Tech Made Simple

Hot Topics: Holiday Shopping & Gifts | 2014 Best iPhone Apps & Android Apps | Best TVs Under $500 & Under $1,000 | Apple iPhone 6

Use It

author photo

What To Do When Your Email Gets Hacked

by on November 17, 2014
in Computers and Software, Computer Safety & Support, Tips & How-Tos, Tech 101 :: 29 comments

Last week, I got an email from a friend urging me to check out an amazing page. Between the grammatical errors and a link obviously pointing to a server somewhere in Russia, it was obvious that my friend’s email account had been hacked.  

When I checked in with her another way, she already knew about the problem—the hacker's message had gone out to her entire address book—and she was quite concerned. So I walked her through the steps for getting everything back in order.

Step #1: Change your password.

The very first thing you should do is keep the hacker from getting back into your email account. Change your password to a strong password that is not related to your prior password; if your last password was billyjoe1, don't pick billyjoe2—and if your name is actually BillyJoe, you shouldn't have been using your name as your password in the first place.

Try using a meaningful sentence as the basis of your new password. For example, “I go to the gym in the morning” turns into “Ig2tGYMitm” using the first letter of each word in the sentence, mixing uppercase and lowercase letters and replacing the word “to” with “2.”

Step #2: Reclaim your account.

If you’re lucky, the hacker only logged into your account to send a mass email to all of your contacts.

If you’re not so lucky, the hacker changed your password too, locking you out of your account. If that’s the case, you’ll need to reclaim your account, usually a matter of using the “forgot your password” link and answering your security questions or using your backup email address.

Check out the specific recommendations for reclaiming possession of your account for Gmail, Outlook.com and Hotmail, Yahoo! and AOL.

Step #3: Enable two-factor authentication.

Set your email account to require a second form of authentication in addition to your password whenever you log into your email account from a new device. When you log in, you'll also need to enter a special one-time use code the site will text to your phone or generated via an app.

Check out two-step authentication setup instructions for Gmail, Microsoft’s Outlook.com and Hotmail and Yahoo!. AOL doesn’t support two-factor authentication yet.

Step #4: Check your email settings.

Sometimes hackers might change your settings to forward a copy of every email you receive to themselves, so they can watch for any emails containing login information for other sites. Check your mail forwarding settings to ensure no unexpected email addresses have been added.

Next, check your email signature to see if the hacker added a spammy signature that will continue to peddle their dubious wares even after they've been locked out.

Last, check to make sure the hackers haven’t turned on an auto-responder, turning your out-of-office notification into a spam machine.

Step #5: Scan your computer for malware.

Run a full scan with your anti-malware program. You do have an anti-malware program on your computer, right? If not, download the free version of Malwarebytes and run a full scan with it. I recommend running Malwarebytes even if you already have another anti-malware program; if the problem is malware, your original program obviously didn't stop it, and Malwarebytes has resolved problems for me that even Symantec's Norton Internet Security wasn't able to resolve. Scan other computers you log in from, such as your work computer, as well.

If any of your scans detect malware, fix it and then go back and change your email password again (because when you changed it in step #1, the malware was still on your computer).

Step #6: Find out what else has been compromised.

My mother-in-law once followed the ill-advised practice of storing usernames and passwords for her various accounts in an email folder called "Sign-ups." Once the hacker was into her email, he easily discovered numerous other logins.

Most of us have emails buried somewhere that contain this type of information. Search for the word "password" in your mailbox to figure out what other accounts might have been compromised. Change these passwords immediately; if they include critical accounts such as bank or credit card accounts, check your statements to make sure there are no suspicious transactions.

It's also a good idea to change any other accounts that use the same username and password as your compromised email. Spammers are savvy enough to know that most people reuse passwords for multiple accounts, so they may try your login info in other email applications and on PayPal and other common sites.

Step #7: Humbly beg for forgiveness from your friends.

Let the folks in your contacts list know that your email was hacked and that they should not open any suspicious emails or click on any links in any email(s) that recently received from you. Most people will probably have already figured out that you were not really the one recommending they buy Viagra from an online pharmacy in India—but you know, everyone has one or two friends who are a little slower to pick up on these things.

Step #8: Prevent it from happening again.

While large-scale breaches are one way your login information could be stolen—this summer, Russian criminals stole 1.2 billion usernames and passwords—they’re certainly not the only way.  Many cases are due to carelesscreation of protection of login information.

