Are you concerned that someone has gotten a hold of your information and now you’re wondering what to do if your email has been hacked? It’s a scary feeling for sure.
Nobody ever wants to find out that their email account has been hacked.
Not only is the violation of private data painful, but also, having inadvertently sent spam email to friends, family and professional colleagues is embarrassing.
You might even have damage to your own computer or online footprint. If your email has been hacked you should really react as quickly as possible.
Here’s a detailed 6-step process if you’re wondering what to do if your email has been hacked.
#1 – Change Your Password
First, log into your email account, and change the password. Many hackers simply log in, send a spam message, log out, and move on.
Always be sure to reset any default passwords on your other accounts and devices as well. Change the password to a stronger one.
If you’re using the same password for other accounts (which isn’t advised — but I do it too) you need to change your other account passwords to a different password.
Once a hacker determines your username and password that information is usually stored, often shared, and can be used to compromise your other accounts.
If you can’t remember the password you used originally with your email account, follow your account provider’s steps to recover and change the password.
#2 – Check Your Account Settings
Next, check your account settings.
Make sure that your e-mail account isn’t set to automatically forward email to an unauthorized address (some hackers do this to take over an email account).
Using the text view setting in your email account settings serves as protection of your account.
In most email account settings you can:
- Use the View>Message Body As — and then select the Plain Text option in order to read your incoming mail as text only.
- Click Tools>Account Settings and then select the Composition and Addressing option for outgoing messages.
- Make sure that the ‘Compose messages in HTML format’ is unchecked.
Here are a few basic rules and account setting reminders:
- Never accept attachments unless you are expecting them.
- Never open an attachment unless you are really confident that it is safe.
- Safe attachments typically include .txt, .pdf, .gif.
- Potentially unsafe attachments typically include .doc, .xls.
- Never, ever, ever open an attached .exe unless you are really, really, really confident of what it is.
Ensure that all your account settings are secure. Check your signature block for any unauthorized links or information.
#3 – Contact Your Email Provider
Your email provider has more than likely seen this type of thing before. They should be able to provide you with further details about the nature and source of the attack.
Your email provider should know what to do if your email has been hacked.
- Have tools available to protect your information and get you back up and running.
- Have a common interest with you in preventing the spread of spam and malware over their channels, so they’ll be experienced and more than willing to help you.
- Ask you to fill out a more specific form requesting other account information instead of making a phone call, which you should do as soon as you can.
You should also alert your employer’s IT department if the compromise happened at work. You may also have access to identity protection services through your insurance company, bank, credit union or employer.
#4 – Check Your Mail Folders
First, look for bounce messages.
A bounce message is an automated reply from a mail server reporting that an email message was not deliverable as addressed, perhaps because the address is invalid, or the recipient’s inbox is full.
I was stunned recently when I told a friend that I just delete “return to sender” bounce messages unread. He told me that you should always carefully read bounce messages.
Now I know they are very important! If the email hacker didn’t cover their tracks, you may have a record of what email they sent.
Here are some things to look out for in case you find your email account hacked:
- Usually the bounce message will include a copy of the e-mail you tried to send, or at least its headers.
- If its really an e-mail you tried to send, then you just need to update your contact’s address as above.
- If not, then the fact you’re getting a bounce of a message that you didn’t knowingly send is the 1st clue that your account has been spoofed or hacked.
Then, send an e-mail to any friends, family or colleagues affected by your hacker.
Apologize for any inconvenience. Tell them not to click on any links that were in the unauthorized e-mail, and to delete it from their records.
#5 – Run A Virus Scan
This should be a “no-brainer” but if you’re like me — you might resist running virus scans.
There just never seems to be a good time to run a scan, right?
But, when email security is at stake you, and I, should take the time to run one. Make sure that the email hacker hasn’t left any harmful software behind.
Some virus programs, such as Trojan Horse programs, will “hatch” like eggs when deleted, opening up more harmful software. Be very careful and make sure you follow the instructions provided by your virus software company.
If you don’t have virus protection software, make the investment.
#6 – Monitor Your Accounts
Your email is an important component of your identity portfolio. You must manage it like an investment.
That means you minimize your risk of exposure by being smart, discrete and sophisticated in your security approach.
Keep a watchful eye for things that seem a bit “off,” and know what your damage control options are before you need to control the damage.
Assuming that the email hacker in question was able to find either your Social Security number or other valuable pieces of personally identifiable information — it’ll become important for you to monitor your credit and various financial accounts for suspicious activity as well.
How To Prevent Email Hacking In The Future
Protecting yourself from email hackers in the future isn’t too difficult. Make sure your password is as strong as possible.
How to set a strong password:
- Use at least 8 characters.
- Include a mix of upper and lowercase letters, numbers, and symbols if your email provider allows it.
- Use sequences of characters that aren’t words which can be read by human eyes, yet are memorable to you.
- Never use personal details that may have made it to your Facebook page, Twitter account, or personal blog, in a password.
For future reference, you should always use caution when visiting websites that you don’t trust. A website can include links to viruses or malware.
Using public wireless connections can also be dangerous. Some Wi-Fi connections can include a Man In The Middle Attack. This occurs when an email hacker’s computer looks like a router, but its actually filtering your login credentials every time you use the email server.
With a little extra preparation, and a swift reaction, you won’t have to worry about what to do if your email has been hacked.