Help, my email account has been hacked! What should I do?Act fast. Don’t give the bad guys time to use your account to
- hack other services you use (via their password reset facility)
- infect other people you know (by sending them poisoned email or links)
- extract sensitive personal information from your account and use it for their own purposes or sell it to others.
Steps to take the moment you notice:
- Reset your password (assuming the hackers have not already changed it and locked you out).
- Follow other account recovery options specific to your provider (e.g. for Gmail).
- Look in the account activity logs. Disable any devices or connections you are not currently using.
- Lock or disable high value accounts that could be accessed with this email address (via the same password or using a password reset), such as online banking, medical or financial records, government services and accounts where your credit card information is saved like Amazon or iTunes
- Inform all in your address book via several channels (e.g. email, Facebook, WhatsApp) that email from that address cannot be trusted for now and to contact you personally for verification if asked for money or assistance.
Steps to take in the hours that follow:
- Figure out how they got access. Fix the problem so they can’t get back in again the same way.
- Reset all credentials for other devices with access to that account (e.g. your phone or tablet).
- If sensitive personally identifiable information was in your ‘work related’ account, your country may have laws about responsible disclosure.
- Continue to monitor daily for suspicious activity in your account: unknown devices logging in, messages you did not send in your Sent Items box or Drafts.
- Check any other potentially affected accounts. Reset passwords, verify account recovery options and look for suspicious activity there too.
- Contact people in your address book in several different ways to prove you have re-established ownership.
As you can see, this is a lot of work. A hacked email account can cost you weeks of time and put other people at risk.Prevention. A few simple things can make it hard for hackers to gain or keep access to any online account:
- Use two factor authentication via your cellphone or a mobile app or a physical token if the service you are using supports it.
- Configure account recovery settings (example link is gmail) that provide additional proof of your identity when trying to restore ownership.
- Maintain basic hygiene: keep devices free of malware and your browser and operating system up to date; use unique passwords.
- Improve your skills: learn about the common risks on the internet to avoid common tricks hackers use