As an IT Professional, I regularly help people who have had their eMail account hacked, and are not sure what to do next. Many say they’ve been hacked before, changed their password, and yet they get hacked again. It’s an all too familiar story, but one I’m used to fixing.
In this post, I’ll take you through the steps you need to follow to recover from a hacked eMail account, and to minimise the chance of it re-occurring.
For clarity, if you regularly suffer with hacked accounts, it probably means you never got rid of the original hacker. Much as it may seem boring, please do read through all steps, it is really worth the effort.
Steps to take back control
If your eMail has been hacked, you need to quickly take back control, and secure anything that may have been breached as a result.
1. Keep Calm
It’s natural to feel lots of emotion when something private is hacked. Hacking happens a lot, and most of time I find people don’t suffer any loss beyond the emotional upset. You’ve already done the right thing in searching for this article. Just put any emotions aside, read this article carefully, and follow the instructions.
2. Anti-virus scan
Whilst the vast majority of hacks are nothing to do with your device, it is worth immediately kicking off a virus scan on all your devices, to run in the background while you work through the below steps. This should be a “Full” or “Thorough” Scan, if your software offers multiple options.
If the scan finds viruses, it is still likely that they are not the cause, though it is just good practice to thoroughly check and clean all your devices in this situation.
Tip: Anti-Virus on everything
Many Linux, Mac and Android users believe only Windows gets viruses. This is no longer a safe assumption. Viruses exist for all these systems, and in my opinion all Linux, Mac and Android devices should therefore have anti-virus software these days too. If you don’t have one, I recommend the free Malwarebytes software for Windows and Mac, and Avast on Android.
3. Change your eMail password
Yes, it’s obvious, but if your account has been hacked, the hacker is likely to know your password. You need to log into your account (use the “Forgotten my Password” option, if the hacker has changed your password), and change your password to something you have never used anywhere else before.
Important: Do not re-use a password here. Use something you’ve never used before, and follow the Good Practice below in choosing it.
Tip: Good Password Practice
– Never re-use a password for banking, eMail accounts or your job
– Think of a password as a “passphrase”. That is, it should be longer than a single word. Longer passwords are considered better than highly complex ones (ok: 3asy2f0rg3t, better: Lengthoverc0mplexity).
– Make sure it’s not a common phrase (stay clear of common phrases e.g. popular from a movie)
– Consider: using an obscure line from a favorite song
– Consider: an obscure but memorable image, e.g. AngryGreenElephant
In summary, particularly for bank or eMail passwords, make them Long, Complex, Memorable and Unique
Important: Please don’t stop at this point. It is likely that other accounts of yours have been hacked, or will be, as a result of your eMail being hacked. Sorry, but you will protect yourself best by following this article completely.
4. Check eMail settings
Log into your eMail providers webpage (via local software like Outlook is not sufficient for webmail solutions).
On their webpage, check your account settings, to make sure these have not been tampered with (these are often used by hackers to maintain access despite you changing your password). The best way is to click through each settings screen and look for anything incorrect. Pay particular attention to the settings below. If your eMail provider isn’t listed, don’t worry, just bear similar settings in-mind.
Important: Settings change all the time on eMail services, so please check all settings regardless of whether listed below or not.
Hotmail Settings (log into hotmail.com, choose settings, then “View all Outlook settings”)
a. General –> “Mobile devices” – any devices listed can sync your eMail – remove any that are not yours
b. Email –> Compose –> “Email signature”
c. Email –> Attachments – remove any “Storage accounts” that are not yours
d. Email –> Rules – edit and check each one, as these could be used to provide the hacker with ongoing access to your eMails
e. Email –> Junk email –> Safe Senders list – remove any you don’t recognise
f. Email –> Sync email –> Connected accounts – remove any that are not yours
g. Email –> Sync email –> “Set default From address” + “Email aliases”
h. Email –> Forwarding – disable/remove any that are not yours
i. Email –> Automatic replies
j. Calendar –> Shared calendars – remove anyone you don’t recognise/want to share your calendar with
5. Setup Multi-Factor Authentication
If your eMail provider supports it (Hotmail, and GMail do), I strongly recommend you setup Multi-Factor Authentication, sometimes called “Two Factor Authentication” to significantly reduce the chance of future hacking of your eMail account.
What is Multi-Factor Authentication?
Put simply, there are three common ways (“factors”) to check who you are:
a. Ask you something you KNOW (e.g. your password)
b. Ask you prove something you HAVE (e.g. ID badge, or smartphone)
c. Ask you prove something you ARE (e.g. fingerprint, voice or facial pattern)
The vast majority of us depend purely on one factor (something we KNOW: our password). Whilst this is generally OK, it can be guessed or stolen. If your eMail provider supports it, you can often add a smartphone to your account, which will be used to add an additional check when you login.
