Tech Made Simple

Hot Topics: Browse the Web Anonymously | Complete Guide to Facebook Privacy | How to Block Spam Calls | Best Password Managers

Use It

author photo

What To Do When Your Email Gets Hacked

by on June 13, 2019
in Computers and Software, Computer Safety & Support, Tips & How-Tos, Privacy, Tech 101 :: 77 comments

Techlicious editors independently review products. To help support our mission, we may earn affiliate commissions from links contained on this page.

If your email account has been hacked, would you know what to do? Changing your password isn't good enough. You'll also want to make sure the hacker hasn't set up your account to let him get back in or to keep spamming, even after he's locked out. Here's what you need to do to get everything back in order and keep hackers out of your account for good.

Step #1: Run a security scan on your computer

Run a full scan of your computer with your anti-malware software  — don't do a quick scan, if that's an option. Sending email to your friends and family isn't the end goal for hackers. They want to separate you from your money and that means that they'll try to install keyloggers to get your passwords and other malware. We like Malwarebytes (free for Mac/Windows) as well as  Bitdefender Total Security and Symantec Norton Security Premium.

Step #2: Change your password and security questions

The very first thing you should do is keep the hacker from getting back into your email account. Change your password to a strong password that is not related to your prior password; if your last password was billyjoe1, don't pick billyjoe2—and if your name is actually BillyJoe, you shouldn't have been using your name as your password in the first place.

Try using a meaningful sentence as the basis of your new password. For example, “I go to the gym in the morning” turns into “Ig2tGYMitm” using the first letter of each word in the sentence, mixing uppercase and lowercase letters and replacing the word “to” with “2.”

Don't just change your email password. Also change the passwords of any accounts that share the same password as your hacked email account and even those that are variation of that password. As an extra security measure, also change the passwords for any sites that story your credit card information, like your Nextlix, Amazon and credit card company.

For accounts that require security questions, change those as well. And if the questions are generic, like what's your mother's maiden name, lie when answering and record those answers in your password manager. If you want to be extra careful, use a password generator to create a nonsense answer.

Step #3: Reclaim your account

If you’re lucky, the hacker only logged into your account to send a mass email to all of your contacts.

If you’re not so lucky, the hacker changed your password too, locking you out of your account. If that’s the case, you’ll need to reclaim your account, which is usually a matter of using the “forgot your password” link and answering your security questions or using your backup email address.

Check out the specific recommendations for reclaiming possession of your account for Gmail, Outlook.com and Hotmail, and AOL.

Step #4: Enable two-factor authentication

Set your email account to require a second form of authentication in addition to your password whenever you log into your email account from a new device. When you log in, you'll also need to enter a special one-time use code the site will text to your phone or generated via an app.

Check out two-step authentication setup instructions for Gmail, Microsoft’s Outlook.com and Hotmail, and AOL. And for a full list, check out twofactorauth.org

Step #5: Check your email settings

Sometimes hackers might change your settings to forward a copy of every email you receive to themselves so that they can watch for any emails containing login information for other sites. Check your mail forwarding settings to ensure no unexpected email addresses have been added.

Next, check your email signature to see if the hacker added a spammy signature that will continue to peddle their dubious wares even after they've been locked out.

Check your "reply to" email address. Sometimes hackers will change your "reply to" email address to one they've created that looks similar to yours. So when someone replies to your email, it goes to the hacker's account, not yours. 

Last, check to make sure the hackers haven’t turned on an auto-responder, turning your out-of-office notification into a spam machine.

Step #6: Find out what else has been compromised

My mother-in-law once followed the ill-advised practice of storing usernames and passwords for her various accounts in an email folder called "Sign-ups." Once the hacker was into her email, he easily discovered numerous other logins.

Most of us have emails buried somewhere that contain this type of information. Search for the word "password" in your mailbox to figure out what other accounts might have been compromised. Change these passwords immediately; if they include critical accounts such as bank or credit card accounts, check your statements to make sure there are no suspicious transactions. You should also consider adding a fraud alert or security freeze to your accounts with the major credit agencies. 

Step #7: Humbly beg for forgiveness from your friends

Let the folks in your contacts list know that your email was hacked and that they should not open any suspicious emails or click on any links in any email(s) that recently received from you. Most people will probably have already figured out that you were not the one recommending they buy Viagra from an online pharmacy in India—but you know, everyone has one or two friends who are a little slower to pick up on these things.

Step #8: Prevent it from happening again

While large-scale breaches are one way your login information could be stolen, many cases are due to careless creation or protection of login information.

