Tech Made Simple

Hot Topics: Heartbleed: What you Need to Know | Best iPhone 5 Battery Case | Best Bluetooth Headset | What's Draining Your Android Battery?

Use It

author photo

What To Do When Your Email Gets Hacked

by on November 11, 2011
in Computers and Software, Computer Safety & Support, Tips & How-Tos, Tech 101 :: 24 comments

Yesterday, I got an interesting email from my mother-in-law. The message, rife with grammatical errors, contained a link directing me to a Filipino-registered website with a pitch on how to make money working from home. Was this her way of telling me I should earn more money to support her grandchildren? No, just evidence that her email had been hacked.

When I called my mother-in-law, she already knew about the problem—the hacker's message had gone out to her entire address book—and was very concerned. So I walked her through the steps to get everything back in order.

Step #1 - Change your password

The very first thing you want to do is keep the hacker from getting back into your email account. So change your password, and be sure to use a strong password that is not related to your prior password. I.e., if your last password was "billyjoe1", don't pick "billyjoe2". And if your name is BillyJoe, you shouldn't have been using your name in your password in the first place.

Step #2 - Check you email settings

Sometimes hackers will change your settings to forward a copy of every email you receive to themselves. This way, they can monitor future emails that may contain login information for other sites. So check your mail forwarding settings to ensure no unexpected email addresses have been added.

Second, check your email signature to see if the hacker added a spammy signature that will continue to peddle their dubious wares even after they've been locked out.

Step #3 - Scan your computer for malware

Run a full scan with your anti-malware program. You do have an anti-malware program on your computer, right? If not, download the free version of Malwarebytes and run a full scan with it. I recommend running Malwarebytes even if you already have another anti-malware program. If the problem is malware, your original program obviously didn't stop it. And Malwarebytes has resolved problems for me that even Symantec's Norton Internet Security wasn't able to resolve. Scan other computers you log in from, such as your work computer, as well.

If malware is detected, fix it (obviously) and then go back and change your email password again (since when you changed it in step #1, the malware was still on your computer.).

Step #4 - Find out what else is compromised

My mother-in-law followed the ill-advised practice of storing usernames and passwords for her various accounts in an email folder called "sign-ups". So once the hacker was into her email, he could easily discover numerous other logins. But most of us have emails buried somewhere with this type of information. Do a search for "password" in your mailbox to figure out what other accounts you may have that could have been compromised. Change these passwords immediately and, god forbid, they are your bank, credit card or other critical accounts, check your statements to make sure there are no suspicious transactions.

It's also a good idea to change any other accounts that use the same user name and password as your compromised email. Spammers are savvy enough to know that most people reuse passwords for multiple accounts, so they may try your login info in other email applications, PayPal and other common sites.

Step #5 - Humbly beg forgiveness of your friends

Let the folks in your contact list know that your email was hacked and that they should not open any suspicious emails or click on any links in the email(s) that were recently sent from you. Most will probably have already figured out that you were not really the one recommending they buy their Viagra from an online pharmacy in India, but you know, everyone has one or two friends who are a little slower to pick up on these things.

Setp #6 - Stop it from happening again

While malware on your computer is one way your login information could be stolen, it is certainly not the only way. Many cases are due to carelessness with creating or protecting your login information.

In 2009, hackers stole and posted on the Internet 32 million passwords from a website called RockYou.com. An analysis of the data by security researchers showed that 20% used one of 5,000 common passwords, with 1% using "123456". Easy passwords make for easy hacking, as spammers have programs that can cycle through thousands of logins a second to identify weak accounts.

Picking a strong password is your best protection from this type of hacking. It also is prudent to use different passwords for each site. Or, at the very least, use a unique password for your email account that no other account uses. Likewise, for banking or other high-security accounts. If you're concerned about keeping track of the passwords, there are password management programs that can do the work for you.

In my mother-in-law's case, her passwords were pretty good and there was no malware on her computer. But she was careless about where she was logging in. On her trip to Morocco over the summer, she didn't want to lug a computer around. Instead, she used the computer in her hotel lobby to check her email.

That was a bad idea. Computers in hotel lobbies, libraries and other public places are perfect locations for hackers to install key-logging programs. The computers are often poorly secured and are used by dozens of people a day who don't think twice about logging into their email or bank account, or entering credit card information to make a purchase. The best advice is to assume that any public computer is compromised and proceed accordingly.

 

Subscribe to the Techlicious Daily Email!

Get the Techlicious Guide to Great Photography as your FREE gift!

