they will follow an evidence preservation procedure at their end. Useful if you need it in a legal case later.
Approaches to dealing with a hacked email account
Follow these steps now you have changed your password and turned on two-factor authentication:
Check your email account security settings - Go into your email accounts settings and find the security settings area. Check what devices and apps are connected and disconnect any you don’t recognise. Check recent log ins and screenshot the information of unauthorized log ins - most provide time, date, IP address, browser type and device type.
Scan your devices for malware - There are a number of ways the perpetrator may have got your log in details - from a past breach (you can check known breaches here), guessed it, seen you type it in or you may have told them in the past. However, they could also have malicious software on one of your devices that gives them access to what you type into websites. Scan all of the devices you use to access your email with an anti-virus solution and remove any malware.
Check your email settings - If the perpetrator has been monitoring your emails and plans to use your email account for personal gain then they may have set up some filters and rules in your email account to hide emails from you that they have been sending/receiving. Check these and make sure there is nothing you don’t recognise. If there is, take a screenshot and then delete the criminals changes. Also check your sent and deleted items for any correspondence you don’t recognise - the criminal may have been pretending to be you!
Set up a recovery email - If you haven’t already set up a recovery email or phone number go to your email settings and do this now. If you get hacked in future and get locked out of your email account this will give you a way back in.
Change the answers to your security questions - You will have set answers to security questions when you set up the account. Most of the answers you have probably shared on social media without thinking about it. Change these now and make them random so they couldn’t be guessed.
Think about the repercussions of someone having access to the data in your email account - Review what information is in your email account and use it to make changes to limit what the criminal can do with it. For example if you have other passwords listed or bank details then take precautions to secure these accounts and change the exposed information.
Warn others that your account was compromised - If people in your email contacts were communicated with by the hacker then let them know it wasn’t you and tell them they should look at their own security. They may have copied your contacts and plan to target them, so letting your contacts know is good practice.
Consider setting up a new email address - The cyber criminal knows that you have this email address and is likely to try and regain access by sending you phishing emails to trick you into sharing your password or infecting yourself with malicious software. Moving to a new email account would take away this risk and you can still monitor the old account, with the knowledge that emails may be malicious.
If you are completely locked out - If you have been completely locked out of your account then follow the providers account recovery process. If you have not set up the recovery process before you may need to raise a case with the provider and work to prove that you own the account.
Link to email provider guidance
The following takes you to information and guides provided directly by popular email providers: Gmail, Hotmail, Apple (iCloud), and Yahoo!.
Report the crime
If you are in the USA you can report a hacked account to the FBI through their IC3 reporting portal here. If your hacked account also involves identity theft then you can report this here.
How do I stop my email account being hacked again?
Get good at passwords - Use strong passwords, use different passwords on each site, never share them and change them regularly. Use a password manager app to help you do this. See some good guidance here.
Commit to two-factor authentication - Two-factor is a way to improve your security drastically in one easy step. Use it on every site that offers it. You can get more information here.
Be careful clicking or downloading - Tricking you to share your password by sending you trick emails or texts is a really common way to have your passwords stolen. As is downloading attachments in email that contain malicious software. Be extremely careful when clicking online links or opening/downloading online attachments. You can hover over links to make sure they lead where they say they lead. If you’re unsure, don’t click it.
Get secure - Take time to improve your general online security. Use sites like Security Planner and Get Safe Online to understand what good security looks like and make changes.
Donate
To help people like you we rely 100% on donations from people like you.
Without donations we cannot keep our service free and provide help to the most vulnerable victims of cyber crime when they need it most. As a not-for-profit organization, 100% of your donation goes towards keeping The Cyber Helpline up and running - so 100% goes towards helping people like you. Donate now and help us support victims of cyber crime.