3 Steps to Take to Recover an Email You Think has Been Hacked

Thinking an email account has been hacked is very stressful. Email is often our most common communication with others, and someone else gaining access to an email account can have serious repercussions. This situation is made more stressful when you are not sure where to begin to regain control of the account.

This post discusses the three steps you can take to recover an email account you think has been hacked.

3 Steps to Take to Recover an Email You Think has Been Hacked

If you think an email account has been hacked, use the steps below to recover the account:

  1. Check for email rules and forwarding to see what is going on with the account
  2. Change the password and set up multi-factor authentication (MFA)
  3. Test sending emails to verify the account is working as expected

Check the email rules

This needs to be step one because the hacker may have set up rules such as forwarding copies of every incoming email to another email account, automatically moving incoming email into folders so you do not see them, and other nefarious rules that put your email at risk.

If you find any email rules that you did not create, remove them immediately. In Outlook, email rules can be accessed by click on "Rules" on the home tab and selecting "Manage Rules & Alerts".

In Outlook you can easily access email rules by clicking on "Rules" on the home tab and selecting "Manage Rules & Alerts".

In Gmail, click on the "Settings" cog and click the "See all settings" button. Click on the "Forwarding and POP/IMAP" tab to verify there are no forwarding addresses set up that you did not create. You can also click through the other menus, but email forwarding is the most critical piece.

In Gmail, click on the Settings cog in the upper right corner, then select "See all settings". Click on the "Forwarding and POP/IMAP" tab to check for email forwarding.

The reason you need to start by looking for email rules is because if you try and reset your password, and the password link goes to the email account while a copy of every email is also being forwarded to an outside email account, the hacker can reset the password just as easily as you. This is why searching for email rules AND removing them must be step one!

NOTE: It is also important to notify your contacts that some emails may have been sent on your behalf and not to open them. Where possible, do this from another account that has not been compromised, or contact them using another media - call, messaging, etc.

Change the password

Once any forwarding rules have been removed, you will want to change the password on the account and set up multi-factor authentication if it is not already configured. Changing the password for the email account is typically done at the login screen by clicking on "Forgot password" or by clicking on a settings or account button if already logged in to the account.

If multi-factor authentication has not already been configured, you will want to set it up. This is typically done by logging into the email account and accessing the security settings.

For example, in Gmail, click on your account icon, then select "Manage your Google Account". From here, click on the Security tab in the left pane and click the button to enable "2-Step Verification". Follow the steps to finish the MFA process.

Enabling MFA is usually done by clicking on the account settings and going to a security section.

Test sending emails

Last but not least, test sending new emails and verifying you can receive replies to these emails. Not receiving any email is often the first indicator to a victim that something is wrong with their email account. Unfortunately, most of the time it isn't that the recipient is not actually receiving email, but rather that the emails are being redirected to another folder so the user does not see them.

This is how a hacked email account quickly becomes dangerous. The person getting copies of the emails, or whom has access to the account, knows where the emails are going and can start sending out messages to your contacts to wire money or give up other confidential or private information that can then be used in other places.

Additionally, the unauthorized user can look at other emails to find out what accounts the email is associated with and begin trying to reset passwords to those accounts in hopes of gaining access to them as well. As you can see, a hacked email can quickly spiral into a much bigger threat.

If you think an email account has been hacked, do not hesitate to act. The longer you ignore this problem, the more trouble you may find yourself in later. Email accounts are especially powerful as well as at risk because they are often the way we get back into other accounts. This means they are the portal to a wide variety of your personal accounts and should be protected by a powerful password and MFA wherever possible.

As always, a little bit of thought put into a complex password can save you a ton of effort and help prevent future problems!