Someone hacked into my email and took control. What should I do?

Someone hacked into my email and took control. What should I do?

It’s crucial to act fast and thoroughly when your email account has been compromised. A hacked email is more than just an inconvenience. It can lead to identity theft, financial fraud, and the misuse of your contacts. Here’s a step-by-step guide to help you regain control and protect yourself:

✅ 1. Try to Regain Access & Change Your Password

• Go to your provider’s recovery page and attempt to regain access:
  • Gmail: Google Account Recovery
  • Outlook/Hotmail: Microsoft Account Recovery
  • Yahoo: Yahoo Account Recovery
• Change your password immediately if you still have access.
  • Use a strong, unique password (12+ characters, mix of letters, numbers, symbols).
  • Sign out of all devices/sessions to kick out the hacker (most providers offer this option).

⚠️ Do not change your password before running a malware scan (next step). If malware is present, the attacker could steal your new credentials.

🛡️ 2. Scan Your Devices for Malware

• Update and run a full antivirus/anti-malware scan on your computer and any device used to access the email.
• Look out for keyloggers or Trojans which may have helped the attacker gain access.
• Delete any suspicious software found and restart your device.

🔒 3. Secure Your Email Settings

After regaining access, secure the account fully:

• Enable Two-Factor Authentication (2FA): This adds a critical layer of security.
• Check recovery options: Make sure your backup email and phone number are yours.
• Review and delete suspicious forwarding rules or filters: Hackers often use these to spy or redirect emails.
• Check “Sent,” “Trash,” and “Drafts” folders: Look for strange messages the hacker may have sent or prepared.
• Review connected devices/sessions and remove any unfamiliar ones.

📢 4. Alert Your Contacts

• Let your contacts know your account was compromised.
• Warn them not to click on any suspicious links or respond to strange messages sent from your email.

🌐 5. Secure Your Other Online Accounts

• Immediately change passwords for accounts that use the same or similar passwords.
• Prioritize accounts linked to your email: Social media, banking, cloud storage, shopping, etc.
• Use a password manager to generate and store strong, unique passwords going forward.

🧠 6. Be Vigilant and Learn from the Experience

• Be cautious with emails and links going forward. Hover over links to preview URLs before clicking.
• Never share your password—legitimate services will never ask for it.
• Report the incident to your provider to help them track abuse and support your recovery.
• Consider creating a new email for highly sensitive communications if your old account was deeply compromised.

📝 7. Document Everything

• Keep detailed records of:

• • • Dates and times you noticed suspicious activity.
    • What happened (e.g., strange emails sent, password change attempts, notifications).
    • Screenshots or logs of suspicious messages, settings, or login attempts.

• Steps you’ve taken to recover the account and secure it.

• This information can:

• • Help your email provider support team investigate.
  • Be useful if the attack escalates to identity theft or financial fraud.
  • Serve as evidence if you file a police report, FTC complaint, or notify your workplace.

🧑‍💻 Need Help?

If you’re struggling with recovery or suspect broader compromise, consider reaching out to a professional cybersecurity service like 911Cyber for dedicated help.