5 clues that your email has been hacked

November 27, 2022

By Kim Komando

Scams are rising, and more people are falling for phishing attacks and email hacks than ever. Tap or click here for three immediate steps to take if you fell for a scam.

Just think about how often you open an email from someone you trust and click a link or download an attachment. Every one of those times is a chance for an enterprising cybercriminal to fool you.

If you’re worried your email account may have already been compromised, here are five clues to check for. Plus, we’ll show you four steps to protect yourself.

1. Did you send these?

If you’re worried your account has been hijacked, check your Sent and Drafts folders for emails you didn’t write.

Using email accounts owned by real people bolsters a phishing campaign’s credibility. When your email gets hijacked by a hacker or malware, they’re often added to an arsenal of compromised accounts that further spread phishing campaigns.

This is why you’ll sometimes receive shady emails from contacts you know. More likely than not, their account was cracked open and their email address is being used as a spambot.

When you’re looking through sent mail, check the recipients and when the emails were sent. If you don’t remember sending those communications, that’s a key sign your account has been compromised.

It’s also worth checking your Sent and Drafts folders for messages with attachments, a primary vector for phishing malware. If you don’t remember sending or composing emails with attachments, that’s as big of a red flag as you can find.

Your contacts may even reach out about receiving strange emails from you.

2. Did you change your passwords?

A compromised email account is a golden ticket for any aspiring hacker. Once they get inside, they can attempt to crack accounts associated with that email address. You need to make sure those passwords weren’t changed without your knowledge.

To do this, search your inbox and use terms like password reset, password verification or password changed successfully. Look carefully through the messages that appear, and make a note of their date and time.

If you see recent password changes for accounts you own, you’ll need to reset those passwords again on the other platforms before changing your email password. Without doing this, the hacker could perform another reset after you’re done. We’ll go over changing your password in greater detail below.

3. Did you read those emails?

Email accounts typically let you sort through messages by read or unread status.

But if a hacker gets into your email address, all bets are off. While rummaging through your emails for personal data, they will likely open and close your messages arbitrarily.

Read emails are usually presented in a standard, unbolded format, while unread messages are bolded. If you know your inbox was full of unopened messages now mysteriously marked as read, you may have a hacker on your hands.

Check through as many read messages as possible, and ensure they don’t contain personal data before taking additional steps like resetting passwords.

4. Did you trash these emails?

Not only do hackers rummage through your emails willy-nilly, but they’ll sometimes erase emails without thinking about the consequences. This means you could lose essential data that could clue you into what happened during the hack — including accounts they may have compromised. So much for destroying the evidence.

When checking emails for signs of a threat, look in the trash and scan carefully for signs of disarray. If you see an important email trashed that you wouldn’t have thrown away otherwise, your account may have been attacked.

5. Did you log in?

Most email services let you check login activity, including the IP addresses or locations used to access your account. Some even show the browsers or devices used.

To do this in Gmail, open your email account in a browser, then scroll to the bottom of your inbox. In the bottom right corner, you’ll see Last account activity, followed by a time. Click Details underneath to see a list of access types (browser, mobile, POP3, etc.), IP address and date and time.

If you see a location or device you don’t recognize, that’s cause for concern.

The next thing you’ll need to look for is login alerts for accounts associated with your email address. Many platforms will automatically send you an email when you log in from a different IP address than usual. This is designed to prevent fraud and alerts you of an unauthorized login.

Search for terms like login, logged in, or signed in from your inbox. Leave no stone unturned, and write down anything you find for later. You might need to reset your passwords again or lock them with a system like two-factor authentication. Keep reading for more on that.

Protecting yourself going forward

Now that you know what signs to look for, here’s what you need to do to take action against account intruders.

Set up two-factor authentication to protect yourself

Two-factor authentication, or 2FA, adds an extra layer of security to your email account. Once set up, you’ll get an alert whenever someone tries to log in from an unknown device.

To set up 2FA, you’ll need your smartphone on hand. When it’s set up, you’ll get a text message with a code to enter every time you log in. Without the code, you won’t be able to access your email. And if a hacker gains access to your account, they won’t be able to get into it without your phone physically in front of them.

Now, 2FA is not mandatory, but we can make the case it should be for email accounts due to the sensitive information they contain. Select your email service below for instructions on setting up two-factor authentication.

While you’re at it, you should also set up 2FA on any other online accounts you frequently use — including social media. You can’t be too careful. Tap or click here to see how to set up 2FA for Facebook, Twitter and Dropbox.

Verify your recovery email and phone number

This goes hand-in-hand with setting up 2FA, which requires your phone number to function.

You can set up a backup email to reset your password if you get locked out. We recommend keeping this email hidden from other platforms; don’t use it to sign up for accounts but keep it as your private backup. It’s not much of a security feature if your recovery email can be compromised, too.

You may have set up account recovery details when you first opened your email account or skipped out on this step. Select your email service below for instructions.

Change your password to something stronger

When it comes to cybersecurity mistakes, sharing your email password with other accounts is one of the worst. If a hacker gets access to your email password, it’ll be the first thing they try with other accounts you own. With phishing attacks on the rise, weak passwords aren’t going to cut it.

Here’s what you should do to make your password as secure as possible:

After you change your password, update your security questions, too. For more tips on creating better passwords, tap or click here to read our complete guide to secure passwords.

Keep an eye on your email address

HaveIBeenPwned monitors hacker sites and collects new data every five to 10 minutes about the latest data breaches and exposures. This includes your email address, usernames, passwords and other personal information.

Enter your email address, and HaveIBeenPwned will check to see if it’s been compromised in a data breach. If it has, you’ll see a list of sites that have exposed your data and what exactly was leaked.

You can click Notify me at the top of the page and HaveIBeenPwned will alert you if your email address appears in any list of hacked information going forward.

The bad news is that many people out there are looking to break into your accounts for their gain. The good news is that you can take effective steps to protect yourself. Take these steps to lock down your email account, and if nothing else, change your password.

Keep reading

5 subtle clues that email is really a clever phishing scam

Here’s what adding your number to the National Do Not Call Registry does

https://www.komando.com/tips/cybersecurity/clues-your-email-has-been-hacked/