Security

Has your email been hacked? Here’s what to do right away

Dawna Roberts

Feb 8, 20245 min read

Has your email been hacked? Here's what to do right away: Header image

Email has become the preferred method of communication for most of us. Consequently, it’s a horrifying experience to find out your email account has been hacked or that someone is using it to spy on you for nefarious purposes.

If this has happened to you, don’t panic. There are things you can do to reclaim your email account and restore everything to normal. Keep reading to learn how to tell if your email has been hacked, what to do about it, and how to prevent it from happening in the future. 

Has my email been compromised? Here’s how to tell

If you suspect that your email may be compromised, the first step is to verify the problem. There are ways to see if your email address has been leaked on the dark web or is in circulation among cybercriminals. You have a couple of options available to you to check. 

How do I know if my email has been hacked? First, use a professional email hack checker tool.

Use an email hack checker like Have I Been Pwned?

Troy Hunt, a Regional Director with Microsoft, developed the website Have I Been Pwned? to help users identify whether their email addresses have been found in any data breaches. The service is free to use.

Perhaps you’re wondering, is my email “pwned”? To find out, simply visit the website, enter your email address, and click the “pwned?” button. Within seconds, you will see if your email address and/or credentials appear in any dark web data breaches. Plus, the website includes recommendations for cybersecurity best practices to help keep you safe online.

A screenshot of the Have I Been Pwned? homepage.

Keep an eye out for hacked email signs

Another way to check whether your email has been hacked is to look for specific signs indicating that someone else has control over your account. Some signs to watch for are:

  • You cannot log into your account (you are locked out).
  • You see messages in your Sent folder that you didn’t send. 
  • You receive “password reset” emails that you didn’t request.
  • Friends or family mention receiving strange emails from you that you didn’t send.
  • Your computer or mobile device starts running slowly or acting strangely.
  • You discover that your information has been exposed on the dark web.
  • Your email server logs show someone with a different IP address has logged on to your account.
  • You see social media posts on your accounts that you didn’t post.
  • Your email is being forwarded to a strange email address that you didn’t set up and don’t own.
An image showing the Apple Mail app icon.
Image by Pexels

My email has been compromised. What do I do?

My email has been hacked. How do I fix it? Once you determine that your email account is compromised, you need to take quick action to fix it.

Follow the steps below to restore your account and fix the problem to avoid additional damage or identity theft. 

Step 1: Change your email account password

If you can still log on to your account, change your password immediately. Make it a long, strong password that no one could guess or easily hack. If you cannot log in to your account, contact your email provider and ask them to manually reset it for you.

Step 2: Run a virus scan

Run a deep virus/malware scan on all your devices. Hackers can sometimes gain access to multiple devices with stolen credentials. If the scan detects anything, remove it. 

Step 3: Change all your passwords

Once scammers get ahold of one of your accounts, they can break into other things. Change all your account passwords to help prevent this. Make them all very long and strong, with a combination of letters (upper and lower case), numbers, and symbols.

Along with changing your passwords, change your security questions and answers. This will add an additional layer of security. Additionally, you might consider using a password vault (such as 1Password) to store your login credentials.

A screenshot of the 1Password homepage: a vault for secure passwords.

Step 4: Turn on 2FA

Turn on 2-factor or multi-factor authentication on all your accounts and devices. This way, if anyone tries to take control of them, you will have an additional security measure in place to stop them. 

Step 5: Report identity theft

If you experience identity theft after a data breach or email hack, report it to the authorities. You can file a police report and report it to the FTC, which has a specific web page designed for this purpose. 

How to prevent your email from getting hacked

Once your accounts have been violated, you learn that it’s best to take proactive steps to protect yourself in the future. Follow the cybersecurity best practices below to prevent your email from getting hacked in the future.

Use a VPN

Start using a VPN like MacPaw’s ClearVPN to protect your devices from spying eyes. A VPN masks your IP address and location, preventing hackers from stealing your credentials and seeing your logins. It can also help prevent other types of malicious attacks and malware/ransomware. Always use a VPN when shopping online or entering your credit card details into a website.

A screenshot of the ClearVPN tool.

Update your devices

Keep all your hardware and software updated with the latest versions. Companies like Apple and Microsoft update their operating systems frequently with security patches.

Sign up for credit monitoring

If your information is stolen, bad actors can use it for identity theft. That means they can open up new accounts in your name. Keep a close eye on your credit report and watch for any new accounts or activity that isn’t yours.

Use strong passwords — and be cautious

Always use long, strong passwords on new accounts. Educate yourself on cybersecurity and the current threats out there. Consider using features like “hide my email” and setting up dummy email accounts to keep your main email address safe. And, of course, watch out for phishing emails and immediately report any unusual activity in your accounts. 

You can’t do too much when it comes to keeping your online accounts safe and secure. Always follow best practices and err on the side of safety and security. Overall, the best advice we can give is to simply not share your email address with anyone unless you have to.

Dawna Roberts Dawna Roberts
Dawna has spent her entire career in web dev, cybersecurity, and IT. Her work has been featured on Forbes, Adobe, Airtable, Backblaze, Cyberleaf, Lifewire, and other online publications for the past ten years.