This is probably the second most prevalent issue to face my clients.  Recovering from having your email account hacked.

The main thing to know is you must act immediately, if you hope to recover your privacy and your email.

Please, read this article from Leo Notenboom,

Email account theft is rampant. If it happens to you, there are several steps you need to take, not only to recover your account, but to prevent it from being easily hacked again.

It seems like not a day goes by where I don’t get a question from someone that boils down to their email account having been hacked.

Someone somewhere has gained access to their account and is using it to send spam. Sometimes passwords are changed, sometimes not. Sometimes traces are left, sometimes not. Sometimes everything in the account is erased – both contacts and saved email – and sometimes not.

But the one thing all of these events share is that suddenly, people (usually those on your contact list) start getting email from “you” that you didn’t send at all.

Your email account has been hacked.

Here’s what you need to do next.


1. Recover your account

Log in to your email account via your provider’s website.

If you can log in successfully, consider yourself extremely lucky, and proceed to step 2 right away.

If you can’t log in, even though you know you’re using the right password, then the hacker has probably changed your password. The password you know is no longer the correct password.

You must then use the “I forgot my password” or other account recovery options offered by the service.

This usually means the service will send password-reset instructions to an alternate email address that you do have access to, or send a text message to a mobile phone number that you set up previously.

If the recovery methods don’t work – because the hacker changed everything, or because you no longer have access to the old alternate email or phone – then you may be out of luck.

If recovery options don’t work for whatever reason, your only recourse is to use the customer service phone numbers or email addresses provided by that email service. For free email accounts, there usually is no customer service. Your options are generally limited to self-service recovery forms, knowledge base articles, and official discussion forums where service representatives may (or may not) participate. For paid accounts, there are typically additional customer service options that are more likely to be able to help.

Important: If you cannot recover access to your account, it is now someone else’s account. I can’t stress this enough. It is now the hacker’s account. Unless you’ve backed up, everything in it is gone forever, and you can skip the next two items. You’ll need to set up a new account from scratch and start over.

Is it my computer or not?

When faced with this situation, many people worry that malware on their computer is responsible.

That is rarely the case.

In the vast majority of these situations, your computer was never involved.

The problem is not on your computer. The problem is simply that someone else knows your password and has logged into your account. They could be on the other side of the planet, far from you and your computer (and often, they are).

Yes, it’s possible that a key-logger was used to capture your password. Yes, it’s possible that your PC was used improperly at an open WiFi hotspot. So, yes, absolutely, scan it for malware and use it safely, but don’t think for a moment that once you’re malware free, you’ve resolved the problem. You have not.

You need to follow the steps outlined here to regain access to your account and protect it from further compromise.

You’ll use your computer, but your computer is not the problem.

2. Change your password

Once you regain access to your account (or if you never lost it), immediately change your password.

As always, make sure that it’s a good password: easy to remember, difficult to guess, and long. In fact, the longer the better, but make sure your new password is at least 10 characters or more – ideally 12 or more, if the service supports it.

But don’t stop here.

Changing your password is not enough.

3. Change your recovery information

While a hacker has access to your account, they might leave your password alone so that you won’t notice the hack for a while longer.

But whether they change your password or not, they may change all of the recovery information.

The reason is simple: when you finally do change your password, the hacker can follow the “I forgot my password” steps and reset the password out from underneath you, using the recovery information they set.

Thus, you need to check all of it and change much of it … right away.

  • Change the answers to your secret questions. They don’t have to match the questions (you might say your mother’s maiden name is “Microsoft”); all that matters is that the answers you give during a future account recovery match the answers you set here today.
  • Check the alternate email address(es) associated with your account and remove any you don’t recognize or are no longer accessible to you. The hacker could have added his own. Make sure all alternate email addresses are accounts that belong to you, and you can access them.
  • Check any phone numbers associated with the account. The hacker could have set their own. Remove any you don’t recognize, and make sure that if a phone number is provided, it’s yours and no one else’s, and that you have access to it.

These are the major items, but some email services have additional information they use for account recovery. Take the time now to research what that information might be. If it’s something a hacker could have altered, change it to something else appropriate for you.

Overlooking information used for account recovery allows the hacker to easily hack back in; make sure you take the time to carefully check and reset all as appropriate.

4. Check related accounts

This is perhaps the scariest and most time consuming aspect of account recovery.

Fortunately, it’s not common, but the risks are high, so understanding this is important.

While the hacker has access to your account, they have access to your email, including what is in your account now as well as what arrives in the future.

Let’s say the hacker sees you have a notification email from your Facebook account. The hacker now knows you have a Facebook account, and what email address you use for it. The hacker can go to Facebook, enter your email address, and request a password reset.

A password reset sent to your email account … which the hacker has access to.

As a result, the hacker can now hack your Facebook account by virtue of having hacked your email account.