For Hotmail and Google, this means, after successfully entering the password, you will be asked for a code from your phone. The code changes every 30 seconds or so. You receive it as an SMS during each login, or it can be displayed in a special smartphone app.
Important: If you do choose to use Multi-Factor Authentication, please read the setup instructions carefully, and store the “Recovery Code” somewhere very safe (I recommend storing physically (written down at home) rather than electronically, to avoid any risk of it being hacked). The Recovery Code will be your only way to access the account if you lost your phone, so please bear this in-mind.
6. Check your Sent Items and Deleted Items folders
Quickly check the Sent Items in your eMail, to see if any eMails were sent by the hacker to someone you may want to warn.
Usually a hacker will delete any such eMails, but it is worth checking the Sent and Deleted Items just in-case.
7. Consider other accounts
As uncomfortable as it maybe to consider… the hacker probably wanted your eMail account because it gives them access to so much more. Now that you have locked down your eMail account, you need to identify any other accounts that may have been breached as a result.
a. Where you used a shared password
Many websites use, or allow you to login, with your eMail address instead of a username. Your eMail history has already told the hacker many websites you’re registered on, but they also have automated methods to attempt to log into common websites (e.g. Amazon, Facebook, Twitter…) with your eMail address and your old eMail password.
Make a list of any websites you used the old password on. This maybe a long list, in which case, focus on the high priority sites: bank accounts, financial sites (e.g. PayPal), and any sites that you saved your bank/credit card details on, such that a purchase could be made (e.g. Amazon?, ebay?…).
For any sites you identify, you’ll need to log into them, change your password, and check your settings. Per the “Good Password Practice” tip above, do not use your new (or old) eMail password. eMail accounts should unique passwords.
Tip: Consider whether Multi-Factor Authentication is possible on these sites, to protect your account going forward. You can find a list of many major sites that support Multi-Factor Authentication at https://twofactorauth.org/. Sites like LinkedIn, Facebook and Twitter all support Multi-Factor Authentication.
Tip: Too many passwords?
Consider using a Password Manager. A Password Manager is simply a single place that holds your passwords. On the positive side, they enable you to manage many different passwords without having to remember them, and can even automatically enter the details for you when you visit a site (e.g. Google Password Manager when using Chrome). On the downside, if a hacker gets into your Password Manager, they have all your passwords. This is why I recommend a Password Manager that supports Multi-Factor Authentication like Google Password Manager.
b. Where you used the eMail account
Even if they don’t share the same password, it is possible a hacker may have used the “Forgotten my Password” link on a website you have an account with, and used their access to your eMails to reset the password. On this basis, I recommend checking you change your password on my site that has your eMail address, again prioritising financial sites.
8. Signup for alerts
As I said at the start, hacking is all too common these days. As a result it pays to keep an eye on the news in terms of sites that declare a data breach.
I would never normally recommend entering your eMail address into any website offering to “check” it against spam databases or hacked records. Haveibeenpwned.com is different though. It’s run by Troy Hunt, a Regional Director at Microsoft. The site will almost certainly find databases your eMail address, and possibly one of your passwords appears in. Troy will never share the passwords exposed, even with you, but the site shares what he knows in terms of the source (e.g. where it is believed to be LinkedIn login details). This helps ensure you can promptly change passwords rather than wait for someone to use the record to access one of your accounts.
9. OS and software updates
It’s now time to make sure you’re running good security practice. We covered anti-virus at the start, but now that you’ve taken back control of your accounts, and scanned your devices, you should check they’re up-to-date too. Operating System updates can be performed as below, but don’t forget to consider whether software/applications running on your device is kept updated.
If you’re running an older version of Windows than Windows 7 or 10, you should consider upgrading, as Microsoft no longer provides security patches on such systems.
For Windows 10, visit update.microsoft.com, and install all patches it offers you. Once complete, you need to restart your PC/laptop, and re-open the webpage. If you don’t do this regularly, you may find you need to repeat this cycle of reboots a number of times for all updates to be installed.
To install the latest version of iOS, simply go to Settings –> General –> Software Update.
Unfortunately with iOS, there comes a time when Apple stops rolling out updates to devices (for older models). You should check that your device is still in support for iOS.
To install the latest updates for Android, simply go to Settings. The update option is either under:
System –> Advanced –> System update
or (for older versions)
About Phone –> Software update
Unfortunately with Android, there comes a time when device manufacturers stop rolling out updates to devices (for older models). You should check that your device is still in support for Android updates.
To install the latest updates for macOS either:
From the Apple menu, go to System Preferences –> Software Update
or (for older versions)
From the App Store app, go to Updates
Did that help?
And that’s it you’ll be pleased to hear! I’ve tried to keep this guide focused on the most important tasks, but I still feel I should apologise for the pain that put you through!
This blog takes a lot of time to write and maintain useful articles like this one. If this has been helpful, please consider making a small PayPal donation… Either way, I wish you a very happy and secure future!