A look at Splash Data's worst passwords reveals people still choose common passwords and passwords based on readily available information, making their accounts hackable with a few educated guesses. Easy passwords make for easy hacking, and spammers use programs that can cycle through thousands of logins a second to identify weak accounts.

Picking a strong password is your best protection from this type of hacking. It also is prudent to use a different password for each site or account, or, at the very least, use a unique password for your email account, your bank account and any other sensitive accounts. If you're concerned about keeping track of your passwords, find a password management program to do the work for you. We like Dashlane, LastPass and 1Password.

Limit the amount of personal information you share publicly on social media. Hackers use this publicly available personal information to help answer security questions that protect your accounts.

Bookmark websites that you frequently use to access personal information or input credit card information. This will prevent you from accidentally landing on a site that hackers set up to catch people mistyping the site address.

In a friend's case, her passwords were pretty good and there was no malware on her computer. But she was careless about where she was logging in. On a recent trip overseas, she used the computer in her hotel lobby to check her email. That was a bad idea.

Computers in hotel lobbies, libraries and other public places are perfect locations for hackers to install key-logging programs. The computers are often poorly secured and get used by dozens of people every day who don't think twice about logging into their email or bank accounts or entering credit card information to make a purchase. The best practice is to assume that any public computer is compromised and proceed accordingly.

[Updated: 6/13/2019]

[email security keyboard via Shutterstock]



Discussion loading

gravatar

haveibeenpwned.com

From Deborah on April 17, 2018 :: 11:45 am

Thank you for this link…turns out it was Dailymotion.com, which I used only once and forgot all about.

Reply

gravatar

haveibeenpwned.com

From Deborah on April 17, 2018 :: 11:48 am

Do I need to do anything about dailymotion? Or just let it go now that I have changed my password.

Thank you for everything.

Reply

avatar

Thanks for the update

From Josh Kirschner on April 17, 2018 :: 1:37 pm

This is very typical where we use a password on a site we’ve long since forgotten about and then reuse that same password somewhere where it really matters.

Now that you’ve changed your passwords, you should be fine. Also, make sure to do the steps above in the article to ensure that the hacker can’t reset your password and to add two-factor authentication to your email account.

Reply

gravatar

MASSIVE hacking attack and stalker

From Team72512 on April 18, 2018 :: 8:43 am

My story is too long to share in detail. To try and highlight the vicious attack still ongoing: Connected with guy through professional site, LinkedIn, about 2 months ago. He advertises as being recruiter, I am searching for job. Quickly became WEIRD, received email from att.com, turned out to be bogus, received porn photo in it. He claimed it unofficially, I had no idea something was wrong until I started getting red flashing warnings when everything routed me to a phony att homepage, saying it could be spam. Within 24 hours, I was being locked out of email accounts (I’ve had 11 different accounts as of today, get locked out every time), cant access anything that has passwords.As an idiot, saved passwords so graciously offered via Chrome so he had EVERYTHING.He has taken control of home router, even after replaced, stole contacts, google drive, photos, put lock on home computer network drive. Authorities are on it now. Got in while using android note 5. NIGHTMARE!!

Reply

gravatar

Hacked since 2013

From Jade bliss guidry theriot on April 18, 2018 :: 3:03 pm

I need to open a case

Reply

gravatar

If my phone has been hacked and I change the password using same device won't the hackers see the ne

From R.miller on April 19, 2018 :: 5:11 pm

If my phone has been hacked and I use the same device to change my passwords won’t hackers then see my new passwords???

Reply

avatar

It depends

From Josh Kirschner on April 19, 2018 :: 5:34 pm

If you have a keylogger on your phone, then yes, it’s possible someone would be able to determine your new password. However, mobile keyloggers would need to be installed by someone with direct access to your device (exceptions may be for very complex spyware typically used by state spy and law enforcement agencies), not some random remote hacker.

Reply

avatar

I need to clarify

From Josh Kirschner on April 20, 2018 :: 9:01 am

TEAM72512 is correct in the comment that there is spyware out there that can be installed without direct access to your device. Instead, the hackers trick YOU into installing the spyware through fake websites intended to mimic your phone carrier’s site. As far as has been reported to date, this spyware still falls into the realm of state spy and law enforcement activities (valid or not), rather than broad criminal activity. However, it is “possible” that the spyware has leaked into the criminal world.

It’s also possible to install spyware via an app you downloaded from another source outside the official Google Play market.

In short, if you have your device security set to not allow installs from outside of Google Play (the default setting), you should be fine. At least for now…

Reply

gravatar

Guess I'm in the professional spy minority!

