What to do when your email password has been compromised

Thursday 10th January 2019

What to do when your email password has been compromised

If you find yourself a victim of email hacking there are a few very important steps you need to take. Although the key here is to act fast!!


1. Regain access & Change Your Password

This is the very first thing you must do to ensure the hacker can’t get back into your account. It is essential that your new password is complex and totally unrelated to previous passwords. Always use at least 8-10 characters with a variety of upper and lower case and throw in some symbols and numbers. I really like the idea of a crazy, nonsensical sentence – easier to remember and harder to crack!

If you find the hacker has locked you out of your account by changing your password, you will need to reset the password by clicking on the Forgot My Password link, found on most login pages.

2. Let Your Email Contacts Know

A big part of the hacker’s strategy is to ‘get their claws’ into your address book with the aim of catching others as well. Send a message to all your email contacts as soon as possible so they know to avoid opening any emails (most likely loaded with malware) that have come from you.

3. Change Your Security Questions

If you have a security questions associated with your email account, please change this too. And please make it unpredictable and unique ! It’s possible that this was how the hackers broke into your account in the first place. When Yahoo had 500 million accounts hacked in 2014, not only were the passwords stolen but the security questions too. If you have a security question associated with your account, make up a response that makes no sense. This is the perfect opportunity to tell a lie!

4. Setup Multi Factor Authentication

Yes, multi-factor authentication adds another step to your login but it also adds another layer of protection. Enabling this will mean that in addition to your password, you will need a special one-time use code to login. This is usually sent to your mobile phone.

5. Check Your Email Settings

It is not uncommon for hackers to modify your email settings so that a copy of every email you receive is automatically forwarded to them. Not only can they monitor your logins for other sites but they’ll keep a watchful eye over any particularly juicy personal information! So, check your mail forwarding settings to ensure no unexpected email addresses have been added.

Also check your email signature to ensure nothing spammy has been added. And also ensure your ‘reply to’ email address is actually yours! Hackers have been known to create an email address here that looks similar to yours – when someone replies, it goes straight to their account, not yours!

6. Scan Your Computer for Malware and Viruses

This is essential. If you find anything, please ensure it is addressed and then change your email password again. And if you don’t have it – please invest. Comprehensive security software will help provide you with a digital shield for your online activity.

7. Change Any Other Accounts with the Same Password

Time consuming but very worthwhile! Ensure you change any other accounts that use the same username and password as your compromised email. Hackers love the fact that many of us use the same logins for multiple accounts, so it is guaranteed they will try your info in other email application and sites such as PayPal, Amazon, eBay, Netflix – you name it!