If you believe your email account has been hacked, don’t panic! Thousands of email accounts are hacked every day. Whilst you are an unfortunate statistic there are practical things you can do to address the immediate issue.
You can also learn from this experience and implement controls that will significantly reduce your chances of being hacked in the future.
Before you discover what to do if your email account has been hacked It is useful to understand how emails are hacked, a brief history and overview of how email works, and why it is vulnerable to attack.
How are emails hacked
Emails can be hacked in a variety of ways. Common methods include brute-force attacks, phishing scams, and malware. Brute-force attacks involve trying out thousands of different passwords until the correct one is found, while phishing scams involve sending spoofed emails that appear to come from legitimate sources, with malicious links or attachments.
Malware is malicious software that, when installed on a user’s computer, can give the hacker access to the user’s email account.
To understand how emails are hacked it is useful to understand a little about the history of email and how it was conceived.
History of email
Email was first introduced in 1971 by Ray Tomlinson, who developed the technology for digital messaging for the ARPANET network system. By 1978, email had become the de facto standard for sending messages between computers and within networks used by academia and selective businesses.
By 1990, email had become an essential part of business communication. Companies began using it to send newsletters, sales offers, and other messages to customers or potential customers. The development of web based mail in the late 1990s made it even easier to access emails from any internet-connected device.
Today, email is used widely by individuals and businesses alike as a primary means of communication both internally and externally.
Why is email deemed vulnerable to attack by hackers
Email security is deemed weak because it relies on individuals to create and use secure passwords, keep their computers free of malware, and practice safe email habits.
Additionally, the vast majority of email services do not provide encryption for emails in transit, making them vulnerable to interception.
Email accounts are also susceptible to hacking attempts from malicious actors who can gain access to personal information or account data.
Most consumer-grade email services lack robust measures for detecting phishing attacks or other forms of malicious communications. All of these factors contribute to why email security is weak.
Why is email so popular
Email is so widely used because it is fast, convenient, and cost-effective. It is also a universal communication tool that can be used to send messages to people around the world in seconds.
Additionally, emails are easily tracked and stored for future reference, making them an ideal tool for communication and collaboration between businesses and customers.
What are the immediate steps you should take if you your email account has been hacked
If your email account has been hacked, the first step is to change your email password immediately. This should be done through the official email website where you access your email account.
Make sure to choose a secure and unique password that is not easily guessed or found online. Don’t change the password to one you already use elsewhere, and ensure the password is strong.
Review activity on email account
Next, review the activity in your account and delete any suspicious messages that have been sent from it. If possible, you should also contact the people who have received any of these messages and inform them about the situation.
You should also contact your email provider as soon as possible for help to ensure that all necessary safety measures have been taken on their end too.
Additionally, consider adding two-factor authentication to your account if available, as this will add an extra layer of protection against future attacks.
Hackers and cybercriminals often create rules within a compromised email account to ensure they can continue to read emails even if the password has been changed by the owner.
Check email forwarding rules, these settings are often found in the ‘settings’ section of a web based email account.
You should remove all forwarding rules you did not setup, this should be completed once you have changed the password, ensuring you do not use the same password used across multiple accounts.
You should also check your email signature to ensure nothing unusual has been added. You should ensure your ‘reply to’ email address is actually your email address and not a bogus one.
Hackers and cybercriminals often create an email address here that looks similar to yours to trick your contact into replying to this bogus email account the hacker controls. it is important you understand you review your email account settings to ensure you are protected from another attack.
Assuming the hacker has had access to your email account for some time. What information could they extract. They may have communicated with your contacts and removed all evidence of this communication.
You should contact all the users within your contact list informing them your email has been hacked. You should start with the most important contacts such as the email you use for bank accounts, or financial institutions.
If there is any chance your compromised email account could be used to access your bank accounts then you should immediately contact your bank and inform them your email has been hacked. This includes if you use the same passwords or use your compromised email account to reset your bank password.
The protection of your bank account, online banking and associated account details should be your priority, ensuring any online security is updated and the bank is made aware of your situation. Often a cybercriminal’s primary focus is your online bank account, and any other online account associated with your finances.
Dependant on how your email account was compromised, it is possible your social media accounts are vulnerable to attack. Cybercriminals often use a hacked email account to attack other accounts that use similar passwords or leverage this compromised email account to reset passwords of other accounts. Hackers often use password reset emails to access other accounts. It is essential you do not use your email password on other online accounts.
It can be considered prudent to review or change all other accounts once you have secured your hacked account. This includes online shopping accounts such as Amazon or eBay.
An email account can be compromised due to the amount of information people disclose on a social media account. Poor passwords maybe based on sport teams, pets, children or grandchildren. This information along with potential dates can be derived from your social media account.
It is worth checking all the information you are freely disclosing on each social media account. You may be surprised how easy it is for someone to construct a password based on the data you are openly offering.
It is also important you contact your social media connections informing them that your email has been hacked, as this could disclose information relating to them or they may have been in contact with the hacker believing it was you,
It is possible your email account was compromised by malware that is resident on your computer. If your computer has a virus or malicious software that is able to detect or copy your keystrokes then any new password can be detected and used by the hackers.
