My email got hacked, how do I fix it?

Best email services: image of email with one unread message alert
(Image credit: Future)

TechRadar created this content as part of a paid partnership with NordPass. The contents of this article are entirely independent and solely reflect the editorial opinion of TechRadar.

Hackers would love to get their hands on the treasure troves of information that our emails often contain. An email account may provide access to valuable company data or login information leading to other devices and endpoints on your company network. Therefore, it is imperative for you to follow good security practices in order to ensure that hackers don't hack your email. 

In case you do end up posing the question, "My email got hacked, how do I fix it?", worry not, as there are steps you can take to mitigate the damage and seize back control of your account. But before getting into the ins and outs, let's look at how hackers hack an email and how you can check whether your email has been hacked.

How an email gets hacked  

In Q1 of 2023, global cybersecurity attacks recorded an 8% increase, with firms suffering 1,248 attacks per week, despite the constant evolution of technology and security services. While this may seem like a scary number, implementing proper security measures can negate most, if not all, of these attacks. Similarly, knowing what type of attacks hackers employ in an attempt to hack an email is important. The table below lists the three most common attacks.

Swipe to scroll horizontally
TypeHow it works
PhishingHackers send malicious emails or texts guiding the users to a spoofed site of a service they might be using, asking the user to log in. The hackers get all of the details if the user falls for this ploy.
Man-in-the-middle attackHackers become the middle layer in an unsecured public network, intercepting the communication between the user and the service he is trying to use.
Brute force attackA typical trial and error approach, however, hackers deploy software that tries out a massive number of word combinations to try and guess a user’s password.

The table is not exhaustive by any means but covers the major attacks used by hackers. Note, each of these attacks has “sub-variants” such as for example “spear phishing”, “whaling”, etc. Each of these attacks shows off certain signs that your email has been hacked. But how can you know for sure?

Reader Offer: Save 55% on NordPass Premium

Reader Offer: Save 55% on NordPass Premium
NordPass provides an accessible, competent, easy-to-use solution that most people will love, according to TechRadar editors. Save 55% on NordPass Premium plus 3 months free.

Preferred partner (What does this mean?

How to check whether your email has been hacked?

The most obvious sign that your email has been hacked is the failure to log in. However, hackers may target long-term damage and will not lock you out of your account immediately. Check the sent folder in your email, and if you notice sent emails that you cannot remember sending, your alarm bells should be going off. The next step you should take is to check the login activity that most email providers offer. This will show you the locations, IP addresses, and timestamps of recent logins, which can be an ideal way of checking for unauthorized logins. 

If you notice one of the above-mentioned red flags, you might have done one of the following things that led to this predicament:

  • Used weak passwords
  • You clicked on a malicious link (from an email, social media sites, or chat client)
  • You clicked on a shady advertisement link 
  • You downloaded a script or file attached to a game, video, song, or attachment that contained malicious code 
  • You are not using security software 
  • You are not using up-to-date software

What comes next?

OK, your email got hacked, you know how it happened, and now you need to fix it. Here are some of the steps you can take to fix the issue. 

The first step you can do to take control of the issue is to contact your email service provider and go to their account recovery page (most providers have a dedicated site for this). You may need to provide proof of identity and answer security questions you used when creating your email before you are allowed to take control of your account. It would be best to do this from a new device, one that has not been potentially compromised. 

The next step is obvious but must be stated as it is key. As soon as you gain access to your email, change the credentials. Ensure that you are not using easy-to-guess personal information but a password that will be brute force resistant by combining letters (small and large caps), numbers, and special characters. For the time being, you can write down the new password, but make sure to either use a secure password manager to store the new password or memorize the new password and destroy the paper you wrote the new password on. 

Once you are back in your account and setting up security settings, make sure to turn on two-factor authentication (2FA), and tie it to your mobile phone number or an authenticator app to prevent hackers from taking over the account again. 

Regardless of whether you’re using a PC or a mobile phone, ensure that you have the latest versions of antivirus and antimalware software installed. In addition, update your operating system to ensure the latest security patches have been installed. Turn on automatic updates for both the operating system and security software to ensure you’re always up to date with the latest patches. If you have an IT administrator, ensure that they turn on the automatic updates for your devices.

Email breaches tend to be followed by or preceded by a malware infection, with the most common being:

Swipe to scroll horizontally
TypeHow it works
VirusMalicious program or file spread through the system when triggered by a malicious program.
WormSimilar to viruses but do not require input from the user to become effective. Often worms infect hard drivers and destroy files.
RansomwareLocks out the user from the computer, files, or accounts, requiring funds to release the locked device. Payments are usually made through crypto in the past few years.
TrojanMasking as legitimate software this malicious program corrupts a device once activated by an unsuspecting user.

