What to Do if Your Email Gets Hacked (With Sample Notification Messages)
Email hacking has become an increasingly common and concerning problem in our digital age. Consider these alarming statistics:
- The FBI‘s Internet Crime Complaint Center received 467,361 complaints about email hacks, phishing, and similar cyber crimes in 2019 alone, with adjusted losses exceeding $3.5 billion (IC3 Annual Report)
- Over 6 billion fake emails are sent worldwide each day, many of which come from hacked accounts (Vailmail)
- Business email compromise (BEC) schemes, often starting with a hacked email, resulted in $1.7 billion in losses in 2019, nearly half of all cybercrime losses for the year (FBI)
- 81% of surveyed organizations said they experienced data breaches or account compromise involving stolen credentials or hacked emails (Identity Defined Security Alliance)
The consequences of an email hack can be devastating on both a personal and professional level. Cybercriminals may use your account to:
- Steal your identity and open up fraudulent credit cards or loans in your name
- Make unauthorized purchases on your existing accounts or siphon money using saved payment info
- Scam your contacts into sending them money, personal data, or account credentials
- Lock you out of your accounts and demand a ransom to regain access
- Blackmail you by threatening to share sensitive content discovered in your emails or attachments
- Send embarrassing or offensive messages under your name to damage your reputation
- Conduct espionage or steal trade secrets if they gain access to your employer‘s systems and data
Even if the hackers don‘t directly steal money or information, cleaning up your digital reputation after a breach can be a nightmare. Important professional and personal relationships may be strained if your hacked account spammed them with sketchy messages. You could even face blame or lose out on job opportunities if a compromised work email makes you look careless.
Clues Your Email Account May Be Compromised
Hackers have a bag of tricks to break into your email account, from exploiting weak passwords to launching sophisticated social engineering schemes. The most common tactics include:
- Phishing emails that trick you into entering your email credentials on a fake login page
- Malware that infects your devices and logs your keystrokes or spies on you to steal passwords
- Data breaches at companies you have accounts with, exposing your login credentials to hackers
- Password reuse, allowing hackers to crack one account‘s password and test it across your other logins
- Brute force attacks that use computer programs to rapidly guess millions of password combinations
With so many ways in, it‘s crucial to stay vigilant for red flags that your email account has been infiltrated, such as:
- Unfamiliar messages in your Sent folder, often containing spam or phishing links
- Login alerts about unrecognized devices or locations accessing your account
- Sudden changes to your email signature, name, or profile picture
- Finding legitimate emails from yourself filtered as spam by your provider
- Contacts saying they received weird or concerning emails from you that you didn‘t send
- Getting locked out of your account or your password no longer working
If any of these signs sound familiar, it‘s time to take back control of your account and protect others in your network. Rapid response is key to minimizing the damage.
Your Step-by-Step Checklist for Hacked Email Recovery
1. Immediately change your email password.
Your absolute first step should be changing your compromised password to lock the hackers out. Choose a brand new, strong password not used on any of your other accounts.
The most secure passwords are long, unpredictable, and mix different types of characters. Consider using a reputable password manager like LastPass, 1Password, or Dashlane to generate and securely store unguessable passwords.
For step-by-step password reset instructions, see:
2. Enable two-factor authentication (2FA).
Once you‘ve set a new password, add an extra layer of protection with 2FA. This requires an additional one-time code from your phone or an app to login, so even a stolen password isn‘t enough for hackers.
Every major email provider offers 2FA as an account security option, and it‘s a must-use:
3. Review your account recovery methods.
While you‘re in your email security settings, check all your account recovery options, like backup email addresses, phone numbers, and security questions. Remove any unfamiliar recovery methods a hacker may have added.
Ensure your own contact info is correct and current in case you‘re ever locked out. And if you haven‘t already, consider adding an alternate communication channel so you can still access your account if your primary email or phone is compromised.
4. Scan all devices for malware.
Email hacking can sometimes be a symptom of deeper malware infection on your computer or phone. Malicious software like keyloggers or remote access tools could be harvesting your credentials and private data.
Run a full scan with reputable antivirus software on all your devices to identify and remove any threats. Good options include Norton, Kaspersky, Bitdefender, and Malwarebytes.
Remember to keep your malware protection, operating systems, and other key software up-to-date. Many successful hacks exploit known vulnerabilities in outdated programs.
5. Alert your contacts about the breach.
The quicker you loop in your contacts about the situation, the better able they‘ll be to identify and avoid any fraud attempts made using your hijacked email. Customize one of the sample templates below based on your relationship:
For friends and family:
Subject: Important: My Email Was Hacked
Hi [Name],
I wanted to let you know that my email was hacked on [date]. The scammer may have sent fake messages to my contacts asking for money or info.
If you got any suspicious emails from my address recently, I apologize – that wasn‘t actually me. Please delete them without opening any links or attachments.
I‘ve secured my account now, but stay on guard for other messages claiming to be from me. Always contact me on a different channel if anything seems off.