Ensure the anti-virus software on your computer is up-to-date and running. It is not unusual for victims of cyber attacks to believe their computers are running anti-virus software but because they haven’t regularly checked, malware has attacked the anti-virus software and neutralised it. Even if your computer has anti-virus software but it hasn’t been updated in months it can be vulnerable to a cyber attack.
You should also regularly scan your computer for viruses and malware. This should be carried out on a weekly basis and your computer should definitely be scanned after your email has been compromised (after you have checked it is up-to-date and running).
You should also review your security software, this includes PC’s, laptops and Macs. Its a misconception that cyber security software is not required on Macs. Macs are just as susceptible to viruses and malware as Windows computers, so a good anti-virus solution should be loaded onto your Mac computer.
Everyone should deploy a good antivirus program on all your computers and smart devices.
Apart from installing effective security software it is very important you update or patch your computer with the latest operating system updates. Regularly patching your computer ensures that the latest security updates are installed, this will reduce the risk of malicious software, viruses and other threats from infecting your computer system.
Patching also ensures that any newly discovered software bugs or glitches in your computers operating system are resolved promptly, so that you can continue to get optimal performance from your device. By regularly checking for software patches and installing them as soon as they become available, you can help protect yourself from data loss or theft, as well as other potential problems caused by unpatched vulnerabilities on your computer.
The risk of identity theft
If your email has been compromised identity theft is a real possibility. To ensure you reduce the risk of becoming a victim of identity theft you should check your credit rating, this can be achieved through opening an account on a credit reference agency such as Experian or Equifax.
Apart from credit score reporting, credit reference agencies can alert you to any malicious activity especially an application for credit by a fraudster.
For details on what to do if you are a victim of identity theft check out my blog
Consider creating a new email address
If you have been hacked multiple times and your email service provider isn’t addressing the issue, then you may consider starting afresh with a new email address. Whilst this should be your last resort, if you do decide to create a new email address never delete your original email account.
As most email service providers recycle old email addresses, your old email could be used by an attacker, who could use the email address for a ‘forgot my password’ request attack. You may have forgotten about old accounts, allowing an attacker to impersonate you, or even facilitate identity theft.
Be wary of online security questions
When setting up online accounts many service providers including an email provider may ask security questions. The purpose of these security questions are to re-affirm your identity, or to regain access if you forget your password.
Below outlines some common used security questions:
In what city were you born?
What school did you attend?
What is the name of your first pet?
What is your mother’s maiden name?
What year was your father (or mother) born?
What was the name of your primary/elementary school?
What was the make of your first car?
What is your favourite holiday location
The problem with security questions and specifically the answers you provide is they can be discovered through your social media digital footprint. This can be a huge issue as thousands of online accounts use identical (or similar) security questions.
The variation from site-to-site is low, and questions for each user frequently, and inevitably, overlap across their many accounts. This standardization of security questions creates a substantial, but unnecessary risk.
The importance of adopting two-factor security
Two-factor security, also known as two-step verification or multi-factor authentication, is a system that requires two distinct methods of authentication to protect the user’s account.
Two-factor usually requires something the user knows (like a username or password) and something the user has (like a mobile device with an authentication code).
There are in fact five factors in multi-factor authentication:
1. Something you know (e.g. password, PIN, security questions)
2. Something you have (e.g. mobile device, authentication code generator)
3. Something you are (e.g. biometrics such as fingerprint or iris scan)
4. Where you are (e.g. Geolocation based on IP address or GPS data)
5. What you do (e.g. behaviour-based authentication such as mouse movement patterns and typing speed).
Multi-factor security makes it considerably more difficult for hackers to gain access to sensitive data or systems.
Once you have confirmed your email account has been hacked, it is imperative you take immediate action. You should make sure you change the password of the compromised account, using a strong password as outlined in my linked blog on creating good passwords. If you are able to use two-factor authentication, this will provide extra security that will make it harder for your account to be hacked in the future.
By following the steps outlined within this blog, and by following the steps in the articles I have linked to, you can minimise the impact of this security breach.
Even if your account has yet to be hacked, use this blog as a best practice guide to improve your security posture and reduce the risk of becoming a victim of cyber crime.
It is always good to reassess your security posture and adopt good cyber hygiene processes as this will significantly reduce the chances of becoming a victim of a cyber attack.
About the author
With more than 35 years’ experience in the IT industry, Jon has held a variety of senior IT positions since starting his career in mainframe computer systems in the 1980s.
Jon is a highly respected technical leader and security specialist, passionate about IT security he holds numerous globally recognised cyber security certifications including CISSP, CISM, C|CISO, CEH, CHFI and MBCI. In 2016 he returned to academia and obtained a Masters Degree (Distinction) in Cyber Security.
Jon is an experienced Information Security professional with a proven ability to independently master complex products and technologies. He is a regular speaker at global cyber security events, working with a plethora of cyber security visionaries.