Email Hacked! 6 Things to Do When It Happens to You

Metal sign reading 'Hacker'

In a world where just about everything we do is attached to email in some way, one of the scariest things that can happen is to get your email account hacked.

There are many ways it can happen. You might fall for a phishing scam where you enter your login information into a honeypot, basically sending your information neatly tied in a bow to the hacker. Or there’s the personal type of hacking where someone guesses your password or your security question answers.

However it happens, there are some very important steps that need to be taken as soon as you figure out what happened. Here are six things you should do immediately to help limit the collateral damage.

1. Change Your Password

Gmail Change Password box
First things first – change your password. It doesn’t matter how the hacker got into your account, because once they’re in, all bets are off.

Make your password something secure yet memorable and make sure you use a different password for each site.

SEE ALSO: How to Sync Google Contacts with the iPhone

2. Update Your Security Questions

Most sites ask you to fill out a few security questions to help in password recovery. If your account was compromised, these may have been the method. After you change your password, the next step is changing these questions and answers.

A good practice with recovery questions is to completely lie in your answers, but in a way that you remember.

For example, if the question is “What was the first car you owned?” you could make the answer your favorite car or truck from the movies, or even spell the word backwards. This way, even if someone knows what your first car was, they won’t be able to guess it again.

3. Update Passwords for Other Sites

Any sites for which you may have used the same password should be updated as well. You should never reuse passwords on multiple sites, since once your password is discovered a hacker can use it over and over again.

Also, the password for any site that you have linked to the hacked email account should be reset.

In other words, if your Facebook account uses the email address that got hacked, you need to update the password there as well, even if it’s different from your email password. These sites allow for the resetting of passwords via email, so it’s possible that other sites may be compromised without your knowing it.

Duplicate contacts killing your productivity? See how Scrubly can help in this 100-second video.

4. Give Your Account a Once-Over

With services like Gmail giving you nearly unlimited space for saving old emails, it’s a good idea to look through your archived emails for login information or other personal data that might be in there. Assume that the hacker has looked at everything in your account, so things like account numbers, PIN numbers, and any other personal data are most likely also compromised.

Closeup of messages in Gmail inbox

Also, look at sent and archived messages for any activity from the intruder. Look at the trash to see if they forgot to empty it after removing items. This will show you if they reset other site passwords or sent themselves any information.

Finally, look at your email settings to make sure the intruder didn’t do anything like add a forwarding email address or a rule that sends any emails with login information to him. These could go unnoticed for a long time if you don’t find them immediately.

RELATED: Protect Your Privacy With These Password Management Tools

5. Scan Your Computer

One way an intruder might get your login information is via a virus or Trojan software on your computer. If your account has been compromised, you should immediately scan your system for anything that might be hiding.

Home page for Avast antivirus software for Mac

There are some great free software products out there (such as Avast! for the Mac) that can get you cleaned up in no time. Even if you don’t think the intrusion came from a virus, it’s a good excuse to do a scan (especially if you haven’t done one in a while).

6. Tell Your Friends

This is the most painful part of the process.

You need to contact everyone in your contact list. Let them know your account was compromised and that if they clicked on any links from you in the past week or two they need to follow the steps above as well, since their accounts may very well be compromised, too.


Getting your email hacked is nothing to be ashamed of. The tactics for getting into email accounts have become so advanced that it’s often nearly impossible to guard against them until it’s too late.

If you’ve been hacked in the past and didn’t do all the steps above, now’s the perfect time to do them and make sure your information is as safe and secure as possible.

Scrubly sign-up.