A lot of people think that their email is safe, but the truth is you never know. Hackers are everywhere and they could be attacking your inbox at any time. You are probably reading this because you have noticed the unusual activity and think you have a compromised account. Whether they want to perform identity theft, gain access to your bank accounts or other accounts, redirect payments, perform online purchases and credit card fraud, or something else, this guide will help you find out if your email was hacked and what to do about it if it has been compromised.
1. What email provider do you use?
The first thing you should do if your email has been hacked is determining which email provider you’re using. If you’re not sure, check your account settings to see whether this information is there. For example Office 365, Gmail, iCloud, and so on.
2. Find out if there is a problem
Now that you have found out which email system you are using, look at your email security settings. Some email services will email you if your email is accessed from another location or a new device. If you received any of these emails, chances are that someone was able to gain access to your email. You might also have received password reset emails that you did not trigger which only means someone was attempting to unsuccessfully use your login credentials with one of your old passwords.
3. Check email login locations
Another way to check if someone accessed your email is by checking where you logged in last. Look at the email which you should have received if someone tried to forward emails from your email without authorization. This email will contain all of the IP addresses’ locations where someone tried to access your email. If you see an IP address that isn’t in your location, then your email might have been hacked.
4. Check your email accounts activity
Go back and check when was the last time you logged into each email account associated with you. If email activity (such as emails being sent) is not under your name for any of the accounts, then there’s a chance you have a hacked email account.
5. Check email forwarding email
Check your email forwarding because if it has been changed, then this means that an unknown email address was added to your email which could also mean that your email has been hacked.
6. Scan your operating system for malware and viruses
It’s time to scan your computer for malware and viruses. A malware or virus could have caused the email hack. For the Windows operating system, you can use Defender or Bitdefender for Macs (or any other antivirus program or security software) and run an antivirus scan. Though finding malware or viruses on your computer is not guaranteed to have compromised one of your email accounts or other accounts, there is a possibility.
7. Check email client for suspicious messages
Access your account (or accounts) in your email client and check for any suspicious email. You should also check the email messages in the following folders:
- sent folder
- trash folder
- spam folder
8. Free tools might be available for some email service providers
Some email service providers offer free tools for checking if your account has been hacked. For example, Gmail offers the “Check mail from recent activity” tool on its login page. You can use this tool to see if hackers are inadvertently using your email to send spam.
9. Find out if the email service provider closed your email due to breaches
Your email service provider may have automatically canceled your email because there were too many failed login attempts or email hacks, so you need to contact them for more information on the status of your email.
10. Check email headers for email hacks
Email headers in messages often reveal the email addresses email clients connect to, and what server an email was sent from. Be sure to check all emails from the past few days because hackers could have been using your email as a relay from a few days ago until now without you knowing it.
How do you prevent your email from being hacked? Or, if your email has been hacked, how do you fix it?
1. Change your password (don’t use the same password from other online accounts)
Change your password to a strong password on the potentially hacked email account immediately before the hacker locks or disables your email by following these steps. Make sure it is different than your bank account (online banking), social media accounts, or any other accounts passwords. You should always use unique passwords, not even similar passwords, for any of your accounts. If given the option to provide security questions, make sure they cannot be easily found.
How to change your email password in Office 365
- Go to https://portal.office.com/OLS/MySoftware.aspx
- Enter the email address that was hacked and select “Unrecognized” for the account recovery email address.
How to change your email password in Gmail
- Go to https://accounts.google.com/signin/recovery?hl=en
- Once you are on this page, sign in to your email account that was hacked
- Click on the email address that was hacked and select “I don’t know” if it asks for your verification.
How to change your email password in iCloud
- Go to https://iforgot.apple.com/password/verify/appleid
- Enter the email address that was hacked and select Continue
- Check the email account associated with the email address that was hacked for an email about changing the email password
- “Apple ID: (the email address you provided) is now locked” means the email has been compromised by a hacker, try to reset or change the email password
2. Implement Multi-Factor Authentication (MFA)
Once you have changed your password, to secure yourselves further consider enabling multi-factor verification (also known as two-factor authentication) on all accounts that support this feature (which includes email) just in case the hackers still manage to get your password so they won’t be able to access anything without the additional authnetication code.
