
What to Do if Your Email Is Hacked
Quick Answer
If your email gets hacked, you should act quickly to secure your account, update your password, scan for malware or viruses and check your accounts for signs of fraud. You should also implement stronger security practices to prevent future hacking.

If your email has been hacked, it's important to act immediately to change your password, secure your account and scan computers and devices for malware or viruses. Hackers who access your email can steal your data, your money or even your identity, but there are things you can do to recover from hacking and help prevent it from happening in the future.
How Do I Know if My Email Has Been Hacked?
Here are some common warning signs that your email has been hacked.
- You can't log in to your account. Hackers may change your password to lock you out while they misuse your data.
- You receive a security alert. Alerts of attempted logins from unfamiliar devices or locations can signal a hacker trying to access your account.
- Your account settings have changed. A hacker may change the settings for your account so you can't log in or don't receive notifications of their activity.
- Emails are missing, or you're receiving unexpected emails. Hackers may use your email for fraudulent purposes or delete emails to hide their activity.
- You're getting password reset emails. Reset emails you didn't request can signal the hackers are trying to access your other accounts and change the passwords.
What to Do if Your Email Is Hacked
If you suspect your email has been hacked, it's important to act quickly. Follow these steps.
1. Recover Your Account and Change the Password
If you can't log in to your account, you may need to use the email provider's recovery process to access your account and update the password. Also change any security questions associated with the account. If you reused the same password or a similar password for any other accounts, change those passwords too.
2. Enable Multifactor Authentication
Multifactor authentication (MFA) requires additional authentication on top of your username and password. For instance, you may need to enter a confirmation code you receive by text or email, answer security questions, respond to push notifications or scan your face or fingerprint to log in to your account. Enabling MFA can help protect your account even if hackers get access to your username and password.
3. Check Your Account Settings
Check your email account settings and recovery information to see if they've been tampered with. Recovery information is used to help you get back into your account, so it's important to make sure the email and phone number listed are yours, not the hacker's.
4. Scan Your Devices and Strengthen Security
Use antivirus software to run a scan for viruses and malware. If you don't already have antivirus software installed, there are both free and paid versions to choose from. Make sure the operating systems and software on your computer and devices are up to date; adjust your settings to allow automatic updates going forward.
5. Review Other Accounts
Check your bank accounts, other financial accounts and social media accounts—basically, any account that's linked to your email address—for suspicious activity. Hackers may try to use your email information to access them. Update passwords and enable multifactor authentication on these accounts too.
6. Check Your Credit Report
You can get copies of your credit reports from all three credit bureaus (Experian, TransUnion and Equifax) for free once a week at AnnualCreditReport.com; you can also get your Experian credit report for free anytime. Review them carefully; unfamiliar credit inquiries or new accounts you don't recognize could be a sign of fraud.
Learn more: How to Check for Identity Theft
How to Create a Strong Password
A password that's tough to crack is the first step in defending your information online. Try these tips to create secure passwords.
- The longer the password is, the better. Long passwords are harder for hackers to decode. Go beyond the minimum password length the online account requires.
- Don't reuse passwords. Using the same password for multiple accounts is risky; a hacker who gets hold of one password may use it to access your other accounts.
- Mix it up. Passwords that are solely letters or numbers are easier to figure out. For greater security, use a mix of lowercase and capital letters, numbers and symbols.
- Avoid common words and patterns. Steer clear of easily guessable passwords like "password" or "12345678." Avoid using the same pattern in multiple passwords, such as "SITENAME4321#".
- Don't use publicly available data. Information like your former addresses, your mother's maiden name or your birthday are easy for hackers to find online.
For greater security, it's typically advised to change your passwords every 90 days.
Tip: Passkeys can be a faster, safer way than passwords to log in to online accounts. You create passkeys with a device or a password manager and use them to log in with a PIN, fingerprint scan or face scan. Neither you nor the website you're logging in to knows your passkey, so hackers can't steal it.
How to Keep Your Passwords and Accounts Safe in the Future
Help prevent email hacks in the future by taking these steps to keep your accounts and passwords secure.
- Use a password manager. A password manager such as 1Password, Bitwarden, Dashlane or Keeper can create, encrypt, store and autofill secure passwords for you. (They can also create passkeys.) Simply remember one master password to access them all.
- Set up account alerts. You can typically configure your bank account and other financial accounts to alert you via text, email or push notification of things that could indicate fraud, such as large transactions, ATM withdrawals or a low balance.
- Think before you click. Be cautious about clicking on links or attachments, especially those from unfamiliar sources. Hovering over or clicking on an email sender's name will typically reveal their address so you can see whether it's suspicious.
- Delete unused accounts. Online accounts you no longer use may contain sensitive data such as credit card numbers that could be vulnerable to hackers. Visit the website or platform to remove your account; just deleting the app from your phone isn't enough.
- Educate children and grandparents. Teach children and seniors about the latest scams to watch for and how to protect themselves. Help them implement security features such as antivirus software and automatic updates on their computers and devices. For extra protection, you have the right to place a security freeze on your children's credit reports, and your parents have the right to freeze theirs.
Learn more: How to Freeze Your Credit at All 3 Credit Bureaus
Watch Out for These Common Email Hacking Scams
Phishing is a tactic where scammers use fake emails, texts or phone calls to try to get you to click on a malicious link, download malware or share sensitive data they can sell on the dark web or use to commit fraud. Here are common email hacking scams to watch for:
- Spear phishing targets one person or group in an organization. For example, a company's bookkeeper may get an email that looks like it's from a bank.
- Email spoofing occurs when the email appears to come from a known source, such as your boss or a website you've ordered from.
- Quishing uses QR codes that take you to a malicious website.
- Smishing and vishing use text messaging and phone calls, respectively, and may be used in combination with scam emails.
Phishing can be hard to spot, but common warning signs include:
- Attempts to make you panic, such as claiming the IRS will garnish your wages if you don't act immediately
- Promises that seem too good to be true, such as a free iPad for completing a survey
- Asking you to log in to your account or share sensitive information
- Spelling or grammar errors
- An email address that sounds unprofessional or doesn't match the sender, such as an email from your bank sent from a Hotmail address
Taking time to think before you act can help you avoid phishing scams. Instead of clicking on links in an email or text, navigate to the business's website yourself and contact them to confirm the request is legitimate.
Learn more: What Is Phishing?
The Bottom Line
Having your email hacked can be stressful, but you can minimize the risk by taking steps to secure your accounts. If you've been hacked or involved in a data breach, consider getting a one-time free dark web scan through Experian. A dark web scan can reveal whether criminals are selling your personal information online.
There are plenty of ways to be proactive in protecting yourself and your family from identity theft. Free credit monitoring from Experian sends you alerts of important changes and suspicious activity on your Experian credit report that could signal fraud. Experian's paid premium memberships offer identity theft protections for you and your family, including fraud resolution support services and identity theft insurance.
Monitor your credit for free
Credit monitoring can help you detect possible identity fraud, and can prevent surprises when you apply for credit. Get daily notifications when changes are detected.
Get free monitoringAbout the author
Karen Axelton specializes in writing about business and entrepreneurship. She has created content for companies including American Express, Bank of America, MetLife, Amazon, Cox Media, Intel, Intuit, Microsoft and Xerox.
Read more from Karen