From TEAM72512 on April 19, 2018 :: 6:12 pm

Hi Josh,

I just read your response to the prior entry about changing passwords on a device and keyloggers. Since I don’t know who my hacker - stalker is yet and probably never will, all I can tell you is that based on your response to her, I am in the minority and have a federal agent or professional spy with professional equipment and technology stalking and completely hijacking my life. I am here to tell you that less than 24 hours ago, I managed to get my Microsoft Management Console back from this jerk and I’ve also monitored my event log, task manager, whatever you want to call it. There must be at least a minimum of 50 different types of software and applications installed on my home computer. However, they are still right on my trail through my Android. I am not crazy, although I thought I was for the first week or so. I have had countless AT&T “experts”, all of my family members, even my poor dog that is suffering through this ... I have had all of them witness this in REAL TIME! AT&T hasn’t done anything other than tell me how sorry they are while getting conveniently disconnected from me right when they are about to do something that will cut the guy off. I keep referencing the hacker as a guy because of my LinkedIn encounter that started this chaos. However, I am convinced that I am under attack by botnets. If not that, there is one person that suddenly lives 24/7 literally in front of a computer waiting for me to do something. That is why I have authorities involved although I’m not getting my hopes up. Oh, I have just discovered that I apparently increased a credit line by $5,000 and conveniently spent it, opened 3 Samsung pay accounts and applied for several Visas. Yes, every organization,all Credit Bureaus, you name it ... have been advised. And lastly, I also get emails from myself to myself or from someone to me and I have figured out all of the little changes being made so that it looks like me. I am now becoming a Die Hard cybercrime advocate because this is unconscionable! Goodbye.

Reply

avatar

It's possible

From Josh Kirschner on April 20, 2018 :: 9:08 am

There is spyware out there that uses fake carrier websites to trick users into installing. As far as I’ve read to date, this is only being distributed on a commercial basis to law enforcement/spy agencies (not always for valid purposes). It’s possible this has leaked into the criminal world, which would be very scary. https://arstechnica.com/information-technology/2018/01/found-new-android-malware-with-never-before-seen-spying-capabilities/

When you went to the fake AT&T site, did it ask you to download anything? Based on the reporting, this and similar spyware still requires the user to actively install and also to change security settings on your device to allow downloads from Unknown sources. https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/

Reply

gravatar

Thank you Josh! It IS POSSIBLE AND VERY REAL!

From TEAM72512 on April 20, 2018 :: 3:39 pm

Josh,

I was so glad to read your acknowledgement in regards to the reality of this extremely sophisticated level of attack.I wasn’t quite sure how I was going to respond to earlier posts which basically nullified the possibility of this actually being a case of Technology for Dummies rather than the real deal. NOTE: I am NOT suggesting that the feedback was off base because I completely understand how often it is the case of simply being unfamiliar with today’s complicated world of Technology. Many people live in a state of “hyper-paranoia” and jump to the wrong conclusion of being hacked. They make valid points. I was just happy to get SOME type of explanation about the AT&T Wifi Passpoint.I don’t think that’s how “it” initially came through the door. However,no one has been able to tell me why AT&T didn’t find it just a tad relevant to tell customers they were going to be CURSED with a new HotSpot that comes with its own credentials, making it impossible to turn it off, uninstall it or at the VERY LEAST, allow us to put some security parameters in place! I’m sitting here with zero control over a free HotSpot that ANYONE can access and it’s directly tied to MY account as a paying customer? You’ve got to be kidding me. Surely I’m missing something here. Regardless, this is the most malicious attack and has basically destroyed my life online as well as offline. I’m dealing with an “it” (has GOT to be some very intelligent “botnet” type of attack. A human cannot do this. I spent over 24 hours simply trying to get control of my MMC and in 30 minutes, I became and JOINED a workgroup on my own home network last night. I watched “it” completely eat up my entire system. Couldn’t get to elevated administrator access..completely locked out. Everything came back telling me the service was unavailable, I didn’t have privileges and memory ran up to 70-80+% for OVER 8 HOURS. I watched nearly 100 processes run from the task manager they couldn’t create dump files or even stop an event!!! I had NO BROADBAND OR WIFI access running on my end at all. ROUTER was in another room completely unplugged ... “it” has a PRIVATE DCHP LAN ... YES, LAN ... connection yet NO ONE has laid eyes on that router which was just replaced 5 DAYS AGO!! I only wish I could share the countless pictures I have as solid proof that this thing somehow came in through my Android ... I know it was gmail so the earlier Google reference was accurate. When it arrived, it planted permanent roots. I’ve had 11 email accounts since this started about 5-6 weeks ago (that’s just when I discovered it, it’s been around much longer from what I’m uncovering by the minute). I’ve watched it wipe out my new passwords before I can comfirm it, shut down pages with the classic “ERR-CONNECT TO ULTIMATELY ERR-REFUSED”. I’ve been on the daily phone calls with AT&T and when we’re about to do something, call disconnects. They’ll call back,disconnect until AT&T gives up. They have FINALLY acknowledged the obvious after so many encounters so it’s “elevated” in their fraud division. Local authorities are “investigating”, so are Federal IC3 investigators. That’s totally facetious of course. Do you think I’m getting calls back about this? I’ve had my OWN VOICE sent to me via email from times I used microphone to text, contacts totally wiped out then sent back to me with 10 versions of my name and the guy on LinkedIn who I KNOW is responsible for every bit of this ... Obviously, he is not who he pretends to be, it’s just a face, name and profile where the attackers hide and destroy lives. That’s not even 5% of MY SITUATION just over the past few weeks! So yeah, I am pretty sure this is a case of true cybercrime yet I don’t know what to do or where to turn at this point. Sorry but I’m about 5000 levels beyond trying a 2 layer authorization or resetting a password. I have WIPED my android HARD ... 5 TIMES. I had firewalls that were supposed to be so right you could barely send OUTGOING traffic on my home PC. Name the BEST spyware, antivirus, malware ... Detectors. NONE have caught it yet. It locked me out of ProtonMail! It gets past Orbot to Orfox using a version of Moxilla Firefox and shuts me down! Yeah. This is BADDDDD and I am at a loss while my life has been turned upside down. Vicious is an understatement and NO NO NO. I have no jealous ex, psycho partners or known enemies. I was just the unlucky victim following all the “secure yourself” rules. That’s why I’m convinced it was simply opening an email or clicking on a link. I NEVER share personal info, passwords,etc. I’d NEVER fall for that obvious scheme. So ... Who can respond and help ME out there ...2,000 characters later because I have proof for EVERY word I’ve said. Put me on national TV or anything. Just give me my life back!!!!!

