Wizer Free Security Awareness Blog

Email Hacked?! What To Do Next

Written by Ayelet HaShachar Penrod | Jun 5, 2023 10:12:46 AM

Email is one gateway into our digital lives and as such requires extra diligence to protect. Add to that the fact it's also used for password resets and a primary channel for business transactions means it's also a primary target for cyber criminals. But what do you do if your email has already been hacked? Can you do anything about it? The good news is, yes.



This quick guide will walk you through the steps to take after the discovery to lock down your account and ensure all backdoors into the account have been properly secured. As we mentioned in our guide on what to do if your social media is hacked, taking action as soon as you discover your account is compromised can minimize any damage that may result in a criminal having access to your email. You can download this guide below as a PDF to share with friends and family who may need it.

1 - Change Password immediately

Of course, the first thing you want to do is update your email password to something that is strong and unique - it's like changing the locks on your door if you discover someone else got a copy of your key without permission. While it's super common to use the same password for many accounts for quick access, consider that's also a common way for accounts to get hacked as criminals know this tendency and use it against the unsuspecting. 

Be sure to update your password to something that is new and unique and that you do not use for any other accounts. Get more quick and easy tips to create a long and unique password that doesn't have to be impossible to remember here.

Also, a password manager is a great way to help you manage and use unique passwords across accounts without having to remember them all.


2 - Turn ON MFA/2FA

Next you'll want to turn on multi-factor (aka 2-factor) authentication. This is like adding a deadbolt to the door on top of having a key lock in the knob. It requires a separate way to be unlocked and helps accounts verify that you are the account owner before entry is granted. You can find this setting under 'Security' or 'Privacy'. 

There are a few ways to verify using MFA, for most individuals using an authenticator app like Google or Microsoft Authenticator or Authy is sufficient. For accounts requiring a higher level of security, you may want to consider a Ubikey. Learn more about MFA and get quick links on where to turn it on for 16 of the most common apps here

 


3 - Look for activity you don't recognize

Once you've updated your password and turned on MFA, now's the time to activate your super spy skills and do a little investigating inside your own account. First, check the 'Sent' and 'Trash' folders to make sure there are not any messages that were sent that you didn't write. Follow up those messages with a phone call to the recipient to let them know to not click anything and delete the message.

Next, you'll want to go to your email settings and look under the 'Forwarding' feature - look for any new rules set up to forward emails to a secondary email that you didn't create. Cybercriminals like to do this so that even if they lose access to enter directly, the auto-forward still gives them access to your email conversations to monitor your account and engage with any email threads that they want to exploit while staying under the radar - but not for you because you know where to look! 



4 - And look a bit more...

Now look at your Account Settings and see if the criminal hacker added their email or phone number as a backup option - these are usually used to access your account when your primary is unavailable for some reason. It's a handy feature to have but it also can become a vulnerability so be sure to ensure everything's copacetic. Also, check to see if a secondary 2FA device was added and remove anything you don't recognize. These settings will most likely be under 'Security' or 'Privacy' for your main account setting.

Google - myaccount.google.com/security
Outlook- account.live.com/activity

5 - MFA already enabled? Regenerate the backup codes

If you already had MFA enabled and your account was hacked, then it's a must to go to the MFA settings and void any previous Backup codes and generate new ones. This prevents the hacker from using the old codes to access the account even when you have MFA turned on. Access it under Settings > Security > Backup Codes > Regenerate

Generating Backup Codes on a Google Account

Important note: MFA is a great way to upgrade your security, but it's not 100% unhackable (Protip, nothing is). There are ways it can be gotten around, typically through criminals tricking you into giving over the code or approving access through some fake cover story. Check out one instance of how criminals can literally annoy you into approving access via MFA if you're unaware of the scam.

6 - Force Log Out Of All Active Sessions

Still proactively on the defense, go into your security setting and do a manual log-out from all other active sessions on other devices. If you don't do this then the criminal hackers may still be logged in with their previous access and would continue to have access until they were forced out. Get ahead of this by manually logging out of all other devices. As you've already updated both your password and MFA backup codes, they will no longer have that backdoor to get back in.

7 - Change Passwords & Turn on MFA for Other Connected Accounts

Most of us don't use email in a vacuum. Usually, we have other accounts that rely on our email either as part of our login credentials for other accounts or as a backup email in case we need to recover an account. Criminals know this and they try to see where else they can sneak into with the email access they stole. You've done all the above steps to lock down your email account but now you should take the time to map out any other accounts (social media, banking, etc) that may be at risk. Go ahead and change the password and turn on MFA for those accounts as well.

8 - Notify Friends, Family, & Work

Alerting your contacts - especially those in your email address book - is important to help them be wary of any communications that may have been done by the criminals who hacked your account. This can help protect them from also being victims of cybercrime. Even if the email was your personal account, it is a good idea to notify HR and your Security team so they can also be on alert for any suspicious emails posing as you in an attempt to hack into the business systems.

 

Whew! You're done. We know it was a lot of steps to go through but once you have you'll feel more in control of your email security after a hack occurs.

But you don't have to wait to be hacked to do regular scans on the security steps listed here to catch any suspicious activity as early as possible. You can also register to be alerted if your email is involved in any known data leaks through haveibeenpwned.com or see if your password manager offers dark web monitoring as part of its offering.

Online safety is about staying educated on current scams and creating good online habits. If you're not sure where to start, check out our free guides (no account needed): 

Wizer's Citizen's Online Safety Portal

Wizer's Family Online Safety Tips

Social Media Hacked?! Now What Do I Do?