CNET también está disponible en español.

Ir a español

Don't show this again

How to fix and prevent a hacked email account

Regain access to your account

Stop using easy passwords

Reenter your password on other devices

Check your settings

Kick out active logins

Let your friends know

Implement two-factor authentication

Check other sites

Avoid phishing traps in the future

Run a malware scan

If you’re ever unlucky enough to fall victim of an email hacker, follow this guide. The hope is that if you follow each step, you’ll never have to send another "Sorry everyone, my account was hacked" email again.

Caption by / Photo by Sharon Profis

Hackers don’t always change your email account password. There are plenty of scenarios where they simply log in, send out a mass email to your contacts, and move on to the next victim. Other types, however, will change your password to stave you off.

In that case, the first thing you should do is regain access to your account. Just use the standard "Forgot your password?" link at the sign-in screen to reset your password and get back into your account. You’ll either have to answer security questions, or recover it using a backup email address.

Caption by / Photo by Sharon Profis

Whether or not the hacker changed your password, now's the time to choose a new one. This guide is very helpful in suggesting guidelines for hard-to-crack passwords, which involve using many characters including uppercase letters, lowercase letters, symbols, and even spaces.

Even better, consider using a password manager. LastPass -- among others like DashLane -- securely stores your passwords and auto-generates complex, hard-to-crack passwords less vulnerable to hackings.

Here's more on LastPass and how to get started with the free service.

Caption by / Photo by Sharon Profis

After changing your password, remember to go into those phone and tablet settings to enter your new password so that your mail arrives as usual.

Caption by / Photo by Sharon Profis

Back in your email account settings, make sure the hacker hasn’t changed any settings that will give them easy access to your account in the future. For example, check that your secondary (recovery) email is still accurate.

Also check that the hacker didn’t introduce any forwarding rules, so that any emails you receive also get sent to their account.

Caption by / Photo by Sharon Profis

Before you go any further, glance at your active logins to see if anyone is currently accessing your account. If you changed your password, it shouldn't be a problem, but this is a good habit to establish anyhow, especially if you've logged in from a public computer.

On Gmail, you'll find it by clicking "Details" in the bottom-right corner of your inbox, right below "Last account activity." If you see any suspicious logins, use the link provided to kick them out.

Currently, Yahoo Mail lets you view active sessions, but there's no option to log them out. doesn't currently seem to provide either option.

Caption by / Photo by Sharon Profis

Hackers will often use your email account to distribute malicious software by emailing your contacts.

Send a warning email to friends and family letting them know that if they've received a suspicious email from you, it should be deleted and ignored.

Caption by / Photo by Sharon Profis

If your email was hacked, it can be safely assumed that you have not implemented two-step authentication, which is the best line of defense against hackers.

When it’s enabled, logging into your account requires one extra step. After you enter your password, a code is sent to your phone, which you then enter in the next screen. You only have to do this once for "recognized" computers and devices, and it means that unless a hacker gained control of your phone, there’s no way they can log into your account -- even if they have your password.

Here’s how to do it on many of the popular email and social media platforms.

Caption by / Photo by Sharon Profis

Now’s the time when you realize why tech and security experts passionately recommend against recycling passwords. If you used your email account password for other online accounts (like Facebook), a hacker who obtained your email password can quickly find out what other online accounts you own, and use your password to access them. 

If you're a guilty password recycler, go and change your password on those other platforms, too.

Caption by / Photo by Sharon Profis

There are so many varying tactics used that it's often difficult to figure out exactly how you fell victim to an email hacking. One of the most common (and successful) methods, however, is through phishing.

Rick Broida offers an excellent overview about phishing, and how to spot a phishing email.

Caption by / Photo by Sharon Profis

Whether the hacker used malware to gain access to your email account, or it was installed as a result of someone emailing you a malicious link, now's a good time to run a malware scan. 

There are several options with AvastMalwarebytes, and BitDefender being a few of the more popular scanners.

Caption by / Photo by Sharon Profis
Up Next
Silent Circle: Phil Zimmermann's pr...