Has your email been hacked? Here’s what to do next

Has your email been hacked? Here’s what to do next!

3 Flares 3 Flares ×

We’ve all received them: the slightly suspicious looking emails, purportedly from a close friend or family member, which encourage us to click on a strange link inside. These emails, somewhat irritating and often poorly spelled, are the symptom of a much larger problem: hackers are getting more and more adept at gaining access to our email accounts.

If your friends and colleagues are getting these emails from your account, then you have been hacked. Someone, somewhere in the world, has compromised your account and is now using it to send emails to your contact list and beyond.

Frustrating emails are just the beginning: a wily hacker has access to a lot more than just your contacts list when they take control of your email account. They could use the personal information inside to try to gain access to your bank account, make payments using your credit card details, or even compromise the business at which you work.

If you have been hacked the quicker you sort out the problem, the less time the hacker has to root through your personal email and use the information there to access your life. Let’s take a look at what you should do next:

5 Steps To Take If Your Email Has Been Hacked

Step 1: Change Your Password

Your very first step should be to lock a hacker out of your email and prevent them accessing your data. To do this, you need to log in yourself and change your existing password for a new one.

If the hacker has changed your password, you need to select the option for having forgotten the password and reclaim your account by answering all the security questions.

The fact that your account has been hacked suggests that your current password is not strong enough, so when you create a new password, you must choose something stronger. It also needs to be different – simply adding another number on the end won’t cut it.

For more information on creating a strong password that will be hard to crack, but easy to remember, have a read of our previous article on selecting a password.

Step 2: Scan Your Computer

Before going any further, we want to ensure that your computer is completely secure. Malware, short for malicious software, is designed to access your computer and cause damage or log your keystrokes.

If you have malware on your computer, it could have been the used to help a hacker gain access to your email. Although this is probably less likely than an insecure password getting cracked, it is a possibility, and unless you discount it, you might find yourself getting hacked again.

You can search for malware using the free version of Malwarebytes. Simply download and run a free scan on all the computers you use. If you do find anything malicious it is highly recommended that you change your password again.

Step 3: Check Other Accounts

A hacker with access to your email could have access to a lot of other information. Search through your email for any other account passwords or information that could be held there. Any information you find is information a hacker could have obtained.

Log in to each of these potentially compromised accounts and change your password, choosing something strong and unique. You should choose a different password for each of these different sites, if you re-use the same password you make it easy for a hacker to turn access to one account into access to many.

Check any bank accounts that could have been compromised for suspicious behavior, and if you see anything call your bank immediately. If you believe your company login could have been compromised contact your IT administrator and notify them (it wouldn’t hurt to beg for forgiveness at the same time!).

Step 4: Check Your Email Settings

Hackers can be a sneaky bunch, often making small changes to your email settings to ensure they continue to profit from you in the future. For example, a hacker might change your signature, or even just the link in your signature, so that it points towards a website of their choosing rather than yours. Remember to check your autoresponder message as well, because this can be modified in a similar fashion.

Another change they might make is to set up a forwarding email address, so that every time you receive an email, they receive it too. This could give them access to any accounts you make in future using that email address.

These changes make you look unprofessional at best, and at worst can give a hacker access to even more of your information. Check all of your settings carefully to ensure they are as they should be.

Step 5: Establish Better Security Moving Forward

If you’ve had your email hacked and avoided losing any personal information or data you can be thankful – you’ve learned a valuable lesson at a fraction of the cost that many pay to learn the same. On another day, you might have lost access to your bank accounts or given a hacker access to valuable business data.

To ensure it never happens again you must learn from the experience, picking strong, unique passwords for every online account you have and being disciplined about securing your computer, your accounts, and the information they hold.

Many users become compromised because they have poor password habits that make their accounts easy to crack. These habits seep in because people want to remember their passwords quickly and easily – so they make short, easy-to-crack passwords and then re-use them for multiple sites.

If this is you, and you struggle to make multiple secure, memorable passwords, you may benefit from a password manager, such as Onion ID. Password managers create and store your secure passwords for you, enabling you to access your accounts easily without compromising your security.

You won’t need to remember any of the long passwords you use. Instead, you’ll just need to log in to the secure manager and then it will take care of the rest. Using a solution like Onion ID can significantly increase security for both businesses and individuals and make the likelihood of a successful brute-force attack against your password almost negligible.


 

Photo by Notoriousxl, CC BY 2.0

Share this post

  • Kevin K

    I disagree with the order of operations you outlined above.
    Why would you put ‘scan your computer’ second?
    If you change your password in step 1 from an infected computer, it’s utterly pointless.
    The attacker would instantly have your new password!

    You need to take a Socratic approach…start locally and expand outwards.
    -Start from a known ‘Clean Machine’.
    -Then recover/login to your compromised email account.
    -Immediately check security and recovery options/settings. Ensure the attacker didn’t add a recovery method that you are not aware of such as an email address or phone number you don’t recognize. Update your security/recovery methods.
    -Now update the password to your email account. If the password to your email account was used on other websites (online banking, social media, shopping, etc), there is a high probability those accounts may have been compromised as well. Repeat the same process above on those other accounts. From a clean computer, log in, check the security and recovery options…update them, change the password.

    Avoid using the same password on every site. If an attacker compromises one, they essentially compromise all. Use any number of password tricks to avoid this such as having a root password and then add something to it that is unique to the website. Lets say you used the password ‘S3cr3t’ on every website. Try taking the first 2, last 2 , or maybe even the first and last letters of the website name and adding it to your password. Lets use yahoo.com in this example. Take the first letter ‘y’ and the last letter ‘o’ and add that to your root password somewhere:
    At the end: S3cr3tyo
    or
    At the beginning: yoS3cr3t
    or
    At the beginning and end: yS3cr3to

    Lets use Gmail as an example now. Same method as above using your root password of ‘S3cr3t’.
    At the end: S3cr3tgl
    or
    At the beginning: glS3cr3t
    or
    At the beginning and end: gS3cr3tl

    The point of this is that you are always using the same root password of ‘S3cr3t’ but still have a different password for EVERY website using this technique… and the passwords are easy to remember! Should an attacker somehow compromise your yahoo password of ‘yoS3cr3t’ and then they try that password on gmail… or Amazon…. they WON’T get in!

    Or… you can use a password manager. I’d recommend KeePass. https://keepass.info/
    Its free and easy to use.


3 Flares Twitter 0 Facebook 0 Google+ 1 Reddit 0 LinkedIn 0 Buffer 2 3 Flares ×