Thanks for your understanding. Let me know if you have any questions!
[Your Name]
For work contacts:
Subject: Urgent Notice: Email Breach
Dear [Name],
I regret to inform you that my email account was compromised by unknown hackers on or about [date]. After discovering the unauthorized access, I immediately took action to secure the account and cut off the intruder.
However, the attacker was likely able to access my inbox and contacts during this period. They may have tried to send fraudulent emails under my name, perhaps seeking to steal credentials, install malware, or scam others.
Please be vigilant for any suspicious recent messages with links or attachments claiming to be from me, especially those requesting sensitive data or transfers. Do not engage with these emails.
I sincerely apologize for any confusion or inconvenience this may cause. Thank you for your patience as I resolve this unfortunate incident. Don‘t hesitate to contact me via phone or text if you have any concerns.
Regards,
[Your Name]
For acquaintances:
Subject: Apologies for Spam – Account Was Hacked
Hello [Name],
You are receiving this notification because you are in my email contacts and may have received spam or phishing emails from my address around [date].
My account was compromised by a malicious hacker who used it to send fake messages without my knowledge. If you got suspicious emails appearing to be from me, I apologize for the disruption. Please delete these fraudulent messages.
I have since regained control of my account and taken measures to prevent further unauthorized access. Thank you for your understanding and don‘t hesitate to reach out with any questions.
Best,
[Your Name]
Other Key Parties to Notify About Your Email Hack
Depending on what information the hackers were able to access, you may need to loop in some other key parties:
-
Your bank and credit card companies, if the hacked email contained financial data or saved payment methods. Ask them to flag your account, issue new cards, and watch for suspicious transactions.
-
Credit bureaus, to put a fraud alert or credit freeze on your reports in case hackers try to open new accounts using personal info from your emails. Contact Equifax, Experian, and TransUnion.
-
Your employer, if a hacker breached your work email account or you use that email for any company logins/accounts. Your IT department needs to be aware to check for any broader infiltration.
-
Government entities, like the FTC or IRS, if very sensitive information like your Social Security number or tax documents were exposed.
The key is to act quickly to notify anyone who could be affected or might need to help protect you from identity theft and fraud. The sooner you raise the alarm, the easier it will be to prevent or catch hackers exploiting your private data.
Locking Hackers Out for Good
Getting back into your email is a relief, but hackers are persistent. Now that they‘ve identified you as a target, they‘re likely to try again. Adopt these cyber hygiene habits to become a harder target:
-
Use a password manager to create and store extra-strength passwords. Reusing passwords across accounts is like leaving a master key under the doormat.
-
Enable 2FA/two-step verification on every account possible, not just email. Google research found it blocked 100% of automated bot hacks.
-
Learn to spot phishing red flags, like generic greetings, spoofed email addresses, poor grammar, and mismatched URLs. Phishing is the cause of 80% of security incidents (Cofense).
-
Be cautious what you share online, especially payment info, addresses, birthdays, and other key identity details. Hackers use this to craft targeted phishing emails and guess security questions.
-
Keep software updated to patch security holes. Turning on auto-updates makes this a no-brainer.
-
Limit work/sensitive info in webmail in case your account is breached. Save important content offline.
-
Log out of accounts on shared devices so session cookies don‘t let others right in.
-
Avoid public WiFi for logging into accounts unless you verify it‘s legitimate and use a VPN.
Following these tips consistently is proven to prevent the vast majority of hacks and mitigate damage. You‘re not helpless against cybercrime.
How to Recover from Email Hack Fallout
Cybersecurity experts compare getting hacked to getting robbed – it‘s scary and violating. But just like you wouldn‘t stop leaving your house after a break-in, don‘t let one incident drive you offline for good.
If your professional reputation took a hit because your hacked email spewed spam and scams, be proactive about repairing it:
- Apologize to affected contacts and briefly explain what happened, referencing the date of your mass notification
- Issue corrections anywhere the hacker posted offensive content under your name
- Implement the security tips above and communicate that to concerned clients
- Keep an eye on your online presence for any other fraudulent activity to address
- Focus on producing quality work and being responsive to remind your network of your true character
Remember, you‘re far from alone in falling victim to hacking. Half of U.S. adults have had an account hacked (University of Phoenix). The blame lies with the perpetrator, not you. Responding with transparency and preventive action shows professionalism and responsibility.
Stay Calm and Proactive
Email hacking is stressful, embarrassing, and potentially damaging – but you will get through this. Millions of targets have come out the other end. Follow the guidance here to eject the intruders, warn your contacts, and fortify your accounts against the next attempt.
If worry starts to overwhelm you, don‘t hesitate to reach out to trusted friends, family, or even a counselor. Processing the emotions can help you tackle the practical steps with confidence and clarity.
You have the power to take back control of your online life and your peace of mind. Use this experience as a catalyst to build healthier digital habits and stay one step ahead. The hackers may have started this, but you‘ll be the one to finish it.
