Four Things You Should Do When Your Email Gets Hacked

If a friend tells you that you’ve been sending them strange emails or spamming their social media pages with posts that you aren’t likely to send, you’re probably already aware what happened: your email account has been hacked. A hacked email account could lead to more serious problems, such as identity theft and other security and privacy intrusions, which could affect your finances and reputation. But before (or after) you panic, calm down, pull yourself together, and follow these simple steps:

1. Change your password

Hackers won’t always change your account passwords. This means you still have access to your account, and you can prevent further or future attacks from happening. To change your password, simply use the “Forgot Password” link at your login page. Do this for all your accounts across all your devices.            

What you need to remember:

  • Use long, unique, and complex passwords or passphrases for different accounts. Password managers can help create and manage multiple password accounts.
  • Enable 2-step verification. The extra step would require a code sent to your phone to log into an account or whenever account settings are changed. Unless the hacker has your device, you alone can access the code. 

[READ: InfoSec Guide: Mitigating Email Threats]

2. Check your settings

Scan your account settings and check if anything was changed. Hackers could have your emails forwarded to them, which could allow them to receive login information and obtain your contacts’ email addresses. If you use an email signature, check for any dubious changes that might have been made.

What you need to remember:

  • Send an alert message to your contacts informing them that your email has been hacked and to ignore any suspicious message or post coming from you, or bearing your name, until you let them know that you have resolved the issue.  Warn them about clicking on sent links as well.
[READ: Rising Above Spam and Other Threats via Machine Learning]

3. Scan your computer and other devices for malware

Regularly run a malware scan. When your account gets hacked, immediately check for malware, or remnants of malware that might be active in your computer.

What you need to remember:

  • If your scans detected malware, change your password again and re-check your settings. Changing your passwords without cleaning your system might not lock hackers out of your accounts if you have malware sending them your new keys.
[READ: Delving Into the World of Business Email Compromise (BEC)]

4. Implement preventive measures

Prevent hackers from breaking into your accounts again. You can start by avoiding suspicious phishing emails, or links and attachments found in them. This goes for social networks as well. Clicking on dubious links or posts can ultimately lead to the phishing pages or the download of information-stealing malware.

What you need to remember:

  • Use secure and private networks. This can help prevent hackers from getting into your network.
  • Limit your exposure on social networks and the amount of information you show the public. Hackers and identity thieves are quick to gather personal information on social media so be careful and keep personal details private.
  • Bookmark trusted websites, including online shopping sites you frequently use. This will prevent you from accidentally landing on the wrong website where hackers could slip malicious code or phishing links.
[READ: Outsmarting Email Hackers With AI and Machine Learning]

Employing security products that utilize machine learning and artificial intelligence can better protect users from email hacks and other cyberattacks such as business email compromise (BEC), which caused total global losses of $12.5 billion this year. 

Security solutions that apply AI and ML technologies – such as Trend Micro’s Writing Style DNA, which can learn a user’s writing style based on past emails to thwart suspected forgeries – can help keep email scammers at bay.

To protect against spam and email threats, enterprises can take advantage of Trend Micro™ endpoint solutions such as Trend Micro Smart Protection Suites and Worry-Free™ Business Security. Both solutions detect malicious files and spam, and block all related malicious URLs. Trend Micro Deep Discovery™ has a layer for email inspection that can protect enterprises by detecting malicious attachments and URLs. Deep Discovery can detect remote scripts even if they are not being downloaded on the physical endpoint.

Trend Micro™ Hosted Email Security is a no-maintenance cloud solution that delivers continuously updated protection to stop spam, malware, spear phishing, ransomware, and advanced targeted attacks before they reach the network.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.