Emails hacked by cybercriminals is a gold mine for personal data and access to all your other accounts. Considering we link everything from online banking to federal taxes with our emails, recovery from a hack is extremely time sensitive. You’ll have to act fast and carefully if you want to minimize the damage to your identity, finances, and protect those around you.
You’re probably here asking, “my email has been hacked how do I fix it?” If you’re a bit luckier you might not be completely sure if you’ve been hacked. Even if you’re asking, “how can I tell if someone has hacked into my email account?” Kaspersky can help you.
According to the Radicati 2019 Email Statistics Report, the number of worldwide email users is set to reach almost 4.3 billion by 2023. What's more, the report predicts that users will collectively send and receive 347 billion messages a day, up from an average of 293 billion in 2019. The ubiquitous nature of email combined with its continued growth makes your accounts a tempting target for hackers. If you become the victim of a hacked email account, here's what you need to do to remedy the situation.
As noted by the FTC's guide on hacked email, the first thing you should do if your account gets hacked is to run an end-to-end antivirus scan.
Skip the "quick scan" setting in favor of a deep scan to identify and eliminate not only all forms of malware (including Trojans, spyware, and keyloggers that could be tracking your keystrokes even after the hack has been identified) and potentially unwanted applications.
Hackers don't just want access to your account so they can send your friends embarrassing messages — they're looking for ways to scam you out of money or commit credit card fraud. For example, hackers target businesses that regularly send funds via wire transfer. Once an email account is compromised, they are able to send their own unauthorized transfers.
According to the FBI's Internet Crime Complaint Center, businesses saw an exposed loss of more than $747 million over the last two years, despite having network protection in place and IT staff on board.
When it comes to your email accounts, the sooner you run an antivirus scan, the better. It's important to make sure you're clean before you change any of your other sensitive information to avoid restarting the cycle.
Once your computer is free of malware, it's time to change your password. If you've lost access to your account, you may need to contact the email provider directly, prove who you are and ask for a password reset.
Choose a new password that is markedly different from your old one and make sure it doesn't contain strings of repeated characters or numbers. Stay away from passwords that have obvious ties to your name, birthday, or similar personal details. Hackers can easily find this information and often use it in their first brute force attempts to access your account.
Your password should be unique for each account, complex (i.e., a mix of letters, numbers, and special characters) and at least 15 characters long. If you need help creating new passwords or managing all your new complex ones, use a secure password manager to safely save them.
Changing your passwords with other online accountsis critical as well. Payment-based accounts such as Amazon, Netflix, credit card companies and even the local library need a reset. Be sure to update each of your passwords to prevent hackers from compromising these accounts as well.
Keeping these other accounts secure is important. Secondary services are ultimately the much more valuable targets in these security breaches. For example, your bank account could easily be the next break-in if the scammer found the info needed to reset your password.
Again, be sure to use a unique password for every site. The risk for follow-up breaches is increased if you use the same password for multiple sites.
Streamlined logins via your email or social media accounts should be avoided to further reduce this risk. However, even varied passwords may not be enough if you have emails in your account that lead directly to linked online vendors.
When you’re considering what to do if your email is hacked, keep in mind you’ll have to protect your contact list as well. It is a good idea to tell your friends, family, and anyone else on your email contact list that you've been hacked.
During the period when attackers had control of your account, they could have sent dozens or even hundreds of malware-laden emails to everyone you know. This type of phishing attack in turn gives them access to a new set of victims.
You should notify your friend lists on other platforms as well. Email may be just one route the attackers take to bait your contacts. If they breached your social media or messaging apps, fraudulent messages could be sent from each of these.
Warning your contacts lets them take steps to ensure their own devices are clean and unaffected.
While your password was the most likely attack route, it's also possible that hackers broke into your account after answering your security questions.
By using false answers to security questions, you can subvert a hacker’s chances of breaking in again. Make sure they are memorable to you, but not obvious to discover through your social media posts or other public info. According to recent Google research, many users choose the same answer to common security questions. For example, nearly 20% of American users answered "pizza" to the question "What is your favorite food?"
Be sure to employ the multi-factor authentication that many providers allow to protect your logins and password resets. In order to further protect your email, this authentication uses secondary email addresses or text messages. Use this method since security questions alone are not enough.
If you haven't already, contact your email provider and report the hack. This is important even if your hacked email didn't cause you to lose access. Reporting a hack helps providers track scam-based behavior. When you report a hack, you’re protecting yourself and others from future threats by helping the provider improve their security.
In addition, your email provider may be able to offer details about the origin or nature of the attack. You might find that the breach is larger and affects other services you may have.
Sometimes it's not worth picking up where you left off. Take a moment to recall: has this email been hacked before? Is your provider not taking steps to mitigate the amount of spam you receive? It may be time for a switch.
Look for a service that offers default encryption of your emails. Data encryption helps your private emails stay concealed if the provider’s servers are breached. Hackers cannot unlock this data without the proper security key.
High-rated customer service is another feature to seek out if you’re looking for a new email provider. In the event of an issue, they should be able to work with you hassle-free to resolve your situation.
Hackers' reach is often much greater than a simple email hack indicates. It's a good idea to reach out and ask credit reporting agencies like TransUnion or Equifax to monitor your accounts in the months after you've been hacked.
If you’ve been contacted or responded to any suspicious named emails recently, take note of this as well. Fraudsters are much more likely to attempt to make personal contact and convince you to share personal details before they start defrauding your accounts and making purchases on your credit card. Scammers know that a personal touch often gets them through the first line of spam defense.
If you've been hacked, another idea worth considering is an ID protection service. These services typically offer real-time email and online retail account monitoring. In addition, they also normally offer credit score reporting and personal assistance in the event of an identity theft.
Be sure to look for companies with solid track record, since there's often a significant cost associated with this kind of protection. Make sure you use a legitimate service — not a hacker scam in disguise looking for your personal data.
Additionally, consider using cyber security software with account monitoring services. Expanded internet security suites tend to monitor your online accounts for data breaches. They’ll usually provide you full support and guidance in case of a leak or hack as well.
Run an antivirus scan on all connected devices, including your laptop, tablet and smartphone, to make sure attackers aren't jumping the gap between platforms to infect your devices.
Take steps to secure the cloud as well, since it may also contain your personal data. Change your passwords, notify your providers, and even consider cleaning your cloud data and backups with an anti-virus scan. All these measures can give you further peace of mind.
Upgrade your basic antivirus protection to full-time Internet security protection if you haven’t already. Look for a service that proactively blocks new, unknown threats and actively safeguards your actions online.
Once you know how to fix hacked email, defending yourself gets a lot easier. If you ever discover that your email has been hacked, follow these 10 steps to take back control and prevent future problems.