Discussion loading

gravatar

Hacked in a Holiday Inn

From nancy on November 11, 2011 :: 11:22 am

I did not use the computer in the lobby, but my own personal MAC in a hotel room in a very touristy town, using the hotels wi fi connection to check my e-mail. The next day, everyone on my contact list received an advertisement for a cream said to be effective for enlarging and revitalizing a certain male body part. Ii went to everyone I know, including my ex husband, my in-laws, my priest, and the ladies in my Bible study group. Fortunately a lot of the info they used was old or a no reply address, so I knew about it immediately.

Reply

gravatar

what about forwards?

From Rich Moser on November 11, 2011 :: 11:27 am

It hasn’t happened to me, but I have received e-mails from a couple of friends whose e-mail had been compromised. But I’ve been assuming that it could also happen via someone sending out mass forwards to large mailing lists. If only one of somebody’s 100+ mailing list contacts chose to sell the entire list to a spammer, then it could happen very easily that way too, right? (Of course, this would be much easier if the original sender was negligent by including the entire list in such a way that everyone could see it.)

Reply

avatar

There are many ways that

From Josh Kirschner on November 12, 2011 :: 11:03 am

There are many ways that spammers can acquire email lists - from screen scraping robots, to database hacking, etc. But this is different from email hacking, where they actually access your account in order to send emails from your email address. Spammers love this second method because we’re much more likely to open and click on links in an email from someone we trust.

I wouldn’t worry too much about a friend or acquaintance selling their lists. The value of a single email address is so low that it only makes sense to do this in volume.

Reply

gravatar

The hotel did it!

From Nikki @ Mommy Factor on November 11, 2011 :: 12:23 pm

this recently happened to me after traveling outta state and using the hotel internet access.  I changed my password after finding out but didn’t think about checking my email settings. Thanks for that tip!

Reply

gravatar

Keylogging

From JustMe on November 11, 2011 :: 8:05 pm

Yes. Every once in a while I get email sent to my own address from my own screen name.  It obviously is spam but I do wonder how they were able to do that.

Secondly, I have a former ex who somehow (perhaps because I once checked my email on his computer) found access to one of my email accounts.  He went through the messages and subsequently wrote to one of my friends who advised me to beware of my ex.  I received a call one morning at 6am that this ex had sent 4-5 lengthy emails to my friend while I was sleeping.  Now that is something I still haven’t been able to resolve.

Reply

avatar

Spoofing email addresses is pretty

From Josh Kirschner on November 12, 2011 :: 10:56 am

Spoofing email addresses is pretty easy. It doesn’t mean the email was actually sent by you, just that the email header was modified to make it look like it was.

If your ex is still accessing your account, you should follow the steps above and, if necessary, contact the authorities. Accessing someone else’s email account without their permission may be a crime, depending on the circumstances.

Reply

gravatar

What To Do When Your Email Gets Hacked

From Liaqat Ali Khan on April 05, 2012 :: 2:30 am

I am sorry to say that the above article is ill-advised and is contrary to its heading. My yahoo account was hacked about an year ago and still I am unable to get it back. The hacker had already changed the password and secret questions, and so my email is not in my control. Whenever, I tried the proceedure to recover, they asked me the first question/step as:
Step #1 - enter your password
or
Step #1 - Change your password

Is it not inappropriate ? or even silly ?

There must be some easy, and staight way to recover it. For example, the concerned email administration should ask the original email owner to produce a couple of addresses of his recent incontact or email copies of a couple of his past emails correspondences.
Someone else may convey a better concrete solution on the problem of recovery of an hacked email.
Thank you

Reply

avatar

Yahoo doesn't make it easy

From Josh Kirschner on April 05, 2012 :: 7:40 am

Yahoo doesn’t make it easy to contact them, but we tracked down the link. Go to this page and follow the steps to let them know that your Yahoo account has been compromised: https://io.help.yahoo.com/contact/index?locale=en_US&y=PROD_ACCT&page=contact. You can also get to that page by going to help.yahoo.com, clicking “Account Information” and then the Contact Yahoo button on the right.

Fill in the dropdowns and then click the “Email Now” button. You will be asked to provide account information, including your former security question answers. You can also try calling this number for yahoo Customer Support: 866-850-4303 toll-free (Open 7 days a week, 6 a.m. - 6 p.m. Pacific Standard Time). Be prepared for a long wait.

Hope that works for you.

