How to fix and prevent a hacked email account

If you’re ever unlucky enough to fall victim of an email hacker, follow this guide. The hope is that if you follow each step, you’ll never have to send another "Sorry everyone, my account was hacked" email again.

Published:
Photo by: Sharon Profis / Caption by:

Regain access to your account

Hackers don’t always change your email account password. There are plenty of scenarios where they simply log in, send out a mass email to your contacts, and move on to the next victim. Other types, however, will change your password to stave you off.

In that case, the first thing you should do is regain access to your account. Just use the standard "Forgot your password?" link at the sign-in screen to reset your password and get back into your account. You’ll either have to answer security questions, or recover it using a backup email address.

Published:
Photo by: Sharon Profis / Caption by:

Stop using easy passwords

Whether or not the hacker changed your password, now's the time to choose a new one. This guide is very helpful in suggesting guidelines for hard-to-crack passwords, which involve using many characters including uppercase letters, lowercase letters, symbols, and even spaces.

Even better, consider using a password manager. LastPass -- among others like DashLane -- securely stores your passwords and auto-generates complex, hard-to-crack passwords less vulnerable to hackings.

Here's more on LastPass and how to get started with the free service.

Published:
Photo by: Sharon Profis / Caption by:

Reenter your password on other devices

After changing your password, remember to go into those phone and tablet settings to enter your new password so that your mail arrives as usual.

Published:
Photo by: Sharon Profis / Caption by:

Check your settings

Back in your email account settings, make sure the hacker hasn’t changed any settings that will give them easy access to your account in the future. For example, check that your secondary (recovery) email is still accurate.

Also check that the hacker didn’t introduce any forwarding rules, so that any emails you receive also get sent to their account.

Published:
Photo by: Sharon Profis / Caption by:

Kick out active logins

Before you go any further, glance at your active logins to see if anyone is currently accessing your account. If you changed your password, it shouldn't be a problem, but this is a good habit to establish anyhow, especially if you've logged in from a public computer.

On Gmail, you'll find it by clicking "Details" in the bottom-right corner of your inbox, right below "Last account activity." If you see any suspicious logins, use the link provided to kick them out.

Currently, Yahoo Mail lets you view active sessions, but there's no option to log them out.

Outlook.com doesn't currently seem to provide either option.

Published:
Photo by: Sharon Profis / Caption by:

Let your friends know

Hackers will often use your email account to distribute malicious software by emailing your contacts.

Send a warning email to friends and family letting them know that if they've received a suspicious email from you, it should be deleted and ignored.

Published:
Photo by: Sharon Profis / Caption by:

Implement two-factor authentication

If your email was hacked, it can be safely assumed that you have not implemented two-step authentication, which is the best line of defense against hackers.

When it’s enabled, logging into your account requires one extra step. After you enter your password, a code is sent to your phone, which you then enter in the next screen. You only have to do this once for "recognized" computers and devices, and it means that unless a hacker gained control of your phone, there’s no way they can log into your account -- even if they have your password.

Here’s how to do it on many of the popular email and social media platforms.

Published:
Photo by: Sharon Profis / Caption by:

Check other sites

Now’s the time when you realize why tech and security experts passionately recommend against recycling passwords. If you used your email account password for other online accounts (like Facebook), a hacker who obtained your email password can quickly find out what other online accounts you own, and use your password to access them. 

If you're a guilty password recycler, go and change your password on those other platforms, too.

Published:
Photo by: Sharon Profis / Caption by:

Avoid phishing traps in the future

There are so many varying tactics used that it's often difficult to figure out exactly how you fell victim to an email hacking. One of the most common (and successful) methods, however, is through phishing.

Rick Broida offers an excellent overview about phishing, and how to spot a phishing email.

Published:
Photo by: Sharon Profis / Caption by:

Run a malware scan

Whether the hacker used malware to gain access to your email account, or it was installed as a result of someone emailing you a malicious link, now's a good time to run a malware scan. 

There are several options with AvastMalwarebytes, and BitDefender being a few of the more popular scanners.

Published:
Photo by: Sharon Profis / Caption by:
Hot Galleries

CNET's Holiday Gift Guide

Tablets that put your TV to shame

Binge-watch your favorite episodes on these portable screens.

Hot Products