04 Jun What to do if your email is compromised
An email account can be compromised in a number of different ways. In some cases, your password may be weak and easily guessed or obtained through a public breach. In other cases, you may have clicked on a malicious link in an email, social networking site or webpage. Or, you may have downloaded an app or file that contained malicious scripts.
HOW TO TELL IF YOUR EMAIL ACCOUNT IS COMPROMISED
- Unable to access your email account? Often times if an attacker gained access to your email address and password, they may have logged in and changed the password to lock you out of the account.
- If your family, friend and coworkers receive emails from you that you didn’t write, your email account has been compromised. An attacker can use your email address to send spam or phishing emails to the contacts in your address book.
- You see activity on your social media accounts that you didn’t post. Some social media sites use single sign-on (SSO) with credentials from other accounts (e.g. Google, Yahoo) so you can login to social media without having to create a separate username and password. If your email account is linked to your social media accounts or if you use the same username and password for all your accounts, the attacker can gain access to everything with a single username and password.
- You notice your sent messages folder is empty or includes messages that you did not send.
WHAT TO DO IF YOUR EMAIL IS COMPROMISED
If you have noticed that your email account has been accessed by another user or an attacker, it has been compromised. Follow these steps on what to do if your email account has been compromised.
- Log into your email account and reset your password using a strong password.
- Use long passphrases to make passwords easier to remember and more secure.
- Do not use information about yourself, the city where you were born, your age or the names of relatives, friends or pets.
- Do not use common words such as the name of a favorite sports team.
- If you’re unable to login, contact your email provider to find out how you can regain access to your account.
- End or sign out of all sessions on all devices. Even after you change your password, if the attacker has an active session, they may be able to continue to send emails from your account.
- Reset any additional accounts that the attacker may have gained access to. These may include financial institutions, shopping sites and social media sites. There may be references to these accounts in your email. Remember to use unique passwords for each and every account. If not, if one account gets compromised, they all become compromised.
- Enable Multi-factor Authentication (MFA) on your email account. This provides an additional layer of protection to login to your email account. It requires a code from a text message, phone call or authenticator app to further verify access.
- Review and change your security questions. If your email account was compromised from a device or location not matching your normal usage, it’s possible a malicious individual was able to answer your security questions.
- Review your mailbox for any rules that you did not previously create. These rules may include message forwarding, deletion or running unwanted applications.
- Review outgoing messages and retract any malicious outgoing messages. In most cases, the attacker won’t leave traces of any outgoing message, but this should still be checked.
- Contact the people in your email address book and let them know that your email was compromised. Remind them to delete any messages from you during the time your account was compromised to prevent them from becoming the next victim.
- Verify if there was private or personally identifiable information in your email that could be used maliciously.
- Establish a routine where you change your password periodically. Consider changing your password on at least an annual basis (unless a breach requires it sooner).
- Scan your computer for viruses and malware. This is especially important if you’re experiencing problematic signs like unfamiliar applications loaded on your device, your computer operating slowly or problems shutting down.
To prevent an email account from being compromised in the future, it is important to make sure that your devices are patched with the latest updates, including antivirus. Set your security software, internet browser and operating system to update automatically. Or, establish a routine to do this manually on a frequent basis. Preventing an email account compromise is a constant effort. From using strong, unique passwords, verifying the sender’s address to watching out for unexpected emails containing links and/or attachments, it’s important to always think twice before making a decision to open an attachment or email. Stay vigilant and never provide your passwords to anyone or access your email from a public computer or using public Wi=Fi.
For additional information, please use the following resources:
- CISA: Choosing and Protecting Passwords
- CIS: Securing Login Credentials
- Stay Safe Online: Hacked Accounts
- FTC: Hacked Email