What to do if you think your email has been hacked.

People often ask me why people hack email accounts, how they can tell if their own email account has been hacked, and what they can do if it has.

Why would anyone hack your email account?

This is a common problem nowadays because the email account is seen as a weak link in digital security. Why try to hack through layers of encryption and security to get a password when you can hack the email address used for the account and simply request a password reset to be sent to it.

For those who send out spam, legitimate personal and business email addresses are extremely useful, particularly if they can find out something about the owner. For example, hacking an IFAs email could give credibility to financial products, or hacking a lecturer or student’s email could add legitimacy to some types of scam related to educational products.

How can you tell if your account has been hacked?

Are you getting lots of bounced messages from email addresses you don’t know? Are people sending you emails asking to be taken off your mailing list? Are your friends asking you why you are sending them spam? Are you unable to login to your account even with the right password? Are you getting password resets you didn’t request? Has your provider blocked your email account?

If your answer to any of the above is yes, your email account might have been hacked. Now for the really important question:

What are you going to do about it?

Step 1. Check your PC for malware and viruses.

If you already have an anti-virus package on your PC, run it and see if it detects anything. Next download and run a good anti-malware program like Malwarebytes antimalware, then download and run a rootkit detection package like the one available from Sophos. Once you’re sure your machine is virus, malware and rootkit free, it’s time to start undoing the hacker’s work.

Step 2. Check your email settings and inform your ISP.

Log into your email account and check all the settings. Email hackers will often change settings to notify them of any changes you make so that they can go in and change them back again. In particular, make sure that they haven’t set up any forwarders or aliases on your account. Also, if you own a domain name, make sure they haven’t set up email addresses or mailboxes on your domain that they can control. Once you are sure that your email address is under your control, and only when you are sure that it is, it’s time to start changing passwords.

Most ISPs have a dedicated email address or webpage for reporting suspected hacked accounts. They also have resources at their disposal that you do not which can be used to protect your account against specific types of threat. If you think your account was compromised you should always inform them. Always inform them, even if you think you’ve undone all the changes. I can’t stress how important it is that you let your ISP know if you think your account was hacked.

Step 3. Change your login passwords. All of them.

If you use different passwords for every website and your email is a POP3 account that doesn’t retain any mail online then you might think you can get away with just changing your email account password. You must not assume this.

Many websites have a ‘forgot password’ link that emails a new password to you if you forget your login credentials. Assume that whoever has compromised your account has visited all the major online banks, shopping, and social networking websites entering your email address and requesting a password reset. This person is a criminal who is intelligent enough to hack your email account, do not underestimate their intelligence or ingenuity. Change every password you have with every online service provider. No exceptions.

Step 4. Diversify your online presence

You should have at least 3 separate email addresses each on a different ISP. One of these email addresses should be your primary account. You use this as you’ve always used your main email address. This address should also be the one you use for things like online banking, credit cards, etc.

The second email address is the one you should use for such things as social networks, joining a forum, receiving newsletters, registering programs, etc. Don’t put your main email address into any site where it can be seen publically. Spammers are constantly harvesting email addresses from every source they can, so have an email address that you don’t mind sharing with the world. Only give your main email address to people you actually know or want to communicate with personally.

The third address should be your security email address. You only use this address for communicating with your ISPs. Most ISPs now give you the option for a secondary email address to protect you against hackers, create an email address and use it for this purpose. Don’t give out this email address to anybody, and don’t use it for anything else.

Step 5. Be more wary and vigilant than usual

Remember, the person who hacked your account is a professional and you are an amateur. For that reason, keep an eye open for any unusual activity related to your email account or other aspects of you online presence. Don’t just assume that because you have changed your passwords you’re safe and secure once again. You have no idea what they might have used your email address for while it was under their control.

Be aware that these types of criminals are known to operate ‘suckers lists’ which contain details of all the people they’ve managed to hack. They sell this information to other criminals looking for soft targets, so assume that others will try to target you over the next few weeks and months with scams of their own. The reality is that these people believe that if they got you once then they can get you again. Prove them wrong.


The important thing is not to ignore your account being hacked. Take action quickly and protect yourself against potential harm. Just remember that your email address is a useful and valuable resource that you cannot afford to leave in the hands of a criminal.

Check your computer for viruses, malware and rootkits and ALWAYS inform your ISP if you think you’ve been hacked. Change all your online passwords. ALL of them. Use good passwords with a mixture of lower and upper case letters and numbers, and try not to make them resemble real words. Randomness, length and diversity are your three best friends when choosing passwords.

Even if you have never been hacked, now is a good time to diversify your online presence so that your main email address isn’t registered on sites where it can be seen by everyone. If your ISP offers any additional anti-hacker protection, sign up for it now because it’s always easier to protect yourself than to undo the damage afterwards.

Thanks for reading.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>