If your email account has been hacked…
Here’s what you need to do next…
1. Recover Your Account
Login to your email account via email service provider’s login page.
If you can, thats fine and proceed to step 2 to change your password, security questions and other password recovery options.
If you are unable to login even though you know that you’re using the correct password, then it’s likely that the somebody has already changed your password.
The major reason for this situation is simply that someone else knows your account password and is logging into your account online.
Yes, it’s possible that a key-logger on your PC was used to sniff your password. Yes, it’s possible that your PC was used in a non-secure way at an open WiFi hotspots. So, yes, absolutely, scan it for malware and use it safely, but don’t think for a moment that once you’re malware free, you’ve resolved the problem. You have not.
You need to follow the steps outlined to the left to regain access to your online account and protect your online account from further compromise.
Use the “I forgot my password” or other account recovery options offered by your email service. Typically, your provider will send password reset instructions to an alternate email address that you do have access to or perhaps have you answer the “secret questions” that you set up when you created the account.
If the recovery methods don’t work – perhaps because the hacker has also altered all of the recovery information that might be used (changed the alternate email address or answers to the secret questions) or perhaps because you don’t recall the answers, didn’t maintain the alternate account, or didn’t set up any recovery information in the first place – then you may be out of luck.
If recovery options don’t work for whatever reason, your only recourse is to use the customer service options provided by that email service. For free email accounts, there are usually no phone numbers or email addresses. Your options are usually limited to self-service recovery forms, knowledge base articles, and official discussion forums where service representatives may (or may not) participate. For paid accounts, there are typically additional customer service options that are more likely to be able to help.
Important: If you cannot recover access to your account, then it is now someone else’s account. It is now the hacker’s account. Unless you’ve backed up, everything in it is gone forever and you can skip the next two items. You’ll need to set up a new account from scratch.
2. Change Your Password
One you regain access to your account, or if you never lost it, you should immediately change your password.
As always, make sure that it’s a good password: easy to remember, difficult to guess, and long. In fact, the longer the better, but make sure your new password is at least 10 characters or more and ideally 12 or more, if the service supports it.
But don’t stop here. Changing your password is not enough.
3. Change Your Recovery Information
While the hacker had access to your account, they may elect to leave your password alone. That way, chances are you won’t notice that the account has been hacked for a while longer.
But whether they changed your password or not, they may very well have gone in and changed the recovery information.
The reason is simple: when you finally do get around to changing your password, the hacker can follow the “I forgot my password” steps and reset the password out from underneath you using the recovery information that he collected or set.
Thus, you need to check all of it and change much of it … and right away.
Change the answers to your secret questions. The answers that you choose don’t have to match the questions (you might say your mother’s maiden name is “Microsoft”, for example). All that matters is that the answers that you give match the answers that you set here if you ever need to recover your account.
Check your alternate email address or addresses associated with your account and remove any that you don’t recognize or are no longer accessible to you. The hacker could have added his own. Make sure that all alternate email addresses are accounts that belong to you and that you have access to.
Check any mobile or other phone numbers associated with the account. The hacker could have set their own. Remove any that you don’t recognize and make sure that if a phone number is provided, it’s yours and no one else’s.
These are the major items, but some email services have additional information that they can use for account recovery. Take the time now to research what that information might be and if it’s something that could have been altered while the hacker had access to your account.
Overlooking information that could be used for account recovery could allow the hacker to easily hack back in; make sure that you take the time to carefully check and reset as appropriate.
4. Check Related Accounts
This is perhaps the scariest and most time consuming.
Fortunately it’s not common, but the risks are high so understanding this is important.
While the hacker has access to your account, they have access to your email, including both what is in your account now – past email – as well as what arrives in the future.
Let’s say that the hacker sees that you have a notification email from your Facebook account. The hacker now knows that you have a Facebook account and what email address you use for it. The hacker can then go to Facebook, enter your email address, and then request a password reset.
A password reset that’s sent to your email account … that the hacker has access to.
As a result, the hacker can now hack your Facebook account by virtue of hacking your email account.
In fact, the hacker can now gain access to any account that has this hacked email associated with it.
Does He Have Your Password?
Like, perhaps your bank. Or Paypal.
Let me say that again: because the hacker has access to your email account, he can request a password reset be sent to it from any other account for which you use this email address. In doing so, the hacker can hack and gain access to those accounts.
What you need to do: check your other accounts for password resets that you did not initiate and any other suspicious activity.
If there’s any doubt, consider also proactively changing the passwords on those accounts as well. (There’s a strong argument also for checking or changing the recovery information for these accounts just as you checked for your email account, for all the same reasons.)
5. Let Your Contacts Know
Some may disagree with me, but I recommend letting your contacts know that your account was hacked. Either from the account once you’ve recovered it or from your new email account.
In particular, inform all of the contacts in the address book that’s kept with that account online. That’s the address book that the hacker would have had access to.
I believe it’s important to notify your contacts so that they know not to pay attention to email sent while the account was hacked. Occasionally, hackers will actually try to impersonate you to extort money from your contacts. The sooner that you let them know that the account was hacked, the sooner, they’ll know any such request – or even the more traditional spam that might have come from your account – is bogus.
