So your email has been hacked, and you’re mind is racing with all the things the hacker can possibly do with your account. Do not panic, we’re here to help. Do these steps as soon as possible to mitigate the damage of the cyberattack.
Recover Your Account
You need to take the steps necessary to regain control of your email account. First, at the slightest chance that the hacker hasn’t changed your password, try logging in normally. If you’re able to log in, proceed to replacing your old login credentials (see next section). If you’re unable to log in despite having entered the correct username-password combination, find and click the link to your email provider’s sign-in help or account recovery page. The link may appear as “Forgot my password,” “I’m having trouble signing in,” “Need help” or something similar. Alternately, use the links below if you’re registered to the following webmail providers:
Email providers have varying methods on how to recover hacked email accounts. One method is to answer your security questions. Another method is to send a link to resetting your password via your alternate email address. If you supplied your mobile number during account registration, you may also request for a reset verification code to be sent to your phone.
Email providers may offer additional methods, especially for situations in which the hacker has modified your account info and rendered traditional recovery methods useless. For instance, Google lets you submit relevant information (such as the date when you created the account, the email addresses of your frequent contacts, and what other Google products you use) to confirm your ownership of your Gmail account.
In addition, try to get in touch with a customer care representative. Email providers may provide customer support, especially for paid accounts. Users of free email accounts may need to seek assistance elsewhere, such as forums and knowledge base articles.
Replace Your Old Password
At this point, you should have already gotten back your email account, but you’re not done yet. You need to make sure the hacker cannot access your account anymore. Create a longer, stronger password to replace your old one. Avoid common passwords. Come up with a system for creating a password that has a good mix of characters—including numbers, symbols and capitalized letters—but still easy enough for you to remember. If that’s hard to do, let a password manager handle it for you. Enable two-factor authentication if available for added security.
Check Your Account Settings for Suspicious Changes
Convenient features that streamline your email management can be exploited by hackers to snoop on your communications or to send spam and phishing links using your account. Inspect the myriad of settings of your email, scrutinize them one by one, and undo any suspicious modifications. Pay particular attention to the settings of the following email features:
- Automatic forwarding of messages
- Out-of-office responders or vacation responders
- Email signatures
- Mail delegation (or giving other users access to your inbox)
Update Your Recovery Information
Similar to what you just did with your password, change your security questions and other recovery information to something harder for hackers to guess. This is still an important step; the hacker can regain unauthorized access through the account recovery process if the required information remains the same.
If given the option, create a custom security question with an answer that only you know. Don’t pick common questions that ask about your father/mother’s middle name, the high school you attended, and your favorite pet, food or color. A hacker can easily look up this information by checking your social networking profiles or by asking your friends. If you’re not allowed to create custom questions, pick a common question while providing a mismatching answer. For instance, use “snickerdoodles” as the make of your first car.
Also check if the alternate email address and mobile number you use for account recovery are up to date. Delete any unfamiliar information the hacker may have added.
Check Your Other Online Accounts
Did you use this email address to create your accounts for banking, social networking, and other online services? The hacker may have used your hacked email address to request a password reset for each of these accounts. It’s recommended that you change their passwords and enhance their security settings, even if you haven’t observed suspicious activities in them.
We can’t reiterate this enough: check each and every associated account. Ever heard of the domino effect? It only takes one compromised account to allow the hacker to infiltrate all your other online accounts. You also probably used your email to register your PC and mobile devices, in which case you also need to check if they’ve been compromised too.
Inform Your Contacts That You’ve Been Hacked
This step is more of an act of courtesy than a requirement on your part. It’s safe to assume that the hacker have sent malicious, phishing emails to your friends, family, colleagues and other people on your contact list. Inform your contacts that you have been hacked, so they can at least watch out for any suspicious messages that supposedly have come from you.
Recover Your Backup, or Start One
Depending on the intent of the hacker, he may keep almost everything in your account intact so as not to attract too much attention to himself. That means your email messages and address book remain where they are, despite the fact that the hacker may have accessed them to look for valuable information.
If the malicious intruder chooses the destructive route and permanently deletes your contacts and messages, you can recover them if you have a backup. Don’t have a backup? Then start one, just in case another hacking attempt in the future wants to wipe your email communications again. Also inquire your email provider if they offer recovery services for your data. If they do, you’ll probably be asked to submit a request form and wait for approval. Click the links below if you want to recover deleted emails from the following webmail providers:
Prevent Further Hacking Attempts
There’s one powerful lesson to learn from this ordeal: protect your digital security. Sooner or later, more hackers will try to gain access to your account and you’ll end up with a hacked computer again. Preventing this starts with your password. As mentioned above, make it very long, mix it with numbers, letters, and special characters, and never use it on more than one account. And be careful of keyloggers and phishing emails that steal your password.