Last year, Google released a study that reveals most people choose passwords based on readily available information, making their accounts hackable with a few educated guesses. Easy passwords make for easy hacking, and spammers use programs that can cycle through thousands of logins a second to identify weak accounts.

Picking a strong password is your best protection from this type of hacking. It also is prudent to use a different password for each site or account, or, at the very least, use a unique password for your email account, your bank account and any other sensitive accounts. If you're concerned about keeping track of your passwords, find a password management program to do the work for you.

In my friend's case, her passwords were pretty good and there was no malware on her computer. But she was careless about where she was logging in. On a recent trip overseas, she used the computer in her hotel lobby to check her email. That was a bad idea.

Computers in hotel lobbies, libraries and other public places are perfect locations for hackers to install key-logging programs. The computers are often poorly secured and get used by dozens of people every day who don't think twice about logging into their email or bank accounts or entering credit card information to make a purchase. The best practice is to assume that any public computer is compromised and proceed accordingly.

[Updated: 11/18/2014]

[email security keyboard via Shutterstock]

Subscribe to the Techlicious Daily Email!

Get the Techlicious Guide to Great Photography as your FREE gift!

Discussion loading

gravatar

Hacked in a Holiday Inn

From nancy on November 11, 2011 :: 11:22 am

I did not use the computer in the lobby, but my own personal MAC in a hotel room in a very touristy town, using the hotels wi fi connection to check my e-mail. The next day, everyone on my contact list received an advertisement for a cream said to be effective for enlarging and revitalizing a certain male body part. Ii went to everyone I know, including my ex husband, my in-laws, my priest, and the ladies in my Bible study group. Fortunately a lot of the info they used was old or a no reply address, so I knew about it immediately.

Reply

gravatar

what about forwards?

From Rich Moser on November 11, 2011 :: 11:27 am

It hasn’t happened to me, but I have received e-mails from a couple of friends whose e-mail had been compromised. But I’ve been assuming that it could also happen via someone sending out mass forwards to large mailing lists. If only one of somebody’s 100+ mailing list contacts chose to sell the entire list to a spammer, then it could happen very easily that way too, right? (Of course, this would be much easier if the original sender was negligent by including the entire list in such a way that everyone could see it.)

Reply

avatar

There are many ways that

From Josh Kirschner on November 12, 2011 :: 11:03 am

There are many ways that spammers can acquire email lists - from screen scraping robots, to database hacking, etc. But this is different from email hacking, where they actually access your account in order to send emails from your email address. Spammers love this second method because we’re much more likely to open and click on links in an email from someone we trust.

I wouldn’t worry too much about a friend or acquaintance selling their lists. The value of a single email address is so low that it only makes sense to do this in volume.

Reply

gravatar

The hotel did it!

From Nikki @ Mommy Factor on November 11, 2011 :: 12:23 pm

this recently happened to me after traveling outta state and using the hotel internet access.  I changed my password after finding out but didn’t think about checking my email settings. Thanks for that tip!

Reply

gravatar

Keylogging

From JustMe on November 11, 2011 :: 8:05 pm

Yes. Every once in a while I get email sent to my own address from my own screen name.  It obviously is spam but I do wonder how they were able to do that.

Secondly, I have a former ex who somehow (perhaps because I once checked my email on his computer) found access to one of my email accounts.  He went through the messages and subsequently wrote to one of my friends who advised me to beware of my ex.  I received a call one morning at 6am that this ex had sent 4-5 lengthy emails to my friend while I was sleeping.  Now that is something I still haven’t been able to resolve.

Reply

avatar

Spoofing email addresses is pretty

From Josh Kirschner on November 12, 2011 :: 10:56 am

Spoofing email addresses is pretty easy. It doesn’t mean the email was actually sent by you, just that the email header was modified to make it look like it was.

If your ex is still accessing your account, you should follow the steps above and, if necessary, contact the authorities. Accessing someone else’s email account without their permission may be a crime, depending on the circumstances.

Reply

gravatar

What To Do When Your Email Gets Hacked

From Liaqat Ali Khan on April 05, 2012 :: 2:30 am

I am sorry to say that the above article is ill-advised and is contrary to its heading. My yahoo account was hacked about an year ago and still I am unable to get it back. The hacker had already changed the password and secret questions, and so my email is not in my control. Whenever, I tried the proceedure to recover, they asked me the first question/step as:
Step #1 - enter your password
or
Step #1 - Change your password

Is it not inappropriate ? or even silly ?

