In a previous post about email safety, we detailed some of the various things that you should be aware of when using email. Things such as phishing attempts, spoofing and of course the old chestnut, spam, are all ways you can risk becoming the victim of cyber scams of one sort or another. What though if you are unlucky and do suffer an email hack? Earlier this month (October 2017) it was confirmed that a massive data breach which struck Yahoo in 2013, and left some 3 billion accounts impacted. Back in 2016 they reported that over 500 million accounts had been breached in late 2014. So, if you think email hacks are not something that could happened to you, think again.

There are a few signs that indicate immediately if your email account has been hacked:
– Your password has changed (and you didn’t change it)
– Your friends receive spam messages from “you” (but it’s not you)
– Emails in your inbox that you don’t recognise (such as password reset emails you didn’t send or request)

There are a number of sites out there where you can check whether your email address has ever been compromised (and published), just by inputting your email address. When researching this post, I tried this, using one of my personal email addresses, and found that it had indeed been compromised* in three separate leaks. Here are the steps I took immediately…

* It should be noted that although my email address appeared as part of a list of known leaked personal details, it doesn’t mean my actual account has or had ever been hacked, just that the address (along with many others) was known to have been leaked.

Change Your Password

This might be blatantly obvious, but you’d be amazed how many people stall on this step, when faced with finding out their email account has been tampered with. Make sure the new password it’s something secure, and not something related to your previous one.

A couple of basic tips for password creation: Pick a phrase you’ll remember. Take the first letter of each word and run them together into a word. Make some of the letters capitals, and substitute numbers where it would make sense to – but don’t make the substitutions too obvious. For example, a phrase like “I hate to work late” could become “iH82wkl8”. Or tweak that formula and don’t abbreviate all the words. “The cow jumped over the moon” might become “tcjOVERtm00n”. Also, try and make sure your password contains at least 8-15 characters.

Run A Malware Scan On Your Computer

If you don’t already have anti-malware installed software on your computer, then make sure you get some, stat! You can download a free version of Malwarebytes, and once you have, run a full scan. If it finds any malware, then once you have removed it, go back and change your password again.

Get Your Account Back

In some instances when a hacker breaks into your account they will also change the password, meaning you won’t be able to log in at all. To re-gain access you need to follow the “Forgot My Password” link (usually on the login page of most web-based services). Set up your new, secure password (using some of tips above), and you should be good to go.

Take A Look At Your Email Settings

It’s worth having a little dig into your email service’s settings just in case a nefarious hacker has gone the extra mile and messed with things that are a little less obvious at first glance. For example, check your email forwarding settings and make sure no new addresses have been added that you don’t expect. Also, check if your service has a “Send mail as” setting (which should be automatically set to your name and email address, unless you changed it yourself) doesn’t have any extra email addresses attached to it.

Set Up Two-Factor Authentication

Many email services (as well as other security conscious services such as online banking) will have the ability to enable two-factor authentication. In short, this is a system whereby as well as needing your password to log into your account, you will also need a one-off code that can be sent to your phone, or it can be generated by another piece of third party software. For a more detailed explanation, check out How-to Geek’s post on What Is Two-Factor Authentication.