How to implement Multi-Factor Authentication (MFA) on an Office 365 email account
- Login to your email account and go to the “Security and Privacy” tab.
- Navigate to the Access Requests → View details link under Multi-Factor Authentication (MFA).
- Under Registration, click Edit under MFA registration: this email address is already registered.
- Enter your phone number and select one of the following options for sending SMS text messages:
- Once you receive a text message from either of those services, enter the code into the verification field and then click Verify:
- You will be prompted with a Congratulations! window, which will also confirm that MFA is enabled on this email address.
How to implement Multi-Factor Authentication (MFA) on a Google Gmail account
- Go to Google’s 2-Step Verification page.
- Click Send verification code via SMS, email, or voice call/
- Enter your phone number and click Next.
- 4. You will receive a text message with the 6-digit code you need to enter in the following field where it says “Enter verification code” :
- If you selected email as the preferred method of receiving your MFA code, go to email inbox → select one of the messages from Google → open the message containing your MFA code:
- Copy and paste that code into the field where it says “Enter verification code”, then click Verify:
- A Congratulations! window will pop up for confirmation that your email was successfully verified.
How to implement Multi-Factor Authentication (MFA) on an iCloud email account
- Go to “Manage your Apple ID” and sign in.
- Click the Password and Security link under Security on the left.
- Under Two-Step Verification, click Get Started.
- Select phone as your verification method and click Next:
- At this point you will receive a text message with a 6-digit code that you need to enter into the field that says Enter the code we sent to your mobile phone where it says ENTER CODE (they usually send them within an hour):
- Click Verify:
- You should now see a window that says “Verification successful.”
3. Review unrecognized forwarding rules
If you notice email forwarding rules that you don’t remember setting up, your email account might be compromised.
How to check and remove these forwarding rules in Office 365
- Go to the Office 365 portal.
- Navigate to Mail → select More Options… → select Settings.
- Choose Rules and Alerts → Forwarding, then scroll down to email forwarding rules that you don’t remember setting up:
- If there are email forwarding rules that you don’t remember creating, delete them now.
How to check and remove these forwarding rules in Gmail
- Click the gear icon in the top right corner of Gmail and select Settings from the drop-down menu:
- In the settings window click on Forwarding and POP/IMAP:
- Check this list for any email addresses or other domains that you didn’t specify to forward the email to. If something does look unfamiliar, delete it by selecting it then clicking Remove selected forwards.
- Scroll to the bottom of the email forwarding section and click Save Changes.
How to check and remove these forwarding rules in iCloud
- Log in to your email account on icloud.com (not through a third-party email client like Outlook or Mail).
- On the menu bar at the top, click Mail > Preferences…
- Click Rules. You’ll see this window:
- Check this list for any email addresses or other domains that you didn’t specify to forward the email to. If something does look unfamiliar, delete it by selecting it then clicking Remove selected forwards. Note that if an email address belongs to a Google Group that you are subscribed to, it will stay there even if your email is hacked because only emails sent directly to one of those email addresses are forwarded.
- Scroll down to the bottom of the page. If an email has been forwarded to an email address that you didn’t specify, here is where it will be listed with a From email address that does not match your email’s current From email address.
- Click Delete for any email addresses or domains in this list. They are no longer forwarding anything else to your email. You can also delete all email forwards here by clicking Delete All Forwards above the window on the right side of the screen. NOTE: Deleting these email forwards doesn’t automatically remove anyone from an email group that they are currently subscribed to via email forwarding.
Now that your email has been checked for hacking and you have taken measures to secure it and prevent it from recurring it should be much safer going forward! You might also consider using identity theft services, using hard-to-find answers to security questions, and additional security software to further secure yourself.
If this was a business account, please also feel free to contact us and we would be happy to help secure your whole organization!