I know how stressful and frustrating it can be to have your personal email account hacked. As someone who cares about your online privacy and security, I want to help you get through this. In this guide, I‘ll walk you step-by-step through how to recover your account, undo the damage, and prevent future attacks.
First off – don‘t panic! Hacking happens way more often than you‘d think. Around 1 in 3 online accounts get breached every year according to a 2022 survey by Statista. But if you take the right actions, you can secure your email again quickly. Let me show you how.
How to Tell If Your Email‘s Been Hacked
Before doing anything else, you need to confirm if your account was actually hacked. Here are the top signs to look for:
- You can‘t log in, even with the correct password
- Emails show up in your sent folder that you didn‘t send
- Contacts say they got strange emails from you
- Suspicious logins show up in your account activity log
- You get an alert about suspicious activity from your email provider
According to Microsoft, around 1 million Outlook accounts get hacked every month. So if you notice any of those issues above, it likely means your account‘s been compromised.
Step 1: Run a Virus Scan
The first thing to do is scan your devices for malware. Hackers often use trojans and keyloggers to steal login credentials.
Run full antivirus scans on all your devices, especially ones used to access email. I recommend tools like Malwarebytes which detected 100% of malware in AV-Test‘s latest evaluations.
Resetting devices to factory settings is also a smart move to wipe out any lingering threats. Better safe than sorry, you know?
Step 2: Log Out of All Sessions
Once your devices are clean, log out of all active sessions connected to your email. Hackers could still be logged in, so signing them out will sever their access.
For Gmail, go to the Security section and select "Manage all devices." Click the trash icon next to any unknown or suspicious sessions.
Hotmail has an "Active Sessions" page under Account Settings where you can review and terminate sessions.
Step 3: Reset Your Password
The most critical step is resetting your password to something completely new. This ensures the hackers won‘t be able to get back into your account.
When creating a new password, make sure it‘s at least 12 characters, uses random words, upper/lowercase letters, numbers, and symbols. Avoid reusing passwords from other accounts.
I‘d also recommend starting to use a password manager like LastPass or 1Password to generate and store strong, unique passwords for all your accounts. It takes the guesswork out of password creation.
Step 4: Remove Suspicious Filters, Rules, and Forwards
Once logged back in, check your account settings closely for anything fishy. Hackers often set up filters and rules to forward copies of your emails elsewhere. Look under:
- Gmail: Settings > Filters and Blocked Addresses
- Outlook: Options > Organize Email > Rules
- Yahoo: Mail > Settings > Filters
Remove any rules/filters you don‘t remember setting up. Also check the forwarding settings to make sure your emails aren‘t getting sent somewhere else.
Step 5: Enable Two-Factor Authentication (2FA)
Now it‘s time to add an extra layer of security through two-factor authentication. 2FA requires you to enter a verification code from your phone when logging in from a new device.
According to a 2022 Google study, simply enabling 2FA can block 100% of automated bot hacks and over 99% of bulk phishing attacks. It really is that effective!
Most email providers have 2FA settings under the Security or Sign-in section. I‘d strongly recommend turning it on. The minor extra step is worth the enhanced protection.
Step 6: Check Recent Emails and Contacts
Take a few minutes to review your Sent box and contact list for anything suspicious. Delete any emails you didn‘t send.
You‘ll also want to let your friends and family know about the hack in case they get any phishing attempts. Ask them to notify you if they see additional strange messages.
Step 7: Update Account Recovery Options
Double check that your account recovery contact info is up-to-date and secure. Hackers with access to your old phone number or recovery email could still break back in.
Under account settings, make sure your:
- Recovery email address is valid and uncompromised
- Recovery phone number is accurate and only known by you
- Security questions are reset with answers only you know
Step 8: Monitor Account Activity Closely
Keep an extra close eye on your account for a few weeks after being hacked. Most email providers let you view a login history so you can watch for sketchy activity.
Enable login notifications if available too. That way if any unauthorized sessions occur, you‘ll know instantly.
