In many ways, your email account is the digital equivalent of your house address. You give it to people and businesses, so they know where to send the products and helpful information you requested. It offers a way to keep in touch with family and friends.
But email addresses have evolved to be so much more than just an inbox. When you sign up for something that requires an email address, you’re essentially using it as proof of your identity, too. And that means your email address becomes a very valuable target for attackers looking to find a way to steal personal information or even money.
To better protect your email account, learn the signs of someone tampering with your inbox, take steps to correct any issues, and practice good security hygiene going forward.
Here are some typical signs that someone is abusing your email account:
1. A changed password.
Perhaps the most obvious – and most panic-inducing – sign that your account may be hacked is that you can no longer log in with the same password. First, be sure you’re using the correct password (a password manager like LastPass ensures you’re using the right one). If login problems continue, initiate the password recovery process. If the recovery methods don’t work (either because the hackers have rerouted the recovery information or you don’t have access to your secondary recovery email or device) then your only option may be to get in touch with customer service.
2. Strange emails in your sent folder.
Not all attackers will completely takeover your account and lock you out. Sometimes, they just want to commandeer your account, either to send spam or to gather more information about you while trying to hide the activity from you.
Check your sent folder to see if there are any messages you don’t remember sending, especially mass emails to your contacts. It’s possible that an attacker will have deleted any sent messages to cover their tracks, though, so it isn’t always possible to tell if something was sent without your knowledge
3. Unexpected password reset emails.
Keep an eye out for password reset emails that you don’t remember requesting. An attacker may be trying to find out which banks, shopping sites, and other services you use. Be on the lookout for suspicious emails or calls claiming to be from your bank and asking for more information, like PIN codes or passwords.
4. Complaints from contacts.
If friends and family in your contacts list start emailing or messaging you to let you know they’re receiving strange content from you, this could be a sign someone is using your email inbox to send spam and phishing emails. It’s possible that someone is just spoofing your account, but if you’re receiving multiple reports from people in your address book, it’s much more likely that your account has been hacked.
5. Unusual IP addresses, devices, and/or browsers.
Many email services offer the ability to check your login activity and show the IP addresses or locations where your account has been accessed from. It may also show the browsers and/or devices used. If you see locations or devices you don’t recognise, it’s possible someone is tampering with your account.
If you encounter one or more of the above signs that your account has been tampered with, there are several things you should do as soon as possible. Taking immediate action will hopefully minimise damage and prevent issues from happening again in the future.
Change your password
If you suspect unauthorised access to your inbox, change your password immediately. Use LastPass to generate a new, unique password.
If you’ve lost access to the account, try the recovery process. If it fails or doesn’t work, contact customer service as soon as possible.
Add two-factor authentication
If you weren’t using two-factor authentication before, now is the time to turn it on. Most email providers support the option for a second login step, which requires you to provide additional “factors” before access to the account is granted. Two-factor authentication is one of the most effective methods for delaying or preventing attacks.
Set up a new account
Sometimes, despite best efforts to regain access to the account, you’re not able to get back in. In that case, you’ll need to start the work of setting up a new email address and updating all your other accounts to use your new email address. If other accounts were affected by the hack, you’ll need to spend time recovering them, too.
Alert friends and family
Attackers may use your email account to send spam or try to steal information from family and friends. Make sure your contacts are aware of what happened, so they can be on the lookout for suspicious emails or calls. If necessary, let contacts know of your new email address where they can reach you.
Double-check account recovery information
If you did regain access to the account, double-check your account recovery information. This means checking any email addresses that are listed as a recovery email address, and any phone numbers that are listed. If you don’t recognise the emails or phone numbers, change them immediately.
Check account forwarding, auto replies, etc
Also, check that there is no auto-forwarding or auto replies enabled for your inbox that you didn’t set up yourself. Attackers may be using these options to get copies of emails sent to you or to automatically send spam to your contacts.
Investigate additional security options
Look into other security options from your email provider, or that are specific to your device. This could include security alerts when signing in from new locations or devices, or the option to remotely wipe devices or accounts if they’re lost or stolen.
Check if other accounts were affected
Because your email is used to secure other accounts, it’s important to check if any were affected. Make sure you can log in, and consider changing the password to a new, generated password. If necessary, update the email address, too. Look into available security options like two-factor authentication and additional alerts.
If you have trouble accessing any accounts, take immediate action to try resetting the password or contacting customer service.
Run antivirus and clean up your device
It’s possible the attackers gained access through malware on your device. Be sure to run an antivirus scan to check for spyware, keyloggers, and other types of malware. Ensure your browsers and apps are up-to-date. Remove any third-party extensions or apps that you no longer need or use. If you’re not regularly backing up your files and programs, now is the time to start.
Ask for help
If you’re not sure about taking the above steps yourself, or run into additional problems, ask someone for help. Sometimes it pays to have a professional help you remediate the situation. Yes, this may require additional time (and cost), but preventing future security issues is well worth the initial investment.
Dealing with a hacked email account can be a headache. Taking precautions to better protect your account now can help prevent or mitigate an attack. Educating yourself on what type of suspicious activity to look for can help you identify problems earlier and act immediately.