How to fix and prevent a hacked email account
If you’re ever unlucky enough to fall victim of an email hacker, follow this guide. The hope is that if you follow each step, you’ll never have to send another "Sorry everyone, my account was hacked" email again.
Regain access to your account
Hackers don’t always change your email account password. There are plenty of scenarios where they simply log in, send out a mass email to your contacts, and move on to the next victim. Other types, however, will change your password to stave you off.
In that case, the first thing you should do is regain access to your account. Just use the standard "Forgot your password?" link at the sign-in screen to reset your password and get back into your account. You’ll either have to answer security questions, or recover it using a backup email address.
Stop using easy passwords
Whether or not the hacker changed your password, now's the time to choose a new one. This guide is very helpful in suggesting guidelines for hard-to-crack passwords, which involve using many characters including uppercase letters, lowercase letters, symbols, and even spaces.
Even better, consider using a password manager. LastPass -- among others like DashLane -- securely stores your passwords and auto-generates complex, hard-to-crack passwords less vulnerable to hackings.
Here's more on LastPass and how to get started with the free service.
Reenter your password on other devices
After changing your password, remember to go into those phone and tablet settings to enter your new password so that your mail arrives as usual.
Check your settings
Back in your email account settings, make sure the hacker hasn’t changed any settings that will give them easy access to your account in the future. For example, check that your secondary (recovery) email is still accurate.
Also check that the hacker didn’t introduce any forwarding rules, so that any emails you receive also get sent to their account.
Kick out active logins
Before you go any further, glance at your active logins to see if anyone is currently accessing your account. If you changed your password, it shouldn't be a problem, but this is a good habit to establish anyhow, especially if you've logged in from a public computer.
On Gmail, you'll find it by clicking "Details" in the bottom-right corner of your inbox, right below "Last account activity." If you see any suspicious logins, use the link provided to kick them out.
Currently, Yahoo Mail lets you view active sessions, but there's no option to log them out.
Outlook.com doesn't currently seem to provide either option.
Let your friends know
Hackers will often use your email account to distribute malicious software by emailing your contacts.
Send a warning email to friends and family letting them know that if they've received a suspicious email from you, it should be deleted and ignored.
Implement two-factor authentication
If your email was hacked, it can be safely assumed that you have not implemented two-step authentication, which is the best line of defense against hackers.
When it’s enabled, logging into your account requires one extra step. After you enter your password, a code is sent to your phone, which you then enter in the next screen. You only have to do this once for "recognized" computers and devices, and it means that unless a hacker gained control of your phone, there’s no way they can log into your account -- even if they have your password.
Here’s how to do it on many of the popular email and social media platforms.
Check other sites
Now’s the time when you realize why tech and security experts passionately recommend against recycling passwords. If you used your email account password for other online accounts (like Facebook), a hacker who obtained your email password can quickly find out what other online accounts you own, and use your password to access them.
If you're a guilty password recycler, go and change your password on those other platforms, too.
Avoid phishing traps in the future
There are so many varying tactics used that it's often difficult to figure out exactly how you fell victim to an email hacking. One of the most common (and successful) methods, however, is through phishing.
Rick Broida offers an excellent overview about phishing, and how to spot a phishing email.
Run a malware scan
Whether the hacker used malware to gain access to your email account, or it was installed as a result of someone emailing you a malicious link, now's a good time to run a malware scan.
There are several options with Avast, Malwarebytes, and BitDefender being a few of the more popular scanners.