Reply

gravatar

Before anyone suggests, a few more things ..

From TEAM72512 on April 20, 2018 :: 4:24 pm

I’ve learned and attempted countless things already. So in the event some brave soul jumps in here, I will knock these out right now.

I have been relatively successful through PAINSTAKING investigation in finding out SOME things. Problem is finding something that actually shuts this attack down completely. Sorry for sentences or grammatical errors btw ... My microphone is just the latest thing to mysteriously become inoperable so all of this is combo of Swype, shortcuts and fast typing. I am shocked to have successfully sent emails ... Progress. One whole day!!

OK ... For all of you truly smart techies out there bc that is NOT me ... It installed malware (please allow that as the keyword since I have no clue what hit me ... Worms, viruses, rats, Trojan, bots ... So I’ll just say malware.

Last night when he went full force, I had tons and tons of svchost processes running, some were in the 550-600K range ... A single event. Couldn’t touch them. Already took superadmin privileges so something as easy as running cmd to obliterate the hard drive ... Not an option. No privileges. I looked up EVERY SINGLE thing during the short 3 hours I had regained access to my MMC and transferred ownership, permissions EVERYTHING back to me (which didn’t do a single thing to stop it from taking over again). Nearly EVERY part of my system is laced with this stuff. It is running THREE processors along side of mine. Malicious stuff installed through cleverly masked network adapters, drivers, BUS enumerators, THE BIOS driver ... definitely tied to plug and play, needed to set up the workgroup and Windows constantly tried to install Windows 10, would constantly send back unknown error   . I’m running Windows 7 Professional, 64-bit and every othet update was current. Using MSE latest version, McAfee ... Ran MS Malicious Tool just hours before the takedown last night ... as.usual, 100% great, clean, safe. And I buy my security and privacy apps, not just free versions.I can’t verify what’s good or malicious. Techies can id them in an instant, not sure what you’d do with the info without admin rights or any ability to download, install, uninstall ... I couldn’t even run a back up because the Windows couldn’t find a place, drive, PARTITION ... Nothing. Not sure I would want the backups at this point regardless. Bring back all the malware buried in the corners?? NO THANK YOU!

Reply

gravatar

Saving my bacon!

From Tony Sandy on July 01, 2018 :: 12:20 pm

I went on a site to warn some other people that I had been hacked and that I was suspicious of another site most of us probably used. One guy told me not to throw unsubstantiated aspersions on this other site, which I hadn’t, I had just asked if anybody else had had problems with them. The good thing is that somebody else answered my question, referring me to your site and as I have been locked out of my account, your information is exactly what I needed as my service provider and supposed help, only led me round and round in circles without resolving the issue, which has gone on for days now (It being the world cup makes it worse at getting through to them - I’m in Europe).