There must be some easy, and staight way to recover it. For example, the concerned email administration should ask the original email owner to produce a couple of addresses of his recent incontact or email copies of a couple of his past emails correspondences.
Someone else may convey a better concrete solution on the problem of recovery of an hacked email.
Thank you

Reply

avatar

Yahoo doesn't make it easy

From Josh Kirschner on April 05, 2012 :: 7:40 am

Yahoo doesn’t make it easy to contact them, but we tracked down the link. Go to this page and follow the steps to let them know that your Yahoo account has been compromised: https://io.help.yahoo.com/contact/index?locale=en_US&y=PROD_ACCT&page=contact. You can also get to that page by going to help.yahoo.com, clicking “Account Information” and then the Contact Yahoo button on the right.

Fill in the dropdowns and then click the “Email Now” button. You will be asked to provide account information, including your former security question answers. You can also try calling this number for yahoo Customer Support: 866-850-4303 toll-free (Open 7 days a week, 6 a.m. - 6 p.m. Pacific Standard Time). Be prepared for a long wait.

Hope that works for you.

Reply

gravatar

What To Do When Your Email Gets Hacked

From Liaqat Ali Khan on April 05, 2012 :: 8:17 am

Thank you JOSH KIRSCHNER. 
First I make a correction to my last comment, I had meant “hotmail” account instead of “yahoo” account. In fact, about an year ago, both of my hotmail and yahoo accounts were hacked on the same day by a hacker (due to my mistake that I was using the same password for both, which no one should do). This happened due to the reason that I entered my password when a new (fake) window appeared on the screen and asked me to enter the yahoo password, while I was already login in this account. The hacker sent the following usual message to my several incontacts:   
““Am sorry I didn’t inform you about my trip to Greece for a program unfortunately for me I got robbed on my way to the hotel where i lodged along with my Cell phone and my luggage and since then i have been without money
  I’m having problem paying my hotel bills and the hotel manager won’t let me leave until I pay my bills.
  Please I need you to loan (€1,600 Euro = 2,265 Dollars) or any amount you can help me with, I’II refund it back to you as soon as I’m back with no delay, I give you my word.
  Please let me know immediately if you can be of help to my situation.”“
On my contact to the hacker by email, he replied:
““This is what i do for a living so if you are ready to pay i will send your password the amount you will pay is 1000$ so reply back as to send you the details for the transfer. thanks “”

I was able to recover my yahoo account after a bit of struggle (and in this case I got empty “sent mails” folder and one year past emails deleted from “Inbox”, but still unable to recover my “hotmail” account.
I still stress on my point that “hotmail” and other email accounts administrations should pay special attention on the recovery of hacked emails.
Please repeat for me easy proceedure to recover “hotmail” account.

Reply

gravatar

Change Security Question/Answer

From Been Hacked on April 05, 2012 :: 7:37 am

Co-workers and nosy family members hacked my accounts by answering the secret question that is asked when you “forget” your password. I recommend that you provide a secret answer that is not the actual answer to the question. Don’t forget your answer and don’t trust others with this information. I would like email accounts to prominently display the last date and time the account was accessed.

Reply

gravatar

What steps to take if you have more than one email account?

From Carol Stewart on April 05, 2012 :: 7:58 am

After reading your article last week on removing viruses, I followed your advice and ran 2 anti-virus programs (avast, avg) plus Malware. Both Malware and Avast picked up one virus each and the viruses were removed.

As I have more than one email account (one for personal, one for consulting work and one for school) I occasionally receive a “suspicious” email from one email account to another email account. The problem is I can’t determine which email account has been hacked (I often log into them all in one day and then not again for several days). And if I am reading your post above correctly I assumed by getting rid of the 2 viruses last week this would have stopped the suspicious emails.

After running the anti-virus programs last week, no more suspicious emails until yesterday - I received one.

Is there a process that I should follow to ensure this problem is solved for good? In other words what possibilities exist that this suspicious email would pop its ugly head up again? Did I miss something in following your instructions the first time or just by logging into my former “hacked” email account the virus was reborn again?