In fact, the hacker can now gain access to any account associated with the hacked email account.

Giving a Thief Your Password?Like your bank. Or Paypal.

Let me say that again: because the hacker has access to your email account, he can request a password reset be sent to it from any other account for which you use this email address. In doing so, the hacker can hack and gain access to those accounts.

What you need to do: check your other accounts for password resets you did not initiate, and any other suspicious activity.

If there’s any doubt, consider proactively changing the passwords on those accounts as well. (There’s a strong argument for checking or changing the recovery information for these accounts, just as you checked for your email account, for all the same reasons.)

Check “out of office” messages, reply-to, forwards, and signatures

If your email service provides an out-of-office or vacation-autoresponder feature, or some kind of automatic signature that appears at the bottom of every email you send, it’s possible people already know you’re hacked.

Hackers will often set an auto-responder in a hacked account to automatically reply with their spam. Each time someone emails you, they get this fake message in return – often written so it sounds like you actually sent it.

If your account includes the ability to set a different email address to reply to, make sure that’s not been set. Check also to make sure the your email is not being automatically forwarded to another email address.

Similarly, hackers often set up a signature so that every email you send includes whatever it is they’re promoting – often a link to a malicious web site.

Make sure to check any signature or automated response features once you regain access to your account.

5. Let your contacts know

Some disagree with me, but I recommend letting your contacts know that your account was hacked, either from the account once you’ve recovered it, or from your new email account.

Inform all the contacts in the online account’s address book; that’s the address book the hacker had access to.

I believe it’s important to notify your contacts so they know not to pay attention to email sent while the account was hacked. Occasionally, hackers try to impersonate you to extort money from your contacts. The sooner you let them know the account was hacked, the sooner they’ll know that any such request – or even the more traditional spam that might have come from your account – is bogus.

6. Start backing up

A common reaction to my recommendation that you let your contacts know is: “But my contacts are gone! The hacker erased them all, and all of my email as well!”

Yep. That happens.

It’s often part of a hacker not wanting to leave a trail – they delete everything they’ve done, along with everything you have. Or had.

If you’re like most people, you’ve not been backing up your online email. All I can suggest at this point is to see if your email service will restore it for you. In general, they will not. Because the deletion was not their doing, but rather the doing of someone logged into the account, they may simply claim it’s your responsibility.

Hard as it is to hear, they’re absolutely right.

Start backing up your email now. Start backing up your contacts now.

For email, that can be anything from setting up a PC to periodically download the email, to setting up an automatic forward of all incoming email to a different account, if your provider supports that. For contacts, it could be setting up a remote contact utility (relatively rare, I’m afraid) to mirror your contacts on your PC, or periodically exporting your contacts and downloading them, which is what I do.

7. Learn from the experience

Password 150w, 768w, 600w" sizes="(max-width: 300px) 100vw, 300px" style="box-sizing: border-box; max-width: 100%; height: auto; display: inline; float: right; text-align: right; margin: 0px 0px 24px 24px; border-width: initial !important; border-style: none !important;">Aside from “you should have been backing up,” one of the most important lessons to learn from this experience is to consider all of the ways your account could have been hacked, and then take appropriate steps to protect yourself from a repeat occurrence in the future.

  • Use strong passwords that can’t be guessed, and don’t share them with anyone.
  • Don’t fall for email phishing attempts. If they ask for your password, they are bogus. Don’t share your password with anyone.
  • Don’t click on links in email that you are not 100% certain of. Many phishing attempts lead you to bogus sites that ask you to log in and then steal your password when you try.
  • If you’re using WiFi hotspots, learn to use them safely.
  • Keep the operating system and other software on your machine up-to-date, and run up-to-date anti-malware tools.
  • Learn to use the internet safely.
  • Consider multi-factor authentication (in which simply knowing the password is not enough to gain access). More and more services are starting to support this, and for those that do (Gmail, for example), it’s worth considering.

If you are fortunate enough to be able to identify exactly how your password was compromised (it’s not common), then absolutely take measures so that it never happens again.


8. If you’re not sure, get help

If the steps above seem too daunting or confusing, then definitely get help. Find someone who can help you get out of the situation by working through the steps above.

While you’re at it, find someone who can help you set up a more secure system for your email, and advise you on the steps you need to take to prevent this from happening again.

And then follow those steps.

The reality is that you and I are ultimately responsible for our own security. That means taking the time to learn, and setting things up securely.

Yes, additional security can be seen as an inconvenience. In my opinion, dealing with a hacked email account is significantly more inconvenient, and occasionally downright dangerous. It’s worth the trouble to do things right.

If that’s still too much … well … expect your account to get hacked again.

9. Share this article

As I said, email account theft is rampant.

Share this article with friends and family. Statistically, you or they will encounter someone whose account has been hacked and will need this information.

  • Use the Share buttons included with this article.
  • Share this short-URL: to go directly to this article online.