6. Start Backing Up
One of the common reactions to my recommending you let your contacts know is: “But my contacts are gone! The hacker erased them all and all of my email as well!”
Yes. That happens sometimes. It’s often part of a hacker not wanting to leave a trail – they delete everything in the account: everything they’ve done along with everything you’ve done.
If you’re like most people, you’ve not been backing up your online email. All I can suggest at this point is to see if your email service will restore it for you. In general, they will not. Because the deletion was not their doing, but rather the doing of someone logged into the account, they may simply claim it’s your responsibility.
Hard as it is to hear, they’re right.
Start backing up your email now. Start backing up your contacts now.
For email, that can be anything from setting up a PC to periodically download the email via POP3 or IMAP to setting up an automatic forward of all incoming email to a different email account, if your provider supports that. For contacts, it could be setting up a remote contact utility (relatively rare, I’m afraid) to also mirror your contacts on your PC or periodically exporting your contacts and downloading them that way.
7. Learn From the Experience
Picking Passwords Out of the Air
Aside from “I should have been backing up,” one of the most important lessons to learn from the experience is to consider all of the ways that your account could have been hacked, and then take appropriate steps to protect yourself from a repeat occurrence in the future.
Use long passwords that can’t be guessed and don’t share them with anyone.
Don’t fall for email phishing attempts. If they ask for your password, they are bogus. Don’t share your password with anyone.
Don’t click on links in email that are not 100% certain of. Many phishing attempts lead you to to bogus sites that ask you to login and then steal your password when you try.
If you’re using WiFi hotspots, learn to use them safely.
Keep the operating system and other software on your machine up-to-date and run up-to-date anti-malware tools.
Learn to use the internet safely.
Consider multi-factor authentication where simply knowing the password is not enough to gain access. Most services do not support this, but for those that do (Gmail, for example), it’s worth considering.
If you are fortunate enough to be able to identify exactly how your password was compromised (it’s not common), then absolutely take measures so that it never happens again.
8. If You’re Not Sure, Get Help
If the seven steps above seem too daunting or confusing, then definitely get help. Find someone who can help you get out of the situation by working through the steps above.
While you’re at it, find someone who can help you set up a more secure system for your email and can advise you on the steps that you need to take to prevent this from happening again.
And then follow those steps.
The reality is that you and I are ultimately responsible for our own security. That means taking the time to learn and to set things up securely.
Yes, additional security can be seen as an inconvenience. In my opinion, dealing with a hacked email account is significantly more inconvenient and occasionally downright dangerous. It’s worth the trouble to do things right.
If that’s still too much … well … expect your account to get hacked again.
9. Share This Article
As I said, email account theft is rampant.
Share this article with friends and family – statistically, you or they will encounter someone who’s account has been hacked and who will need this information.
Use the Share buttons below.
Share this short-URL: http://ask-leo.com/C5415 to go directly to this article online.
A stand-alone PDF of this article is available for offline viewing: right click here and “Save Target As…” (or equivalent) to save a copy on your PC. Feel free to share this document with others. (Adobe Reader, FoxIt Reader, or equivalent PDF reading application required to view the document.)
Gmail Account and email services
To create a gmail account first open http://gmail.com and register yourself here with required information. after creation account you will get an acknowledge message on screen to continue your email service. it will display a button says “Go to inbox”. you can choose your user id during registration but if that user id is not available and already taken by other user then gmail offers you some random user id matching with your name. and google suggest you to keep your password strong (using alphanumeric characters and special characters).
Gmail provides Google calendar, Chatting with user or multiple user group chat, gmail docs and video calling functionality free of cost. In setting tab you can customize your google email account according your requirement.
you can change theme, fonts, color, mail box view, manage contacts, import export settings, import export contacts etc.
Gmail also provide you to use mail functionality at local mail clients like Outlook, thunderbird or any other mail client softwares. Gmail provides both type mail access one is IMAP and another is pop3.
Important tags related with Google accounts and Gmail
create gmail account, gmail calendar, gmail change password, gmail chat, gmail chat iphone, gmail login access, gmail docs, gmail mobile, gmail email, gmail password, gmail password recovery, gmail sign in gmail sign in, gmail sign up, gmail talk
aol email anonymous email account
att email create a yahoo email account
comcast email email account login
email login hotmail email account
email search msn email account
godaddy email outlook email account
my email verizon email account
verizon email windstream email account
change email password hotmail iphone
email password cracker hotmail mobile app
email password finder hotmail mobile download
email password recovery hotmail mobile iphone
forgot email password hotmail mobile login
hack email password hotmail mobile login address
verizon email password hotmail mobile phone
yahoo email password hotmail mobile settings
yahoo finance hotmail change password
yahoo mail change password hotmail contact number
yahoo mail desktop hotmail email
yahoo mail email hotmail home page
yahoo mail home page hotmail incoming mail server
yahoo mail login hotmail msm
yahoo mail problem hotmail pop settings
yahoo messenger hotmail troubleshooting