You might think that an information technology network professional with decades of experience overseeing corporate email systems would be immune from an email hack, but you’d be wrong.
“I have had personal data stolen,” said Michael Jacobi, a network computing industry veteran with more than 25 years’ worth of cybersecurity experience. “And I learned the hard way that there are a few invaluable tips when you are protecting from or dealing with a data breach.”
As large-scale data breaches become more common, the potential for hacked email accounts rises too, experts say.
What is email hacking?
An email hack occurs when someone gains unauthorized access to your email account. The hacker doesn’t want to read the jokes you send your friends or look at the pictures you saved. Instead, the hacker wants to get a foothold in your personal life, and from a digital perspective, that life begins with your email account. If you store anything sensitive in your email—such as tax returns or pay stubs—you’re putting yourself at risk for identity theft or worse.
Consider, for example, the number of times you use your email address as a login at your favorite e-commerce websites. When you need to update your password, chances are you’ll get a link sent to you through email. You may even have your passwords stored in your email account. The bottom line is that online fraudsters find your email credentials incredibly valuable tools for stealing cash..
The statistics are too big to ignore: 60% of all malicious domains—websites known to carry malware—use email spam campaigns to carry out attacks, which can spread across the globe. In 2016, just one Yahoo cyberattack compromised 3 billion email accounts.
How do I know if my email has been hacked?
Usually, you lose access to your email account, according to Jacobi, because the hacker changed your password. But don’t let that fool you, because hackers often take a wait-and-see approach, using time to gather sensitive data and exploit your accounts, contact list and more.
“Check your ‘sent’ file regularly to look for strange messages,” Jacobi said. “Most ‘spoofed’ emails that your friends receive from you wouldn’t show up unless it was sent from your actual email account,” he added.
Other ways you can tell if you’ve been hacked include:
- Your sent folder is empty when you know you’ve been actively using your email account.
- Your friends or family members ask you about an email you didn’t send.
- You find unfamiliar posts on your social media pages.
- You can’t access online accounts that once used your email as the login.
What to do if your email is hacked
Here are your next steps if you discover a hacker gained access to your email account:
- Run your antivirus program. Malware can do things like record keystrokes and take screenshots, which puts your identity and finances at risk. Don’t forget to scan your smartphone and tablets, too.
- Change your passwords and make sure they’re at least 10 characters long. “Complexity is always more secure than changing [the password] a lot because that leads people to use patterns or easily guessable passwords,” Jacobi said.
- Tell your friends and family you were hacked. People are more likely to open an email from someone they know. If they open spam from your account, they could accidentally download malware onto their own devices.
- Consider freezing your credit report. A September 2018 law provides new credit report protections for American consumers at no cost. If you believe your hacked email account could lead to identity theft, putting a freeze on your credit report will prevent a criminal from impersonating you on loan applications.
- Report the hack to your email provider. This may help your provider track the scam artist.
- Consider changing your email address. If your email has been hacked more than once, consider biting the bullet and opening a new account.
How to prevent email hacks
You probably don’t want to repeat the experience of cleaning up after an email hack. The good news is that there are steps you can take to prevent it from happening again:
- Create complex passwords. Password generators and mnemonic devices effectively create strong passwords.
- Always install security updates promptly, and scan your devices regularly. Security patches and antivirus scans can eliminate malware threats and prevent identity theft.
- Always use data or a VPN when connecting to the internet in public. “Even with your cell, you’ll want to limit sensitive data usage,” Jacobi advises.
- Check suspicious communications. A reverse phone and email lookup service can help you identify if someone actually is who they claim to be.
An email hack can happen to anyone. Paying close attention to your digital life can help detect and correct a hack before any serious damage is done.