What to Do If Your Email Is Hacked: Checklist

- Published: - 7 minutes read

Have you just realized that your email has been hacked?

First, take a deep breath – because panicking will not help at all, taking quick actions on the other hand is exactly what we will be doing right now.

We know how stressful it can be to discover that someone else has access to your private messages, contacts, and potentially sensitive data. The good news? You can probably regain control.

Follow this step-by-step checklist to secure your account and protect yourself from further damage. If you are unsure about whether you got hacked, we will discuss that after we go through this time-sensitive to-do list.

Immediate Steps to Secure Your Email

Hackers rely on specific lapses in security and delays on your part, so the faster you secure your account, the less damage they can do. Our first aim will be to lock them out of your account, this way they will no longer have access to your data.

How to secure your email

Change Your Password Immediately

If you can still access your account, change your password right away. Use a strong, unique password with a mix of letters, numbers, and symbols. On the other hand, if you have been locked out of your account, your only option is to depend on the account recovery options provided by your email service.

Do you use the same password for multiple services? You should immediately change it with those other services as well to avoid additional breaches.

Enable Two-Factor Authentication (2FA)

2FA adds an extra layer of security by requiring a second verification-step on top of your password, this can be a code sent to your phone, making it much harder for hackers to gain access, even if they have your password.

As soon as you regain access to your account, set up 2FA and reset all active sessions linked to the account. With a Google account, you can review the devices that are logged into your account on the Google’s Device Activity page.

Review who can Access to Your Account

Check your email settings for unfamiliar devices, third-party apps, or forwarding rules which you do not remember setting up. You should also remove any suspicious access to ensure your account stays in your control.

Here is a quick checklist to go through for Gmail, other email service providers also have similar features you should go through.

  • Make sure you recognize all devices on the Device Activity page.
  • Review the third-party apps connected to your account and their permission levels.
  • Ensure that forwarding rules have not been set up to forward all your emails to the hacker.
  • Most hackers are clumsy and do not clean up after themselves, check the trash folder and the sent emails folder to double-check recent activity.

Update Your Account Recovery Options

Make sure your account recovery phone number and backup email are up to date. If a hacker changed them, update them immediately so you do not get locked out permanently.

These are the first settings that a hacker would change after gaining access to your account.

Scan Your Devices for Malware

Something had to happen for the hacker to gain access to your account, if you are sure that your password was unique and safe, then consider the fact that hackers often gain access through malware or keyloggers.

Run a full scan using a trusted antivirus program (such as Malware Bytes) to remove any malicious software that could be stealing your information.

Alert Your Contacts about the Hack

It is common for hackers to reach out to a victim’s contacts with malicious links and attachments, you should immediately let your friends, family, and coworkers know and warn them not to click on suspicious links or respond to strange messages from your address.

Signs Your Email Might Be Hacked

Your email is the key to many aspects of your digital life, it connects you to essential accounts such as banking, social media, and online shopping sites. But if someone gains access to it, they can reset passwords for all these other services, steal sensitive information, or even impersonate you to scam others.

If you notice any of these warning signs, act fast:

  • Unexpected Password Changes: If you cannot log in, or you receive a notification about a password reset which you obviously did not request.
  • Suspicious Emails: Your contacts report receiving strange messages from you that you never sent.
  • Unrecognized Login Attempts: You receive alerts about sign-ins from unfamiliar locations or devices.
  • Strange Account Activity: Emails are marked as read when you have not opened them, messages are missing, you receive notifications about an email on your phone, but it is gone by the time you check for it.

The sooner you secure your account, the better your chances of preventing further damage.

Preventing Future Hacks

We hope that you have regained access to your email account by now, but even if you have not – it is time to sharpen up your security skills so you can prevent it from happening ever again. Hackers are always looking for new ways to break into accounts, but with a few smart habits, you can keep your email safe.

Use Strong, Unique Passwords for All Accounts

Never reuse passwords across multiple websites or services. If a hacker gets access to one account, they will try the same password everywhere else. Each password should be long and unique to reduce the risk.

Most modern browsers come pre-equipped with a password manager and password generator, use them!

Use Two Factor Authentication

Imagine going through a ton of trouble trying to steal someone’s password but still being unable to log in because the would-be victim had 2FA enabled on their account.

Two Factor Authentication is not fool proof, but it does make your account incredibly difficult to break into without having physical access to your authenticating device, which is usually a phone.

Regularly Monitor Account Activity and Security Settings

Check your email’s login history and security alerts for any unusual activity. Regularly reviewing your account settings ensures no one has made unauthorized changes.

Plenty of victims tend to hand over their login details to a hacker through fake emails, websites that look like the real deal, or through good-old social engineering.

You should avoid clicking on suspicious links, and always verify the sender before opening attachments, keep in mind that more sophisticated hackers can even fake the sender email address. If you receive an email asking you to log in somewhere, it is best to ignore all links in that email and manually visit the website requesting a login.

To wrap up

While discovering you’ve been hacked can feel overwhelming, remember that taking swift, simple steps—like changing your password, enabling 2FA, and reviewing your account activity—can help you regain control and secure your account. Stay calm, be proactive, and know that every action you take strengthens your digital safety. You’ve got this!

</div>

This guide was written by Guy Bou Samra, content editor at Mailmeteor. Mailmeteor is a simple & privacy-focused emailing software. Trusted by millions of users worldwide, it is often considered as the best tool to send newsletters with Gmail. Give us a try and let us know what you think!

Published in:

One giant leap for your inbox

Sign up for tips and industry insights to level up your emailing skills.

Explore more from Mailmeteor

Articles, examples, tutorials, and inspiration from our emailing experts.

Show more posts