Dealing with a Hacked Email Account

What is a Hacked Email Account?

A hacked email account happens when someone gains access to your email without your permission. This can happen if your password was stolen through phishing, guessed because it was weak, reused from another breached website, or accessed from an infected device.

Once criminals get into your email, they can:

  • Read your private messages

  • Reset passwords to other accounts

  • Send scam emails pretending to be you

  • Access sensitive documents

  • Attempt financial fraud

Gaining control of your email gives criminals access to much more because your email is linked to many accounts, including banking, social media, shopping, and work accounts.

If you suspect your email has been hacked, acting quickly is critical.

Signs Your Email Account May Have Been Hacked

Sometimes the signs are obvious, but other times they can be subtle. Look out for:

  • You can’t log in – your password suddenly stops working.

  • Password reset emails you didn’t request – This may mean someone is trying to take over your account.

  • Emails sent from your account that you didn’t send – Friends or colleagues may tell you they received strange messages from you.

  • Unexpected login alerts – notifications showing logins from unfamiliar locations or devices.

  • Changes to account settings – Your recovery email, phone number, or forwarding rules may have been changed.

  • Missing emails – messages may be deleted or moved without your knowledge.

Example:
You receive messages from friends saying you sent them links asking for money or gift cards – but you never sent those emails. Such behaviour indicates a possible compromise in your email.

What To Do If Your Email Has Been Hacked

If you think your email account has been accessed without permission, don’t panic. Follow these steps as soon as possible.

Quick Response Checklist

  1. Try to log in and change your password immediately

    • Choose a strong password that you haven’t used before.

    • If you cannot log in, use the email provider’s password recovery process.

  2. Enable Two-Factor Authentication (2FA)

    • This adds an extra layer of protection and makes it much harder for attackers to regain access.

  3. Check your account settings
    Look for changes you didn’t make, including:

    • Forwarding rules

    • Recovery email addresses

    • Phone numbers

    • Sign-in locations
      Remove anything suspicious.

  4. Check your sent emails
    Look for messages you didn’t send. Should your account send suspicious emails, caution your contacts not to click on links or reply.

  5. Scan your device for malware
    If your email was accessed due to malicious software, it’s important to remove it before continuing to use your device.

  6. Change passwords for other important accounts
    This is particularly crucial if those accounts share the same password or are associated with your email.

  7. Contact your email provider
    Many providers have dedicated support for compromised accounts.

What To Do If You Cannot Access Your Email

If the attacker has locked you out:

  • Please utilise the “Forgot Password” option right away.

  • Follow the recovery steps carefully.

  • Provide any requested verification information.

  • Contact the provider’s support team if recovery fails.

Most major providers (such as Gmail, Outlook, or Yahoo) have account recovery processes designed for these situations.

How to Report a Hacked Email

Reporting helps protect both you and others:

  • Please report the incident to your email provider.

  • If financial fraud occurred, contact your bank immediately.

  • In England, Wales, or Northern Ireland: report to Action Fraud.

  • In Scotland: report to Police Scotland.

If scam emails were sent from your account, inform your contacts so they don’t fall victim.

How to Protect Your Email in the Future

Once your account is secure, take steps to prevent it from happening again.

  • Use strong, unique passwords
    Avoid using the same password across multiple accounts.

  • Consider using a password manager
    These tools store your passwords securely and help you create strong ones.

  • Enable Two-Factor Authentication (2FA)
    This is one of the most effective ways to protect your account.

  • Be cautious of phishing emails
    Never click links or download attachments unless you are sure they are safe.

  • Check account activity regularly
    Many email providers allow you to review your login history.

  • Keep devices updated
    Install updates for your phone, tablet, or computer as soon as they are available.

Real Examples of Email Account Hacks

Here are some common ways people lose control of their email:

  • Phishing Link Attack
    You receive an email saying your account will be suspended unless you log in immediately. The link takes you to a fake login page that steals your password.

  • Password Reuse Attack
    You use the same password on multiple websites. An attacker breached one of those sites and used the leaked password to access your email.

  • Malware Infection
    You open an attachment from an unknown sender. The file installs malware that records your keystrokes and steals login details.

Hacked Email Account Do’s and Dont’s

Do’s

  • Do change your password immediately.

  • Do enable Two-Factor Authentication (2FA).

  • Do check account settings for suspicious changes.

  • Do warn your contacts if scam emails were sent from your account.

  • Do scan your device for malware.

Dont’s

  • Don’t reuse old passwords.

  • Don’t ignore login alerts or unusual activity.

  • Don’t delay taking action – time matters.

  • Don’t trust unexpected password reset emails.

  • Don’t assume the attacker will stop without intervention.

Get additional support

If you need further assistance or have concerns about your situation:

  • Contact The Cyber Helpline – If you've followed this guide and still have issues, get back in touch with us through our chatbot or helpline for further support.

  • Seek professional IT help - If you're not confident following these steps or the problem persists, ask a trusted IT professional or tech-savvy friend for help. Many local computer repair shops can assist with removing malware.

Donate

Your generosity makes our free support possible. Please consider giving today.

Without donations, we cannot keep our service free or provide help to the most vulnerable victims of cybercrime when they need it most. As a not-for-profit organisation, every donation goes directly towards keeping The Cyber Helpline up and running. Donate now and help us support victims of cybercrime.

 
Donate now

To help people like you we rely 100% on donations from people like you.