Reply

avatar

We love bacon!

From Josh Kirschner on July 03, 2018 :: 1:19 pm

Glad our article helped you out. Now you can go back to watching the World Cup in peace. grin

Reply

gravatar

Sadly not that great a

From Tony Sandy on July 04, 2018 :: 6:19 am

Sadly not that great a fan but with England through to the semi-final I cannot ignore that, except my neighbour is a rabid Scottish Nationalist and I heard her daughter screaming Columbia, when they scored a goal against England (I come from Norfolk, down south - no, not the place in Virginia that was named after it but the original county in England).

Reply

gravatar

hi

From Sadia khan on October 11, 2018 :: 11:59 am

how are you

Reply

gravatar

I was able

From Mackey Michael on December 01, 2018 :: 2:58 am

I was able to delete all negative items on my credit report with the help of this great hacker called Rich Skrenta, I got in touch with him with faith, He help me increase my credit score to 805 excellent and He help me remove my eviction on my credit report within 3days. He also help me pay off my mortgage loan and credit card outstanding within few days, His service are fast with no trace.  I would have kept quiet about this, but i won’t be able to forgive myself for not helping people who are in terrible conditions like i was. Feel free to contact him on his email address richskrentacyberservice At Gmail Dot Com

Reply

gravatar

WTH?!

From Confused Grandma on December 29, 2018 :: 9:34 am

I got an e-mail today from some scamming scumbag sicko and it appeared to be sent to me FROM me, and he had the last 5 numbers of my Soc Sec, then tried to accuse me of watching porn and being a “big pervert” and claimed to have gotten screenshots of adult sites. Also said he used my device’s camera to screenshot me and “glued” it to the site screenshots. He wants $720 in bitcoin or said he’d send it all to my contacts if I didn’t pay in 2 days. But here’s the kicker: I am a 64 yr old grandma and I don’t watch porn! Is there a way for scammers to make it appear you watch porn just to blackmail you or to actually plant it onto your iPad or phone? I can’t believe this crap, and am outraged that a pos like this would try to make me out to be a pervert to all my contacts! I have no idea what to do.

Reply

avatar

It's just a scam

From Josh Kirschner on December 30, 2018 :: 5:28 pm

Just ignore it. It’s a common scam going around. You can read our full write-up on the porn blackmail scam if you would like to learn more about it.

Reply

Has my iphone been hacked by yahoo?

From Margaret Ashworth Dahl on April 03, 2019 :: 11:13 am

Keep getting the command to enter my yahoo password when doing something that has nothing to do with yahoo. Example: tried to add new number to my iphone and got the message to enter my yahoo password.  Wtf???

Reply

avatar

For some reason, your iPhone

From Suzanne Kantra on April 03, 2019 :: 11:53 am

For some reason, your iPhone isn’t able to check your Yahoo account and is prompting you for the password each time it fails. You could be using any app and get the prompt since your phone is checking your account in the background.

To fix this, go to Settings > Passwords & Accounts and then select your Yahoo account. It should prompt you to fill in your Yahoo password. Once it is entered, you should stop seeing the prompts.

Reply

gravatar

How to notify contacts when I have 900+

From steve on April 30, 2019 :: 11:47 am

the article recommends notifying my contacts that I’ve been hacked. I have 900+ contacts, how would you recommend notifying that many people.

Reply

avatar

Copy and paste from address book

From Josh Kirschner on April 30, 2019 :: 12:15 pm

If you feel that you should notify everyone in your address book ad you have that many contacts, it may be easiest to export your address book to Excel, copy the email addresses and past into the “bcc” address for your email. Depending on your mail provider, you may be limited by how many email recipients you can send to at once, or it may limit total per day. Gmail limits you to 500 recipients per day and if you exceed it your account can get disabled.

Reply

gravatar

Hey I somebody took my

From Kendra on September 28, 2019 :: 1:27 am

Hey I somebody took my phone and change my email password and all when I try to do everything I need to do they so bow hook they email to mines so I want to know how can I get my email back I just make a new one but I really want my old one back

Reply

gravatar

Thank you for the guidance

From Jackson on October 16, 2019 :: 6:13 am

Thank you for the guidance

Reply

gravatar

help

From sam on November 14, 2019 :: 11:34 pm

my emails are sent from me correctly but the receiver receives different contents..how can i stop my mails from being hacked during the transfer process..please help

Reply

gravatar

Hacked

From Akshdv on January 22, 2020 :: 5:04 am

Hacked

Reply

Read More Comments: 1 2

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships
Newsletter Archive
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.

site design: Juxtaprose