Reply

gravatar

What To Do When Your Email Gets Hacked

From Liaqat Ali Khan on April 05, 2012 :: 8:17 am

Thank you JOSH KIRSCHNER. 
First I make a correction to my last comment, I had meant “hotmail” account instead of “yahoo” account. In fact, about an year ago, both of my hotmail and yahoo accounts were hacked on the same day by a hacker (due to my mistake that I was using the same password for both, which no one should do). This happened due to the reason that I entered my password when a new (fake) window appeared on the screen and asked me to enter the yahoo password, while I was already login in this account. The hacker sent the following usual message to my several incontacts:   
““Am sorry I didn’t inform you about my trip to Greece for a program unfortunately for me I got robbed on my way to the hotel where i lodged along with my Cell phone and my luggage and since then i have been without money
  I’m having problem paying my hotel bills and the hotel manager won’t let me leave until I pay my bills.
  Please I need you to loan (€1,600 Euro = 2,265 Dollars) or any amount you can help me with, I’II refund it back to you as soon as I’m back with no delay, I give you my word.
  Please let me know immediately if you can be of help to my situation.”“
On my contact to the hacker by email, he replied:
““This is what i do for a living so if you are ready to pay i will send your password the amount you will pay is 1000$ so reply back as to send you the details for the transfer. thanks “”

I was able to recover my yahoo account after a bit of struggle (and in this case I got empty “sent mails” folder and one year past emails deleted from “Inbox”, but still unable to recover my “hotmail” account.
I still stress on my point that “hotmail” and other email accounts administrations should pay special attention on the recovery of hacked emails.
Please repeat for me easy proceedure to recover “hotmail” account.

Reply

gravatar

Change Security Question/Answer

From Been Hacked on April 05, 2012 :: 7:37 am

Co-workers and nosy family members hacked my accounts by answering the secret question that is asked when you “forget” your password. I recommend that you provide a secret answer that is not the actual answer to the question. Don’t forget your answer and don’t trust others with this information. I would like email accounts to prominently display the last date and time the account was accessed.

Reply

gravatar

What steps to take if you have more than one email account?

From Carol Stewart on April 05, 2012 :: 7:58 am

After reading your article last week on removing viruses, I followed your advice and ran 2 anti-virus programs (avast, avg) plus Malware. Both Malware and Avast picked up one virus each and the viruses were removed.

As I have more than one email account (one for personal, one for consulting work and one for school) I occasionally receive a “suspicious” email from one email account to another email account. The problem is I can’t determine which email account has been hacked (I often log into them all in one day and then not again for several days). And if I am reading your post above correctly I assumed by getting rid of the 2 viruses last week this would have stopped the suspicious emails.

After running the anti-virus programs last week, no more suspicious emails until yesterday - I received one.

Is there a process that I should follow to ensure this problem is solved for good? In other words what possibilities exist that this suspicious email would pop its ugly head up again? Did I miss something in following your instructions the first time or just by logging into my former “hacked” email account the virus was reborn again?

Reply

avatar

If your account was hacked

From Josh Kirschner on April 05, 2012 :: 8:55 am

If your account was hacked because of malware, removing the malware will prevent your accounts from being hacked again, but you still will need to “unhack” your accounts. That means following steps 1 & 2 above, including changing your security questions, alternate email addresses, etc.

Also, since you said you found viruses on your computer, can I assume that you weren’t running anti-malware software? If not, make sure you don’t keep getting reinfected. Malwarebytes doesn’t offer ongoing protection unless you buy the premium version. Check out our Security Software Buying Guides for our picks.

If you provide more information about who your email provider is and what the “suspicious” messages say, I can perhaps provide additional tips.

Reply

gravatar

I too got a suspicious email & since then have had multiple problems

From Angie on September 06, 2012 :: 11:27 am

A while back I got an email from someone which had “hidden text” that I only realized some 6 months later.

\t�-$� �DC�c��L��M8�D<�

Since then, I have found a worm in C:$Recycle….
&  this has been popping up constantly
C:\WINDOWS\SYSNATIVE\WERMGR.EXE in my antivirus.

Do you have any idea what could be going on? Any help would be GREATLY appreciated!

Reply

avatar

Here are some suggestions

From Josh Kirschner on September 06, 2012 :: 12:27 pm

Hidden text isn’t likely the cause of your problems.  It’s usually used by spammers to help evade spam filter detection and I’m not aware of any way that malware has been installed through text in an email.

Can you provide more details on why you think you have a worm in your recycle folder? And which antivirus program are you using?

I would also recommend that you download and run the free version of Malwarebytes and see what it says - it will usually pick up things other programs miss.

Let me know what you find.

Reply

gravatar

forwarding settings

From Mary on September 06, 2012 :: 2:48 pm

Where do I find mail forwarding settings?

Reply

avatar

Your fowarding settings will be

From Josh Kirschner on September 07, 2012 :: 8:28 am

Your fowarding settings will be i your email settings, but where will depend on who your email provider is. If you can’t find them, contact your email provider. For SuddenLink: http://help.suddenlink.com/Pages/default.aspx

Reply

gravatar

Thanks!

From Angie on September 07, 2012 :: 9:31 am

So, I installed malwarebytes & it deleted several things. Thanks! 