This step is also crucial as it can stop the spread of a hack. Hackers may utilize your contact list to send them emails containing malicious links, attachments, or software since your contacts are more likely to open such links since it's coming from someone they know. Make sure to let them know that all emails they’ve received from you while you have been locked out of your account need to be deleted, and no links should be opened. 

There is a possibility that one or all of your security questions have been compromised, and with certain accounts, they’re all a hacker needs to get access to your account. Make sure you go through the list of your security questions and update them to something that is more difficult to guess. If you are using the question: “What is your dog’s name?”, make sure to change it, as questions like these are easy to guess or pick up from your social media accounts. 

Hackers can delete all of your data from your email, including your contacts. Similarly, they can do this to your online cloud accounts. To avoid such a scenario, the best option is to back up all of your data to a secure cloud or offline (hard drive). 

Some email providers may decide to restore your data, but more often than not they will refuse, as the deletion came at the hand of a logged in user, making the mistake your fault. 

The Android and iOS app stores can, at times, house malicious apps, though both Google and Apple are doing the best they can to remove such content as quickly as possible. Therefore, software that has good reviews and comes from reputable sites should only make its way onto your devices. If you’re getting the software from pirated sites, for free, or from a chat client, it is best to assume they have viruses and not install them. 

ID theft protection services from reputable companies can be a lot of help after you’ve been hacked. Their services include, among others, real-time online account monitoring, which can provide you with peace of mind. In case of identity theft, you can count on their assistance and even set up frequent credit reporting services to make sure all of your bases are covered. 

Such services often come with a hefty price tag, so make sure to shop around and look for reputable companies. A potential alternative, or addition, could be in the form of cyber security software that offers account monitoring services. Here too, you will get real-time monitoring and reports in case of any breaches, leaks, or suspicious activity. 

While this may sound intuitive, the best thing you can do is to analyze how you got hacked and take proactive steps to avoid a repeat occurrence. This may include all of the above we mentioned, but also learning how to stay safe online or how to use WiFi hotspots safely.  

End-to-end encryption for tighter security

By its nature, email is susceptible to security breaches and interception, despite it housing most of our sensitive information. However, with encryption, we can ensure that the content of the messages cannot be extracted or used. There are numerous types of encryption, with end-to-end encryption (E2EE) offering one of the highest levels of security. Companies in the US usually opt for Advanced Encryption Standard (AES), however E2EE is a much safer alternative. 

E2EE is a security standard that ensures the protection of data in transit and during storage (on a server, for example). In essence, this means that neither an Internet Service Provider (ISP), an Application Service Provider, a network administrator, or a hacker can read the content of an email that has been encrypted using E2EE.

Here, the protection takes place on the device level, with information being encrypted before it is actually sent out. Decrypting takes place only on the intended device, which houses the necessary secret keys stored on the receiving device. 

Such a level of encryption is different from what the typical email providers offer and could be an option for users that have a lot of sensitive data on their email and require an extra layer of protection.

Learn more about scams and hacks

Smartening up about spam messages, phishing attacks, and scams could be the difference maker when it comes to protecting your accounts. Spam seemingly comes at us from everywhere, which means that today, more than ever, we need to be extra vigilant when it comes to phishing scams. 

Keep in mind that no reputable company or financial institution will reach out to you via email to ask for sensitive data. Similarly, they will never send you links to their sites asking you to log in. If you are in doubt, the best thing is to type in their web address yourself, log in and see if a similar message is waiting for you on their platform. Other than that, pick up the phone and double-check if they’ve actually sent you the email in question. 

Businesses often opt for online training classes for their employee's tailor built for security issues. Such classes take place once a month or at a custom interval and help employees learn what type of tricks hackers use.

Wrapping up

When faced with this situation, most people panic and make things even worse. As a result, they try to avoid using online services, fearing a repeat scenario. The problem often time is that you were careless in browsing the web, leaving your personal information around, or using WiFi hotspots. 

Following the list of recommendations, enumerated above, you can avoid most of the mistakes that can get your accounts compromised. Furthermore, learning about online scams can help you become wise to the tricks hackers use and avoid them altogether. All in all, make sure your software is up to date, you visit reputable sites and avoid leaving personal information at every possible site. Good luck!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.