What to do if your emails have been hacked

It can be a scary situation – but there are things you can do.

Max Freeman-Mills
Friday 19 July 2024 07:00 BST
It can be hard to know where to start if your emails have been hacked (Alamy/PA)
It can be hard to know where to start if your emails have been hacked (Alamy/PA)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Having your email hacked is a modern nightmare.

While we all have countless accounts with different stores and services, there’s a good chance that they’re all routed through one main email address that we use across everything.

If you discover, one way or another, that your email account is compromised, it might be tempting to just curl up in a ball and give up on your online existence, but there are steps you can still take to put things right. Here are a few helpful pointers for where to start…

Change your password immediately

It’s one thing if you’re locked out of your account, but if you can still log in, there’s one massive step you should take as soon as possible: changing your password.

If you can get this achieved without any issues, there’s a good chance that it’ll expell whoever has hacked your emails and reinstate your inbox as your own private domain, just as it should be. The key here is to use a completely new password – don’t reuse one from another site, or make one that’s only a few characters away from the previous version.

If you have reason to believe that someone actually got access to your emails, we’d also recommend going through your other main accounts on things like social media or online banking and changing their passwords, too – you’re unlikely to regret being careful on this one.

Try to recover your account

If you’re not able to get access to your emails, presumably because a hacker has changed the password before you managed to do so, all the big providers have account recovery procedures that can help you get your account back.

These aren’t guaranteed to work, but they’ll ask you security questions and start investigating the sequence of events, to potentially return your account to you. Google’s version of this can be accessed from this help page, but you should be able to find the equivalent for whatever email provider you use online.

Run an antivirus check

It’s hard to know exactly how you’ve been hacked – unless you realise that you replied to a phishing scam or something of the sort. However, once you’ve initiated either of our first two points of advice, running an antivirus scan on your computer is a great idea.

Regardless of what software you choose to use, this should hopefully tell you whether your hardware is compromised. After all, if there’s a keylogger on your laptop – a type of malware that tracks your keystrokes – then changing your password will be a little bit less useful. Cleaning things out is a great way to move on with some peace of mind.

Let your contacts know

It might be a bit embarrassing, but it’s all too common for people to try to move on without telling people about their email woes, and accidentally cause others to fall into traps, too. If your email has been compromised for any length of time, it’s worth telling people you know to ignore any suspicious or unwarranted emails they might have received from the account recently.

This could well stop someone from clicking on a link or message that could otherwise entrap them, and is pretty much the right thing to do.

Update your security information and use two-factor authentication

This final step is based on the assumption that you’ve been able to get your email account back – although it equally applies if you’re forced to start a new one. Most email account providers have multiple layers of security that you can activate, and everyone should really use them all.

This means two-factor authentication that runs login attempts through your mobile number or a secure authenticator app, but also backup codes and security questions, as old-school as they might seem. Keeping these up to date as you change numbers or move addresses in the real world is key – even if that just means reminding yourself of the answers.

Having them at the front of your mind will make everything easier if you ever need to recover your account again, and lessen the chances of it being compromised in the first place, too.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in