Has your email been hacked? 6 steps to take now

It’s safe to say we all rely on email to keep track of our work and personal lives. But on the flip side, that means our accounts are a treasure trove of information. Unfortunately, cybercriminals know how valuable this is, so they often target email accounts in their hacking schemes.

If you can’t log into your email, or you’re noticing strange settings or sent items in your account, you might have fallen victim to a hack. Having your accounts hacked is never fun, but springing into action can help to mitigate the effects and help you get back online faster. Here’s what to do when your email address is compromised, according to the experts at ESET.

  1. Update your operating system

You might have heard of Microsoft Windows, macOS or Linux. These are operating systems (OS), and they manage your device’s software, hardware, memory and other processes so everything runs seamlessly. If your account has been hacked, the first thing you should do to secure your email is update your OS to make sure your device has the most up-to-date safeguards and security fixes in place. That way, hackers will find it much more challenging to access any malicious programs they’ve installed on your device.

While you’re at it, switch on auto-updates if they’re not already on. The OS will then update its software as soon as the manufacturer releases new security fixes, so your device will be stronger against threats.

  1. Email your contacts to inform them of the hack

Your contacts might suspect you’ve been hacked — especially if the hacker started sending strange or unsolicited emails to your database. Can you be hacked by opening an email? Yes, so whether you think a hack is obvious or not, it’s important to alert your contacts so they don’t click on any links or attachments within it. This can go a long way in stopping the spread of malware.

Along with explaining your email was compromised, let them know you’ve taken steps to secure your account (like changing your password — more on that soon). This is especially key if your business account was hacked, as you want to reassure your clients their data is safe ASAP.

  1. Change your password

Ideally, your password should be complex, hard to guess, and completely different from any of your other passwords. Aim to create one with 12 or more characters, and a mix of letters, numbers and symbols. Avoid using any personal identifying information, and consider using phrases or words in other languages to make your password even more obscure.

Need help? Check out ESET’s free password generator tool. The system creates airtight passwords for you (without storing them). Once you have a new password, set a reminder to change it in 3 months’ time. 

  1. Run through an account security checklist

It’s a good idea to assess your account security regularly, but it’s essential to do it after a breach. will help you fortify your account and prevent future hacks.

Here’s what to do:

  • Enable multi-factor authentication (MFA) on your email. With MFA activated, you’ll need to enter your email address, password and another piece of information (like a code sent to your phone) before successfully logging into your account. In other words? MFA makes hackers jump through one more hoop, so it’s harder for them to do their job.
  • Sign out of your email across all devices. This will kick the cybercriminal out of your account, if they’ve managed to tap into your account on a device other than your primary one.
  • Review your login activity and ‘sent’ folder. As for how to check if your email has been hacked, you might find clues as to the actions the cybercriminal took (if any) as well as where they’re located.
  • Update your account’s mail settings and recovery process. Does your account have email forwarding rules you didn’t set up? Did the cybercriminal change the recovery information to give themselves another way to access your account? Is your email linked to a third-party service? You can find — and undo — these features in the settings section of your email account. If you’re having trouble finding them, speak to your email provider (e.g. Google, Hotmail).
  • Turn on spam filters. If your provider offers spam filters, set them up — they will complement any antivirus software you already have.
  1. Report the incident

If you think your bank account or credit card details have been compromised, contact your bank as soon as possible. They might be able to halt transactions, block your card or disable your account so third parties (like hackers) can’t access your hard-earned money.

You can also report an email hack to the Australian Cyber Security (ACSC) through ReportCyber. The report will be sent to the most relevant police department, so try to include as many details as possible to aid their investigation.

Finally, if someone is impersonating you or your business via a fraudulent email address, there are a few options available to you:

  • Contact the Australian Domain Authority (auDA) to alert them about the malicious domain name. This organisation is the authority for domain names ending in “.au”.
  • Send a takedown request to the fraudulent email. The Australian government has a great template you can use.
  • Contact your email provider. If a cybercriminal is using a common, third-party email provider like Gmail or Outlook, Hotmail, Live, MSN to pretend to be you, you can report this as abuse.
  1. Be proactive

After you’ve ticked off these items on the checklist, you’re probably wondering: how can I protect my email from hackers in the future? These tips are a good starting point:

  • Learn the signs of a phishing email. Email scams are rampant, and there are a few red flags to look out for, such as unsolicited, panic-inducing or urgent requests and poor spelling and grammar. If an email sounds too good to be true, it probably is.
  • Research apps, games and programs before downloading them. Anyone can post content for download on the internet, and cybercriminals often hide malware in enticing new apps. Only download an app if you can verify its legitimacy, contact the creator, and read authentic reviews about it.
  • Keep tabs on your identity. Your email is one gateway to learning more about you and potentially stealing your identity. It’s worth keeping track of your online banking and shopping accounts and regularly checking your credit report.

Step up your protection with the best software

Strengthen your security with the help of ESET Internet Security. This premium software has been a CHOICE© Recommended product for three years in a row and has been given a CHOICE© Expert Rating of 92%. It offers a multi-layered defence against a range of cyber threats and works to detect, analyse and block those attacks by securing endpoints (or entry points) of laptops and phones. It also scans your router for vulnerabilities and prevents unauthorised users from accessing your WiFi network.