No one wants this to happen, but it happens. Somehow, a hacker has got your password and now has control of your email account. It’s a terrible position to be in – especially so if it’s a business or corporate account – but you need to know what to do next. This post comes from a client who had exactly this happen, and called to ask, “My email has been hacked, what do I do now?”
So – if your email has been hacked, what do you do next?
Obviously you want to get control/access security over your email account as soon as possible. It is possible that a hacker hasn’t actually changed your password yet. If this is the case, then you are possibly not too badly off. Immediately log into your email account via the web, and change your password NOW. If you can do this, then DO NOT use the previous password just with a number changed. Use something completely different, and decent. We’ll cover this off a little further on.
When we say log into your email account via the web, that means using Chrome or Edge or another web browser to access your Gmail, Hotmail, Outlook.com or Yahoo Mail account. If your company uses Office 365 to host their email, then you should be able to do this via www.office.com. In saying that if your email is a corporate account, then let your IT department or your IT service provider know STRAIGHT AWAY. Time is the most important thing after you’ve been hacked so do this instantly. Your IT department or IT service provider should take this out of your hands and make the necessary changes.
If you are using Outlook, Thunderbird or some other program to access your email, you won’t be able to change your email password using these. You need to login to your email provider’s website to change your password.
The hacker hasn’t changed my email password
So let’s assume it’s your personal email account that’s been hacked. If the hacker hasn’t changed your password, then login and do this. After that, check your Sent Items or whatever email folder that shows sent emails, and check to see if any have been sent by the hacker. If they have, email those people back and let them know your email was hacked and what time the email was sent, but you now have it under control and they should delete the email that was sent by the scammer.
If they clicked on anything in the email the hacker sent, then they’ll need to change passwords too, and also run a security scan (using their antivirus program) over their PC. It’s hard to give more advice than this, as it’s impossible to say what was clicked on, and what effect it has. A link to a hacker’s website could do any number of nasty things.
Now you’ve alerted any other potential victims, you should run your own security scan across your PC to make sure it’s clean. Use whatever program you have installed to do this, keeping in mind that some people don’t have third party security software installed, you might just have the built-in software from Microsoft, Defender. If this is the case, search for Defender on your computer and use it to run a scan.
You also have the option to run a free online scan, with services like:
Feel free to run one or all of the above online scanners after using the one you have installed. While most antivirus scanners are very good, there are still some that might pick up a virus or malware or ransomware that your one does not.
The hacker has changed my email password
Let’s say you try to login to Gmail or whatever email app you use, and it says that you’ve entered the wrong password. That’s a problem, right there, as it likely means the hacker has accessed your email account soon after getting your password, and has changed it, blocking it out.
You have a few options here. Firstly, click on the reset password, or I forgot my password option. This should prompt you to answer some ‘secret questions’ that you should be able to answer, assuming you remember the answers. If this is successful, then you can put a new (decent) password in, and lock the hacker out. The problem here is that there’s the potential that the hacker also knows the answers to the questions and so can log back in again using the same process you just did.
So you should change those secret questions straight away, effectively locking them out properly. Of course you don’t want to use easy ‘secret questions’ so make it good.
Some providers like Google also have the option to use your mobile phone number to reset your password, and if this option is available, then you should use it.
If the hacker has gone and already changed the secret questions and so you can’t reset your password, you’re in a bit more of a precarious position. You only option here is to contact the email provider directly from their website and explain the situation. Of course, they won’t be able to email you on your hacked email account, so you’ve going to have to give them another one to use. This also applies to the situation where the hacker has changed your mobile phone number.
You could also search on the website for the email provider, something like “My email has been hacked” (here is Gmail’s one for example) and you may well find they have a page just for helping people in the same position as you, with instructions on how to get access back to your email account.
Watch for the email forwarding trick
While you are running a virus scan, go back to your webmail in Chrome/other browser, and check for any mail forwarding that’s been put in place by the hacker. This is a common way for them to monitor your incoming emails. For example, for Gmail, click on the settings cog that’s on the top right of Gmail, then ‘See all settings’, then click on the Forwarding and POP/IMAP tab. Forwarding is at the very top, and unless you are actually forwarding your Gmail somewhere legitimately, you shouldn’t have any forwards in there. Is there is one, delete it. You’ll actually be able to see the hacker/scammer’s email address in the forward if there is one.
One note of warning: if you do see their email address there or anywhere else, do not be tempted to email them, ever. This is a really bad call, as it can lead to other consequences. Just delete the forward and move on with your life.
It’s likely your email got hacked by one of two methods: You clicked on a link in an email (or in an email attachment) and you shouldn’t have, or your password was too weak/easy, and it was hacked by a computer program set out to do exactly that.
If you had taken our Phishing Education and Training session, then it’s unlikely that you did click on that dodgy link. Passwords? The bane of IT, for many reasons.
People use too easy passwords all the time. As in, all the time. They will use one of their children’s names and perhaps their year of birth, and so the person uses Joshua2014 as their password. This in itself doesn’t look bad (honestly, it’s a terrible ‘password’), but people don’t realise there are scammers out there trolling for information from you like Joshua and 2014 on social media channels. You may have seen fake posts like that, where some random Facebook page asks for your favourite child’s name, and then some other seemingly random one asks you to put in your favourite child’s year of birth. It’s not as obvious as this, but it’s doing the same thing, all the time: trolling Facebook and other avenues to collect information about you that can be used to crack your password. There is data mining going on constantly on Facebook from scammers creating fake pages, but you just don’t realise it.
The answer is to not use names or years in a password, ever. That’s the first rule of passwords.
Try using a keyboard password instead. Look at this made-up password: MLPqaz45*
It looks hard to remember, but actually it’s just a keyboard pattern; that’s three letters in caps, and they are all in a row. The next three letters are in lower case, and are also in a row. Then a couple of numbers and at least one special character. This isn’t a great password, but it’s a million miles away from Joshua2014.
Number two rule: Don’t use common passwords. By common passwords, we mean using the same password for multiple accounts. At the very least – very, absolute least – use one password for your email, another (different) one for your bank login. We’re not saying it’s okay to use common passwords for your other accounts like Facebook, but it’s a start. At least if your Facebook password/account is hacked, then you can reset it using your email account, since that’s a different password. We can’t stress this enough, about not sharing passwords.
Passwords and their use is covered in our one-hour Phishing Education and Training session.
Time for 2FA?
Implmenting two-factor authentication (2FA) on at least your email account is free, and easy. It means that a hacker would need to input a code that’s on your phone app, as well as putting in your stolen password. As you can imagine, this pretty much stops the hackers in their tracks. Gmail, Hotmail and most other email providers allow you to use 2FA, and it really does make a massive impact on your email security. You can use it to access Facebook as well, and this goes for many other web programs – including your bank account.
You may think it’s going to be a hassle having to enter a number from your phone app every time you go to use Facebook (for example), but it doesn’t work like that. If you are already logged into Facebook on your PC/phone/tablet, you won’t get prompted to put any code in each time you use it. It’s only if you log out of the app, or say you get a new phone, that you need to put the code in once. But a hacker/scammer on the other side of the world can’t simply go to Facebook with your stolen password and login – they would need the code. You are safe.
No one wants to be hacked, or enjoys what happens afterwards. Your first step is securing your passwords – no common passwords, and make them good.
If you have been hacked, we hope the instructions here help you to get your email back.
If you would like to find out more information about our Phishing Education and Training session for your company or organisation, please get in touch.