What to do if your email is hacked & How to prevent it

Next story

Do you rely on your email as a primary form of communication in your work and personal life? Most people do, and hackers know how valuable the information within these digital mailboxes is to us, so they often focus their attempts at cybercrime on email accounts.

If you suspect your email has been hacked or compromised in any way, it’s important to launch into action right away to recover the data and minimise any losses. Then, focus on prevention. Find out what to do if your email has been hacked. Follow these steps to strengthen your email security and prevent breaches in the future.


#1 Update your antivirus and anti-malware software

The best software programs monitor and respond to threats in real-time, and constantly scan your devices for malware and other viruses. However, it’s not enough to install software and forget about it: it’s essential to update it as soon as you get a notification. Why? Software creators are constantly releasing new patches to address emerging threats and make sure our software offers the strongest possible protection.

With that in mind, update your software across all devices to the latest available version, and turn on auto-updates so you never miss another one. If you don’t yet have third-party software installed, it’s worth investing in one to secure your email.

Designed for businesses, ESET Mail Security and ESET PROTECT Mail Plus prevent a range of cyber threats from reaching users in your network, including employees and clients. It has anti-spam, anti-phishing and anti-malware features to filter out spam, detect malicious code, keep mailboxes free of unsolicited and undesirable content and attachments, and block web pages that are known to be phishing sites. It also provides comprehensive protection for mail and host servers and notifies you if an email has been flagged as spam.

For a multi-layered defence for your personal and work devices, consider ESET Protect Complete. It works against a range of cyber attacks, safeguards WiFI networks and webcams, and scans attachments and images for viruses. It also protects cloud email, collaboration and storage systems (like Google Drive), and offers endpoint protection, which is especially key if you have employees working remotely. The software has a remote management feature and can be downloaded onto multiple devices under the same license.


#2 Recover your email account

Has an email hacker accessed your account and changed the password? As for what to do if a scammer has your email address, you can try to recover your account, which will effectively kick the hacker out and hand you control over your account again.

The steps vary depending on your email provider. We’ll walk through the steps for Gmail users as an example.

To log into a compromised Gmail account, go to Google’s account recovery page. You’ll be asked a series of personal and security questions. These questions help Google to determine if you are who you say you are — aka, the rightful owner of the email account.

To boost your chances of getting back into your account faster:

  • Start the process on a familiar device, using a familiar browser (like Chrome), in a familiar location
  • Don’t skip questions — take your best guess if you’re not entirely sure of the answer
  • Answer questions as accurately as you can, paying close attention to spelling, grammar, uppercase and lowercase letters
  • If you can’t remember your password, type in the last password you remember
  • Make sure you have access to the recovery email address you enter — Gmail will send security notifications there.

When your account is recovered, turn on any spam filters offered by your email provider. Then, sign out of your email on all devices and log back in.


#3 Change your password — the more complicated, the better

Now that you’re back into your account, change your password. It should be complex, long and unique, containing a mix of lowercase and uppercase letters, numbers and special characters. Try using a phrase or sentence instead of a single word, and avoid any identifying details, like children’s or pets’ names. 

If you need assistance, ESET’s free password generator tool can create a strong, obscure and hard-to-guess password for you. It’s good practice to change your password regularly. We recommend every three months for accounts you log into often, like email, banking sites and social media platforms.


#4 Activate multi-factor authentication

Multi-factor authentication (MFA) is the gold standard in password security. It’s one of the reasons why many employers require it to log in to the company intranet and other portals where sensitive information is stored.

When MFA is enabled, you’ll need to type in your email address, password and one more piece of information — like a series of numbers texted to your phone — before you can access your account. While it takes a few more seconds to get into your email, this step means email hackers need to crack more codes to carry out their crimes.


#5 Ensure your operating system is up-to-date

Every device has an operating system (OS), which is an internal system that manages many processes including software, hardware and memory. Microsoft Windows, macOS and Linux are among the most well-known operating systems, and just like third-party software you install yourself, it’s important to keep your OS updated. This will offer your device the strongest in-built protection, and make it harder for anyone who’s hacked your email to infect your computer, tablet or phone with malicious code.


#6 Reach out to your email database

Can you be hacked by opening an email? Unfortunately, yes.

The next step is informing your contacts of the email hack, especially if you’ve noticed emails you didn’t send in your outbox. In many cases, cybercriminals send unsolicited emails to an entire database, with malicious links or attachments within it. Their theory? If the email is coming from a trusted source (you), people will likely click on those links or files and effectively download malware onto their own device. And often, they’re right.

To prevent that from happening, alert your contacts as soon as you realise your email account has been hacked or compromised. Along with telling them to exercise caution, explain the ways in which you are securing your email account against future hacks. The steps listed in this article are a good start and will go a long way in assuring your friends, family members, clients and other contacts that you are taking action.


#7 Switch up your security questions

Aim to choose the most random options offered by the email provider, rather than straightforward questions like where you went to school, or the model of your first car. Why? With some digging, a hacker might be able to find the answers to these questions based on your public online presence and social media.

Speaking of social media, make it a habit not to overshare on social media. It’s fast becoming a treasure trove of information. If you use social media to communicate with loved ones, set your profiles to private and only accept connections you know and trust.


#8 Review your account’s activity and mail settings

Chances are, the hacker might have changed some of your stricter settings to route future emails to them. Head to the settings of your email account, and double-check that the email forwarding and recovery emails are as you left them.

If you tend to sign up for a lot of free trials or e-newsletters, or if you’re receiving more spam emails than usual, consider setting up another, separate email account and re-routing those types of emails to it. Save your “real” email address for important communications.


Safeguard your email with the best software

To reduce the chance of getting hacked again, practice good cybersecurity habits and invest in premium antivirus and anti-malware software. Reach out to our team today to learn about the best software solutions to cater to your needs.