Reply

avatar

If your account was hacked

From Josh Kirschner on April 05, 2012 :: 8:55 am

If your account was hacked because of malware, removing the malware will prevent your accounts from being hacked again, but you still will need to “unhack” your accounts. That means following steps 1 & 2 above, including changing your security questions, alternate email addresses, etc.

Also, since you said you found viruses on your computer, can I assume that you weren’t running anti-malware software? If not, make sure you don’t keep getting reinfected. Malwarebytes doesn’t offer ongoing protection unless you buy the premium version. Check out our Security Software Buying Guides for our picks.

If you provide more information about who your email provider is and what the “suspicious” messages say, I can perhaps provide additional tips.

Reply

gravatar

I too got a suspicious email & since then have had multiple problems

From Angie on September 06, 2012 :: 11:27 am

A while back I got an email from someone which had “hidden text” that I only realized some 6 months later.

\t�-$� �DC�c��L��M8�D<�

Since then, I have found a worm in C:$Recycle….
&  this has been popping up constantly
C:\WINDOWS\SYSNATIVE\WERMGR.EXE in my antivirus.

Do you have any idea what could be going on? Any help would be GREATLY appreciated!

Reply

avatar

Here are some suggestions

From Josh Kirschner on September 06, 2012 :: 12:27 pm

Hidden text isn’t likely the cause of your problems.  It’s usually used by spammers to help evade spam filter detection and I’m not aware of any way that malware has been installed through text in an email.

Can you provide more details on why you think you have a worm in your recycle folder? And which antivirus program are you using?

I would also recommend that you download and run the free version of Malwarebytes and see what it says - it will usually pick up things other programs miss.

Let me know what you find.

Reply

gravatar

forwarding settings

From Mary on September 06, 2012 :: 2:48 pm

Where do I find mail forwarding settings?

Reply

avatar

Your fowarding settings will be

From Josh Kirschner on September 07, 2012 :: 8:28 am

Your fowarding settings will be i your email settings, but where will depend on who your email provider is. If you can’t find them, contact your email provider. For SuddenLink: http://help.suddenlink.com/Pages/default.aspx

Reply

gravatar

Thanks!

From Angie on September 07, 2012 :: 9:31 am

So, I installed malwarebytes & it deleted several things. Thanks! 

C:\$Recycle\S-1-21-5-16….\$RR4QE24.exe
Quarantined Object: 57ed2173.qua
Definition File: 7.11.41.78
(if any of this means anything?)

I’m currently using Free Antivirus, but am willing to buy one if needed. I had asked my IT consultant & he thought this was enough.  I’m concerned because with my job I get highly confidential client emails. I could get in serious trouble if the information gets out.

I am forced to correspond by email with an individual who could potentially be trying to monitor my emails. Ironically, the strange lettering was at the end of one of their emails. My Outlook has also popped up warnings when I try opening their emails saying that there is external content in the email that could be harmful? I store all correspondence from this person in a designated file. Many of the stored emails from them have been deleted somehow & they know information that there is no possible way of knowing? I am most deffinately not a paranoid person, but am beginning to wonder if I should start being?

Reply

avatar

Can you confirm who makes

From Josh Kirschner on September 07, 2012 :: 9:57 am

Can you confirm who makes your “Free Antivirus”? There are very good free programs and ones that are next to useless. However, if you’re using it for work, upgrading to a paid antimalware suite is well worth the small investment: http://www.techlicious.com/guide/computer-security-software-buying-guide-2012/

Outlook may pop up that message when it detects files of a type that could be harmful (e.g. executable programs). It doesn’t necessarily mean that they are harmful. But it doesn’t mean they’re not, either. So never open a file that comes through your email unless you’re very sure what it is.

With a good antimalware program in place, you should be pretty safe. If you’re concerned about whether he may have access to information he shouldn’t, make sure you change any passwords that allow access into your system/servers, including email logins, network logins, etc.

Reply

gravatar

Sorry, I thought I typed

From Angie on September 07, 2012 :: 10:04 am

Sorry, I thought I typed in Aviria, but my auto correct must have cut it out. Thanks for the link. I’ll deffinately check it out!!

