There are any number of signs that may give you a clue that your email has been hacked. And what do you do if it has? You may ponder that very question if you suspect that’s the case. Let’s go over a few indicators of a compromised email box and what you can do about it, if it happens to you.

Indicators

Suspicious login attempt notifications. This might be a familiar notification for you. It will happen if you login with a new phone or computer. It could also happen if you are in a different location depending on whether or not your device has been registered as a trusted device. 

Tip: If you’re receiving multiple notifications about suspicious login attempts on your email account, it could be that someone is attempting to gain access to your account or already has. It might also be a phishing scam, so DON'T CLICK on the email. Instead, login into your email account and change your password and enable Multi-Factor Authentication (MFA) is available.

Your personal data has been changed. Have you received an email from your email provider informing you that some of your personal data in your account has been changed? This may be a sign that it’s been compromised. If you haven't made any changes yourself, it’s worth taking a look to make sure no one else has either.

Tip:  Log into the account separately, rather than clicking on links you may receive in email or in a text. The message letting you know there were changes may actually be phishing rather than a message from your provider.

Spam emails were sent from your account. If contacts in your address book inform you that they have received spam emails from you, this should be a red flag. While there are other reasons your address may appear in the spam emails (spoofing your address, for example), it is also possible that someone is using your account to send spam emails.

Tip: To find out if it’s coming from your mailbox, log in and look at your sent messages. If there are a bunch that you didn’t send, someone has gotten into your account. If not, ask your contacts to hover over the sender’s address (or, on mobile devices, press and hold the sender with your finger). If there’s an email address other than yours, this is "spoofing." This means that the sender has used your name, but your mailbox has not been hacked. Unfortunately, other than putting your worries at ease, there isn’t anything else you can do other than letting your email administrator know.

Address book has been deleted. Sometimes, it’s possible that attackers are using what’s called the "grandparent scam." This is that infamous scam where someone calls pretending to be a grandchild, niece, nephew, child, friend, etc. stating they are in need of financial help and ask the victim to send money right away. They may claim they are in jail or need it for medical treatment, among many other excuses. After performing this scam, the attackers may delete the address book/contact list.

Tip: Any sense of urgency like “I’m in dire need to get out of jail,” or pay a bill or something bad will happen, should set off alarm bells. Contact who they claim to be separately and confirm it. Most of the time, you’ll find out that person is safe and just fine.

Your login failed several times. If you receive a security alert that there have been several failed login attempts to your email account, it may be cause for alarm. If these are not you, it may mean that something is wrong.

Tip: Log into your account separately and make sure your information is still valid. Consider changing your password and be sure to enable multifactor or two-factor authentication.

Email password changed. If you find that you cannot access your mailbox even after entering your password several times and you have not mistyped it, then someone may have taken over your email account.

Tip: If you cannot log in and request to change your password and are unsuccessful, you will need to contact your email provider.

Yes, someone did try to get into my account. Now what?

If you notice signs of unauthorized access, it is best to take the following steps immediately:
Change your password in the settings. Make sure you make it at least eight characters with a combination of letters, numbers, and special characters. Avoid using dictionary words, names, or personal information. Remember to also reset the password in your mobile device apps.

Run a virus scan on all devices. It is important that you run a full virus scan, not a "quick scan." You can find free and paid versions that are good, but you should have something installed on all devices to help catch these. If the virus scan reveals something, change the password again. Yes, it’s a little annoying, but if you don’t, the hacker will also have the password you just changed to.

Change your security question(s): If your email has security questions attached to it, the hackers also had access to those. Therefore, you should change those.

Notify your contacts that your email account has been hacked. Whoever got into your account had the opportunity to send infected emails to all your contacts in order to attract new victims. By letting them know right away, they can avoid falling victim to attacks.

Check your stored data and also your settings. Make sure your spam protection is still activated, if you can toggle it. Check your filter rules if you had any set up, and take a look at the storage period of your email folders. They may have been changed, so you’ll need to recheck them.

Potential reasons for a hacked mailbox

Weak passwords are the most common cause of an attack. If your passwords do not meet the minimum standard, you are making it relatively easy for criminals to gain control of your mailbox or other accounts.

Tip: Be sure to always use strong and unique passwords for every single online account.

Unfortunately, many people fall for phishing lures over and over. Often, it’s a result of stolen passwords and login data resulting from successful phishing excursions or a previous data breach.

Tip: Know the phishing lures such as blurred graphics and photos, typos, and links and attachments that are sent from unknown senders or that are not expected.