Steps to Take When Your Email Account Has Been Compromised

From bank fraud to identity theft and, of course, losing your confidential information or personal data from your work – it's a huge gamble. If you think (or suspect) your email has been hacked, you need to take immediate action.

Update Your Password Instantly

The initial step – and the most pressing – is changing your account password. If you catch it early enough and still have access, do so right away.

Use a strong password with both uppercase and lowercase letters, numbers, and symbols. Also, avoid using predictable words and events, such as birthdates, given names, or similar.

Check Security Settings

Once you've regained access to your account, ensure you verify your settings for any unauthorized modifications:

• Forwarding Addresses: Check for any unknown forwarding addresses.
• Connected Devices: Review active sessions and end any you're not familiar with.
• Security Questions and Recovery Methods: Update security questions that may have been compromised.
• Connected Apps: Disconnect access from apps you're not familiar with or use.

Search for Suspicious Activity

Check your sent email folder and your trash for signs that your email was hacked, such as messages you didn’t send. Attackers have a tendency to use your account to send you spam or phishing attempts to your entire contact list. If you realize messages that you did not send, do not hesitate to advise your contacts to avoid being a victim of potential fraud.

Update Other Accounts to Strengthen Your Email Protection

If you normally use this password for other websites or services, update it immediately. Hackers often attempt to steal credentials across other platforms in the hopes that you've reused the same password (you'd be amazed how many do!).

What Should I Do if My Personal Email Account Has Been Hacked?

After the above, as far as your personal account is concerned, you should step it up a level by doing the following steps:

1. Alert Your Contacts

This will minimize the likelihood of hackers successfully scamming them in your name.

2.  Inspect Your Bank Accounts

Check both current and recent transactions in your bank, your credit cards, and even in the accounts linked to the hacked email.

3. Inspect Data Breach Sites

Use internet resources to determine if any of your accounts or passwords have been stolen in a breach.

Work Email Hacked? Follow These Email Protection Steps

If the compromised email is one you access as a corporate employee, other than the above, you must follow a stricter process:

1. Notify the Organization's Security Team (IT or CISO)

They will be able to investigate the incident thoroughly. They can also block and detect lateral movement on the network, as well as other compromised accounts.

2. Change Passwords Associated with Corporate Systems

If you have used corporate systems through the compromised account, change them as soon as possible and follow directions from the security team.

3. Do Not Conceal Information About the Incident

It's natural to feel a sense of shame or guilt when confessing that you have been the target of a hack, which happens to many people, but know that concealing information or details only puts the organization at even more risk. Honesty is the best policy!

4. Follow the Company's Incident Recovery Procedure

Most businesses have a recovery process for cybersecurity attacks. These usually include audits, log analysis, traffic analysis, and, in certain cases, formal notification to clients and partners if sensitive data has been compromised.

Email Protection: The Key to Avoiding Future Attacks

Image by Werner Moser from Pixabay

No email system can be considered attack-proof, but good practices will help you reduce the risk of being hacked. Some basic recommendations are:

• Don't Share Passwords: Never use the same password across different platforms or services (password managers are great to help you with this).
• Enable Two-Factor Authentication (2FA): With 2FA, even if someone knows your password, they won’t be able to access your account because they’ll also need the verification code — an essential layer of email protection.
• Do Not Click on Unusual Links: Phishing is the most widely used technique to hijack credentials. Therefore, do not be lured by emails that ask you to share personal information.
• Keep Your System and Software Up to Date: Operating system, browser, and antivirus software updates tend to repair vulnerabilities that cybercriminals might otherwise exploit.

Use a VPN to Strengthen Email Protection

If you want to maintain peace of mind when accessing your mail, especially on untrusted networks, consider using a VPN (Virtual Private Network) for added security. Most companies – especially companies with remote workers already use VPNs as part of their broader email protection strategy.

With a VPN, you can encrypt all the data on your devices, so that third parties cannot intercept personal information or passwords. 

How to use a VPN is straightforward: simply download the app from a trusted provider, register, and activate it using your email. This way, your connection will remain private and secure in environments where you don't control the network.

When your email is hacked, it’s not only a problem for the affected computer, but a full security breach, and the personal and professional costs are very heavy. Early detection and rectifying the measures is important in order to limit the damage. 

It does not matter if it is a personal or professional account; you should never underestimate a hack. Being a responsible citizen, keeping calm, and following strong email protection measures will be the best solution to such an eventuality!