Helping you fight identity theft from occurring through your email accounts
Protect your email account before something happens
- Use a strong password. Create a password with letters, upper and lower case, numbers and special characters such as #, &, and %. Don’t use your first or last name as part of your password or a phrase that is easy to guess.
- Protect your address and password. Your email ID and password are your confidential information. Don’t tell anyone your password or give them a clue to your password. Do not keep a copy of your email details on the internet or on your system.
- Use the second sign-in verification option if it is available from your email provider. This option looks for suspicious sign in attempts from a new browser other than the one that you originally used to enable this option. If there is a suspicious attempt, the person will need to enter a verification code that will be sent to your cell phone or will need to answer two security questions that you established as part of the process. If you weren’t trying to access your account and you receive the code, you’ll also know that someone was trying to access your account.
- Don’t click on links in an unsolicited email. Legitimate companies never send an email asking you to reset your password or provide personal information by clicking on a link. If you receive an unsolicited email asking you to click on a link, don’t. Instead, go to the company’s website to access your account. (See our Phishing Tipsheet for more information.)
- Protect your computer. Install a good anti-spyware program and update it regularly. (See our System Protection Tipsheet for more information.)
- Take caution with public computers and Wi-Fi. If possible, avoid using public computers to access anything sensitive, such as conducting online banking, making purchases, or accessing email accounts. These computers could potentially have malware that is designed to capture the information you have entered. Avoid these same activities when using a public Wi-Fi connection as the information can easily be captured by criminals on the same connection. Make sure to use an encrypted Internet connection whenever you go online.
Signs that your email has been hacked
- Your inbox is full of Mailer-Daemon rejection notices.
- Your contacts are getting mail from you that you did not send.
- There are outgoing messages in your Sent, Drafts or Outbox folder that you didn’t send or create.
- Your Address Book contacts have been erased or there are contacts that you did not add.
- Emails you try to send are suddenly getting refused and returned to you.
- You keep getting bumped offline when you’re signed into your account.
- You are not getting new mail, or your new mail is going straight into your Saved IMs folder.
Recover your email after you’ve been hacked
Step 1: Change your password
If you’re able to log into your account (some hackers actually forget to change your password on you), then do so and change your password immediately.
Step 2: Regain control of your account(s)
If you’re unable to access your account, follow the directions on the email site help center. Remember to change your security and answer questions once you have regained control as the hacker may have noted this information.
Step 3: Report It
Report it to the site immediately.
Step 4: Communicate with your audience
Notify all of your email contacts so they can protect themselves. If emails were sent to your contacts by the hacker, send out an apology to any contacts who might have been the victim of your email hack. Explain what happened and advise your contacts that emails sent from your address might contain dangerous software so that they can protect their computers.
Other Things to Consider
Scan your computer with an updated anti-virus program. It is possible that a Trojan, which runs in the background of your computer systems, was slipped in when your email account was compromised. Hackers can obtain your passwords or gain access to personal information through the Trojans. Run your antivirus program and remove any viruses, spyware, or malware that is identified. If you don’t have an up to date antivirus program we recommend that you install one immediately. (Check out our System Protection Tipsheet for additional information.
Review your internal email settings. Check for forwarding email addresses and delete any addresses that are not yours.
Check for a signature, which is personalized text that is automatically inserted at the bottom of every message you send, and delete if it is not yours.
Change the password on all accounts that you used the same hacked password on.
- Other Email accounts
- Financial accounts
- Online Merchant accounts
- Social Media accounts
Review your email folders for any data exposure. Check all folders for emails that may contain personal or account information. If you find any, immediately change the user id and passwords and contact your fraud specialist for further guidance.