Reply

current hacking drama

From Maureen McDonald on March 30, 2013 :: 11:04 am

this is the 3rd day of a violent hacking episode by someone i know who is viewing me as a personal competition on, or threat.  initially she hit my FB acct-  posting under my name.  she began spamming at lightening speed… then disabling gmail, google , apple, chrome overnight to where my accounts were suspended from too many attempts to reconcile.

i found a computer recovery service with whom i work daily since then.  she also hacked my iPhone 5, stealing text messages, and disabling blue tooth and apple.

the recovery services understand your fears, and are money well spent.  for me, $200.-/ year   i also see someone at the apple genius bar tomorrow.

caution:  notify friends.  i generated a mass message on Facebook.  you will need roughly 3 new e-mail accounts for backup.  good luck!

Reply

gravatar

email hacked.

From Nancy on April 11, 2013 :: 5:01 pm

Does anyone know how to recover your contact list after your email has been hacked.  I can no longer
get into my account to recover my files.

Reply

avatar

Contact your email provider

From Josh Kirschner on April 12, 2013 :: 11:41 am

Most email providers have a way to recover your account after it has been hacked. You don’t say who your provider is, so hard to provide more details.

Beyond that, it’s always a good idea to sync your email contacts to your phone and computer (e.g., Outlook) so you have a backup if you lose access.

Reply

gravatar

how do i do?

From Karokola on September 04, 2013 :: 11:40 am

i Forwarded mail to all of my email contacts and some of my friend saw my contacts that i forwarded to,now they are using such contacts! how do i remove my contacts from their contact lists because they are disturbing even my boss and my private people!please help..

Reply

gravatar

Its All Geek To Me!

From elizabeth ramos on February 20, 2014 :: 4:22 am

After getting my first SmartPhone back in 2010, (vowed not to do that as I recall!) my then (now deceased) boyfriend, took it upon himself to create my very first email account. After that…oh my god! I had to contact the FBI to report that my Identity had, in fact, been stolen,and everything I had worked for 30 + years for had been paid out to stranges, claiming to be ME!!! Its been years and though my life has changed in so many ways for the worse because of it, I am certain the malcreants will be caught, and dealt with accordingly by authorities! If any of the bastards would find the courage to face me, I would be most pleased to deal out my own brand of justice!
Youre website is very informative. Thanks for the tips, and comments, I feel not so ridiculous now, knowing I’m not the only one in Cyberland who’s experienced sad problems using email accounts online!
Hackers have a place in this world…just stay the fuck away from me n mine! Please! There’s nothing left for them anyways.
ergo…cyabye!

Reply

gravatar

On free WiFi anything can get hacked

From CW on November 19, 2014 :: 4:03 am

I recently read an article on medium that showed how everything you do on your laptop/ cell phone/ tablet is at risk when connected to free wifi’s at places like cafe’s or tourist hotspots. We’re living in a scary age for personal security….

Article: https://medium.com/matter/heres-why-public-wifi-is-a-public-health-hazard-dd5b8dcb55e6

Reply

gravatar

If you have to log in at a public terminal...

From Jeffrey Deutsch on November 21, 2014 :: 5:55 pm

...set up two-factor authentication in advance.

Also, when typing your password type in a few dummy characters. Then use the mouse to highlight the dummy characters and hit the Delete key.

Finally, if your site is one of those that enables you to use on-screen “typing” (that is, displaying a keyboard on the screen itself so you use your mouse, not the keyboard at all, to log in) use it!

By the way, Josh, thank you for giving us the Yahoo! contact information!

Jeff Deutsch

Reply

gravatar

Your link to Microsoft's reclaim account page is now broken.

From Jeffrey Deutsch on November 21, 2014 :: 6:08 pm

Thanks in advance!

Jeff Deutsch

Reply

gravatar

Solutions

From Max on December 07, 2014 :: 2:19 am

I also had my email account hacked last week and i managed to get some information at http://www.hackedemails.com/help-emails-hacked/ hope it helps others like it did for me

Reply

gravatar

Employment opportunity in Marriott hotels,

From marriott hotel on December 20, 2014 :: 6:10 am

Employment opportunity in Marriott hotels,
  the management of Marriott hotel will be
responsible for the payment for his/her air ticket
and accommodation,interested you can contact us directory.
With your CV .(JavaScript must be enabled to view this email address)
We look forward for your prompt reply via this
email address for more information’s needed.

Reply

© 2014 Techlicious LLC. :: Home | About | Meet the Team | Sponsorship Opportunities | Newsletter Archive | Contact Us :: Terms of Use | Privacy Policy

site design: Juxtaprose