What To Do if Your Email Gets Hacked Again
If your email is hacked again after resetting, the attacker likely still has a way into your account. Here are a few things to try:
- Change your password again, making it longer and more complex
- Run malware/virus scans using multiple tools to cover all bases
- Check all your account settings thoroughly for anything enabling access
- Enable 2FA if you haven‘t yet
- Contact your email provider‘s customer support for help investigating
Don‘t give up! With some perseverance, you‘ll get to the bottom of it. Two hacks in a short time is very rare if you follow all the steps in this guide.
How to Recover When Your Entire Account is Deleted
Worse than being hacked, some attackers try to cover their tracks by straight-up deleting your account. If that‘s happened to you, contact your email provider immediately.
Most keep some backups that can restore deleted accounts within a few days, like:
- Gmail: 30-day backup after deletion
- Outlook: 30-day backup after deactivation
- Yahoo: 30-day backup after deactivation
- iCloud: 25-day backup after deletion
The sooner you contact them, the better chance your emails and data can be retrieved.
Other Damage Control Tips for Hacked Email
Securing your email is just part of recovering from a hack. Here are a few other things you can do to limit the damage:
- Scan credit reports for any suspicious activity and consider a credit freeze
- Call banks if you have any financial accounts linked to the email
- Change passwords everywhere the email was used as your username or recovery option
- File an FTC complaint about the incident
Basically, assume your email hacker has access to any accounts associated with that email. Take preventative steps anywhere you used that address.
How to Prevent Your Email from Being Hacked
After going through all this hassle, I‘m sure you want to avoid dealing with another hack. The good news is there are steps you can take to significantly lower your risk:
Use Strong, Unique Passwords
Common and reused passwords are behind 81% of data breaches according to Verizon‘s 2022 research.
To create super secure passwords:
- Make them 12+ characters long
- Include upper/lowercase letters, numbers, and symbols
- Avoid dictionary words, names, birthdays, etc.
- Don‘t reuse passwords between accounts
- Use a password manager to generate and store them
Enable Two-Factor Authentication (2FA)
Adding 2FA can block over 99% of automated cyberattacks based on Google‘s stats.
It takes just a minute to turn on through your email provider‘s account security settings. I have it on for all my important accounts.
Be Wary of Phishing Attempts
Phishing scams try to trick you into handing over your login credentials. Be suspicious of any emails or links asking you to:
- Verify your account/data
- Reset your password
- Review a delivery notice
- Pay an invoice
Double check the sender address before clicking on anything. And don‘t download any attachments you aren‘t expecting.
Keep Software Patched and Up-to-Date
Hackers exploit vulnerabilities in outdated programs. Maintaining the latest versions of:
- Your operating system
- Web browser
- Email client
- Antivirus software
Closes security gaps that could let an attacker in. I manually update my software weekly.
Use a VPN When on Public Wi-Fi
Connecting to public networks like coffee shop Wi-Fi can be risky. A VPN encrypts your internet traffic to keep your online activity private and secure.
Many great VPN options out there like NordVPN, ExpressVPN, and Surfshark. Worth looking into!
Monitor Your Account Closely
Make it a habit to regularly check your email settings and activity logs for anything unusual. Most hackers look for neglected accounts.
Enabling login notifications is an easy way to get alerts about suspicious logins in real time.
Let‘s Review the Key Steps to Recover from an Email Hack
Just to recap, here are the key steps covered in this guide to regain control of your account if it‘s been hacked:
- Scan all devices for malware and viruses
- Log out of all sessions on the account
- Reset your password using a password manager
- Remove unauthorized filters/rules
- Enable two-factor authentication
- Update account recovery options with new info
- Monitor account activity closely for suspicious logins
- Contact your provider if issues persist
And going forward, use strong unique passwords, turn on 2FA, avoid phishing, update your software, use a VPN, and keep a close eye on your account.
Whew, we covered a lot of ground here! Dealing with an email hack is no fun, but I hope following this advice makes the process smoother. Let me know if any other questions come up. I‘m always happy to help a friend boost their online security.