There are several things you should do as soon as possible if you recognize any or all the items listed in our article, Five Signs Your Email Account Has Been Hijacked. Taking these immediate actions will hopefully minimize damage and prevent recurring issues:
- Change your password
If you suspect unauthorized access to your inbox, change your password immediately. If you’ve lost access to the account, try the recovery process. If it fails or doesn’t work, contact your email administrator or customer service as soon as possible.
2. Add two-factor authentication
If you weren’t using two-factor authentication before, now is the time to turn it on. Most email providers support the option for a second login step, which requires you to provide additional identifying metrics before access to the account is granted. Two-factor authentication is one of the most effective methods for delaying or preventing attacks.
3. Set up a new account
Sometimes, despite best efforts to regain access to the account, you’re unable to log in. In that case, you’ll need to begin the work of setting up a new email account and updating all your other accounts to use the new email address. If other accounts were affected by the hack, you’ll need to spend time recovering them too.
4. Alert your contacts
Cybercriminals may use your email account to send spam or try to steal information from people on your contact list or address book. Make sure your contacts are aware of what happened, so they can be on the lookout for suspicious emails or calls. If necessary, let contacts know your new email address where they can reach you.
5. Double-check account recovery information
If you are able to regain access to the email account, double-check your account recovery information. This means checking any email addresses that are listed as a recovery email address, and any phone numbers that are listed. If you don’t recognize the emails or phone numbers, change them immediately.
6. Check account forwarding and autoreplies
Also, check that there are no auto-forwarding or autoreplies enabled for your email account that you didn’t set up yourself. Cybercriminals may use these options to receive copies of emails sent to you or to automatically send spam to your contacts.
7. Investigate additional security options
Look into other security options from your email provider, or that are specific to your device. This could include increased email protection with more stringent policy application, security alerts when signing in from new locations or devices, and/or the option to remotely wipe devices or accounts if they’re lost or stolen.
8. Check if other accounts were affected
Because your email is often used to secure other accounts, it’s important to check if any other online accounts were affected. Make sure you can log in to all online accounts. Consider changing all online account passwords to new ones and use a different password for each online account. If necessary, update the email address too. Look into available security options like two-factor authentication and additional alerts for all your online accounts.
If you have trouble accessing any online accounts, take immediate action by resetting the password or contacting customer service.
9. Run antivirus and clean up your device
It’s possible the cybercriminals gained access to your email account through malware deposited on your device. Be sure to run an antivirus/malware scan to check for spyware, keyloggers, root kits, and other types of malware. Ensure your browsers and apps are up-to-date. Remove any third-party extensions or apps that you no longer need or use. If you’re not regularly backing up your files and programs, now is the time to start.
10. Ask for help
If you’re not sure about taking the above actions yourself, or run into additional problems, contact us for help. Sometimes it pays to have a professional help you mitigate the situation. Yes, this may require additional time and cost, but preventing future security issues is well worth the investment.
Dealing with a hijacked email account can be a headache. Take precautions to better protect your email account now to prevent future attacks. Educate yourself on what type of suspicious activity to look for. Read 5 Signs Your Email Has Been Hijacked so you can identify problems early. Empower yourself to thwart attacks before too much damage occurs.