C:\$Recycle\S-1-21-5-16….\$RR4QE24.exe
Quarantined Object: 57ed2173.qua
Definition File: 7.11.41.78
(if any of this means anything?)

I’m currently using Free Antivirus, but am willing to buy one if needed. I had asked my IT consultant & he thought this was enough.  I’m concerned because with my job I get highly confidential client emails. I could get in serious trouble if the information gets out.

I am forced to correspond by email with an individual who could potentially be trying to monitor my emails. Ironically, the strange lettering was at the end of one of their emails. My Outlook has also popped up warnings when I try opening their emails saying that there is external content in the email that could be harmful? I store all correspondence from this person in a designated file. Many of the stored emails from them have been deleted somehow & they know information that there is no possible way of knowing? I am most deffinately not a paranoid person, but am beginning to wonder if I should start being?

Reply

avatar

Can you confirm who makes

From Josh Kirschner on September 07, 2012 :: 9:57 am

Can you confirm who makes your “Free Antivirus”? There are very good free programs and ones that are next to useless. However, if you’re using it for work, upgrading to a paid antimalware suite is well worth the small investment: http://www.techlicious.com/guide/computer-security-software-buying-guide-2012/

Outlook may pop up that message when it detects files of a type that could be harmful (e.g. executable programs). It doesn’t necessarily mean that they are harmful. But it doesn’t mean they’re not, either. So never open a file that comes through your email unless you’re very sure what it is.

With a good antimalware program in place, you should be pretty safe. If you’re concerned about whether he may have access to information he shouldn’t, make sure you change any passwords that allow access into your system/servers, including email logins, network logins, etc.

Reply

gravatar

Sorry, I thought I typed

From Angie on September 07, 2012 :: 10:04 am

Sorry, I thought I typed in Aviria, but my auto correct must have cut it out. Thanks for the link. I’ll deffinately check it out!!

Reply

current hacking drama

From Maureen McDonald on March 30, 2013 :: 11:04 am

this is the 3rd day of a violent hacking episode by someone i know who is viewing me as a personal competition on, or threat.  initially she hit my FB acct-  posting under my name.  she began spamming at lightening speed… then disabling gmail, google , apple, chrome overnight to where my accounts were suspended from too many attempts to reconcile.

i found a computer recovery service with whom i work daily since then.  she also hacked my iPhone 5, stealing text messages, and disabling blue tooth and apple.

the recovery services understand your fears, and are money well spent.  for me, $200.-/ year   i also see someone at the apple genius bar tomorrow.

caution:  notify friends.  i generated a mass message on Facebook.  you will need roughly 3 new e-mail accounts for backup.  good luck!

Reply

gravatar

email hacked.

From Nancy on April 11, 2013 :: 5:01 pm

Does anyone know how to recover your contact list after your email has been hacked.  I can no longer
get into my account to recover my files.

Reply

avatar

Contact your email provider

From Josh Kirschner on April 12, 2013 :: 11:41 am

Most email providers have a way to recover your account after it has been hacked. You don’t say who your provider is, so hard to provide more details.

Beyond that, it’s always a good idea to sync your email contacts to your phone and computer (e.g., Outlook) so you have a backup if you lose access.

Reply

gravatar

how do i do?

From Karokola on September 04, 2013 :: 11:40 am

i Forwarded mail to all of my email contacts and some of my friend saw my contacts that i forwarded to,now they are using such contacts! how do i remove my contacts from their contact lists because they are disturbing even my boss and my private people!please help..

Reply

gravatar

Its All Geek To Me!

From elizabeth ramos on February 20, 2014 :: 4:22 am

After getting my first SmartPhone back in 2010, (vowed not to do that as I recall!) my then (now deceased) boyfriend, took it upon himself to create my very first email account. After that…oh my god! I had to contact the FBI to report that my Identity had, in fact, been stolen,and everything I had worked for 30 + years for had been paid out to stranges, claiming to be ME!!! Its been years and though my life has changed in so many ways for the worse because of it, I am certain the malcreants will be caught, and dealt with accordingly by authorities! If any of the bastards would find the courage to face me, I would be most pleased to deal out my own brand of justice!
Youre website is very informative. Thanks for the tips, and comments, I feel not so ridiculous now, knowing I’m not the only one in Cyberland who’s experienced sad problems using email accounts online!
Hackers have a place in this world…just stay the fuck away from me n mine! Please! There’s nothing left for them anyways.
ergo…cyabye!

Reply

© 2014 Techlicious LLC. :: Home | About | Meet the Team | Sponsorship Opportunities | Newsletter Archive | Contact Us :: Terms of Use | Privacy Policy

site design: Juxtaprose