If your email account has been hacked, sensitive data can quickly land in the wrong hands. The con­se­quences can be serious, but instead of panicking, you should stay calm. We explain what to do when your email account has been hacked.

Tip

For quick readers, here are the three most important immediate actions if you suspect that your email address has been hacked:

  1. Use tools like Firefox Monitor, the free security test from Firefox.
  2. Change your password and use security software like malware scanners.
  3. Remove any malware that’s found and set up new security measures such as two-factor au­then­ti­ca­tion to make your account more secure and prevent it from getting hacked again.

What to do when your email has been hacked

If you’ve done the testing or have noticed unusual activity on your account and know for certain that you’ve been hacked, we recommend following our step-by-step plan below to resolve the situation and regain full control of your account. Here are the steps:

Tip

For detailed in­for­ma­tion on how to determine if your email account has been hacked, take a look at our article “Has My Email Been Hacked?”.

Step 1: Change your password

Try to log into your account as usual. If you can do so without any problems, it means your password has not yet been changed by hackers. You should change it yourself as soon as possible. To do this, go to your email provider’s website and change the password in your account settings. You must then log in on all your devices using the new password, otherwise you won’t receive no­ti­fi­ca­tions of incoming mails.

If the password has already been changed by unau­tho­rized persons, you can regain control of your account by answering one or more security questions (this is the case with most email providers). To do this, use the feature “Forgot your password?”. Other providers ask for your cell number or a second email address to check whether they should grant you access. You will then be sent a new password via email. Change this new password (not to the previous one!) to block unau­tho­rized users.

Tip

Change your passwords regularly and use a different password for each account. Each unique password should be as long as possible and consist of upper- and lower-case letters, numbers and special char­ac­ters. A password manager can help you keep track of your different passwords.

Step 2: Find and eliminate the cause(s)

Now you have to in­ves­ti­gate the causes. Scan your entire system for malware, ideally with a rescue disc or an online scanner. Rescue disks are available from all major antivirus software de­vel­op­ers like Trend Micro, F-Secure and ESET.

The reason for this measure is that if the password for your email account was uncovered with a keylogger, the malicious software may be able to access all the newly changed passwords too. If the scan shows a result, change the password once again after the malware has been removed. Only this way can you be ab­solute­ly sure that the malicious software hasn’t stolen your new password.

Note

If no malware is found on your device, there is a high prob­a­bil­i­ty that you have been a victim of a phishing email or larger-scale data theft.

Step 3: Get an overview of the damage

Once you have access to your inbox again, your system has been checked, and the password has been changed, you now need to work out what damage the hackers have caused. Obtain an overview of the extent of the hacking attack and, if necessary, get proof. Have spam emails been sent using your email address? Have purchases been made from your account? This has to be de­ter­mined so that in case of an emergency you can prove that the fraud happened. If you or someone else (e.g., online stores) have suffered financial damage, you should report the case to the police im­me­di­ate­ly and consult a lawyer if necessary.

Note

In many cases, a hacked email account is usually used for a whole host of criminal ac­tiv­i­ties. It makes sense to inform your contacts about the problem before they click on any links they receive in emails addressed from you.

Step 4: Improve security measures

Finally, you should prepare yourself for the future. It’s best to change all your passwords and to use a password manager that remembers them for you.

In addition, you should also back up your most important accounts with two-factor au­then­ti­ca­tion. This is a double security system, which requires a separate code in addition to a password when you log in. The device can only be au­then­ti­cat­ed when both the password and the code are entered. Hackers, on the other hand, can only find out the password, but not the code as­so­ci­at­ed with it, meaning they can’t log in to your account.

Tip

Want to be able to rely on maximum security and re­li­a­bil­i­ty with your email account? Then create your own email address with IONOS and benefit from ad-free inboxes, modern spam filters and optional premium virus pro­tec­tion.

How can an email account be hacked?

The most important step for stopping an email address from being hacked is pre­ven­tion. Once you know how an email account is hacked, you can protect it better. Internet criminals use different methods to get hold of email addresses and their passwords. Par­tic­u­lar­ly well-known are hacking attacks on servers of large websites. Phishing and malware are also fre­quent­ly used to steal user data.

Image: Internet crime in the US in 2022
Reported internet crimes in US in 2022 and potential losses to cyber crime in 2022 and 2023

Data theft during server attacks

Large-scale hacking attacks on busi­ness­es are con­stant­ly making the headlines. Criminals manage to obtain millions of customers’ data and login in­for­ma­tion. Since many internet users only use one password for every­thing, hackers only need to crack one password to gain access to countless email and website accounts.

So you’ll hopefully never have to ask yourself what to do if your email is hacked, make sure to use a unique and secure password for each login. The most secure passwords contain random com­bi­na­tions of letters, numbers and special char­ac­ters. Since hacking attacks are only first dis­cov­ered when it’s too late, you have to act quickly and change your passwords im­me­di­ate­ly.

Phishing using fake emails

The second pos­si­bil­i­ty is phishing emails. This is where spambots send out a massive amount of fake emails, which ask the re­cip­i­ents to enter their personal in­for­ma­tion on fake websites. Le­git­i­mate websites, email providers, payment services and online stores never ask for their users’ passwords by email. Don’t give out your in­for­ma­tion to anyone that asks. If you are unsure whether an email is le­git­i­mate, consult the company’s support.

Malware attacks

The third pos­si­bil­i­ty cy­ber­crim­i­nals use to get hold of sensitive data is to carry out a malware attack. Malicious programs are usually sent in email at­tach­ments with fake file names. If one of these at­tach­ments is opened, the malicious software will au­to­mat­i­cal­ly be installed on the user’s computer just like spyware or a keylogger.

These malware programs run secretly in the back­ground and spy on sensitive data and passwords. Key­log­gers, for example, record all keyboard entries on the infected PC and transmit the data to the internet criminals, including any passwords. The most effective pro­tec­tion against spyware is to always have up-to-date antivirus pro­tec­tion and an activated firewall installed on your computer. But as a user, you should also exercise caution. Be skeptical at all times and check an email’s au­then­tic­i­ty before opening the at­tach­ment.

Email hosting services tailored to your needs
  • Per­son­al­ized email address
  • Access your emails from anywhere
  • Highest security standards
Go to Main Menu