I have a fabulous friend named Rebecca.* Not only is she smart and clever but she is all class. I thought that I knew this friend particularly well, but when I started receiving emails from her regarding a certain male body part that could be enlarged and promised ‘staying power,’ I wondered if I needed to have a rethink! Fortunately, no rethink required.

Rebecca had not developed a new hobby. Instead, she was victimized by an email hacker. Poor Rebecca was devastated. She just couldn’t work out how this had happened to her. She had internet security software. She never shared passwords with anyone, and didn’t remember ever visiting any strange websites. What went wrong?

Well, unfortunately, hackers are a particularly clever species who have an array of ways of gleaning personal information from law-abiding citizens such as Rebecca. In this guide, we will discuss these email hacking methods, and the ways you can protect your email.

Hackers’ techniques to hijack your email account

  • Phishing and spear phishing attacks: Criminals send fake emails that look like they’re from legitimate services, asking you to click links or enter your login details on copycat websites.
  • Password reuse from data breaches: After a data breach, criminals test those stolen login combinations on multiple services. If you use the same password everywhere, one breach can compromise all your accounts.
  • Weak or common passwords: Hackers use automated tools to guess or crack your passwords. If you use simple passwords such as 123456 or personal information such as your pet’s name, you are giving them quick and easy access to your email account.
  • Malware and keyloggers: Malicious software can be secretly installed on your device and record everything you type, including your email passwords.
  • Unsafe public Wi-Fi: Free public Wi-Fi, such as those in coffee shops and airports, is a hunting ground for cybercriminals. When you connect to an unsecured network, it allows criminals to intercept data being sent to and from your device.
  • SIM swap and social engineering: After collecting your information from social media, attackers can impersonate you and trick your phone carrier into transferring your number to their device. They then use password reset features to gain access to your email account.
  • Unsecure third-party app access: Apps and services linked to your email account can become security weak points if they’re compromised or if you give them excessive permissions.

So you think your email’s been hacked

Sometimes, the first clue of a compromised email isn’t a loud, flashing alert. It could be a concerned friend reporting a strange message from you, or you notice a password that suddenly doesn’t work. Recognizing the signs of hacking early can make all the difference. Here are some examples of these signs:

  • Disabled password: If you can’t log in with your usual password but you didn’t change it, this could indicate someone has gained access and changed your credentials.
  • Unfamiliar login alerts or notifications: Your email provider sends alerts about logins from unusual countries, cities, or IP addresses you have not visited, or devices that you don’t use.
  • Strange messages sent: Friends or contacts report to you about receiving emails from your account that you never wrote. These emails could contain spam, phishing links, or suspicious attachments.
  • Modified security settings: If you check your email settings, you might see that your recovery email addresses, phone numbers, or security questions have been changed without your knowledge.
  • New email forwarding rules or filters: Still related to your email settings, you will discover automatic forwarding to unknown addresses or filters that redirect certain emails away from your inbox.
  • Data breach notifications: You might receive alerts that a service you use has been compromised, potentially exposing your email credentials.

The value of your email account to hackers

Your email address alone can be a gateway for cybercriminals, even without your password. Once the hacker has commandeered your email account, they can take control of your other accounts and commit other cybercrimes that could impact other people in your contacts list. Here are some examples:

  • Credential stuffing attacks: If your log-in credentials use a common password or were leaked from other breaches, criminals could use these to access your accounts across multiple services.
  • Password reset attempts: Attackers can trigger password resets on your accounts, hoping to intercept recovery emails or exploit weak security questions.
  • Phishing and impersonation: Your email and that of your contacts become a target for sophisticated phishing campaigns. These criminals could even impersonate you to deceive your contacts and colleagues.
  • Account takeover across services: Once they breach one account that you own, hackers often use the same email to systematically target your other online accounts and services.
  • Privacy exposure: Your email can be sold on dark web marketplaces, leading to ongoing spam, targeted scams, and privacy violations.
  • Identity fraud: Combined with publicly available information, your email address could become a building block for more serious identity theft attempts and financial fraud.
  • Expanded crimes: Hackers can use your email account to start a vicious cycle that targets your contacts and attempts to similarly victimize them.

Stop the damage

When you discover that your email account has been hacked, quick action can minimize the damage and enable you to reclaim your access. By following a few essential recovery steps calmly and methodically, you can lock out the intruder, restore your account’s security, and prevent further misuse of your information and your good name. Here’s what to do right away if your email has been compromised:

  • Disconnect from untrusted devices immediately: If you suspect your email is compromised, log out of your account on any shared or public computers to block hackers from maintaining access to your email.
  • Change your password: U\sing an uncompromised, trusted device only, change your passwords immediately. From this point moving forward, you will need to use a strong, unique combination of letters, numbers, and symbols to create your new log-in credentials.
  • Enable multi-factor authentication: Add an extra layer of security by requiring a second form of verification, such as a text message code or authenticator app, whenever someone tries to access your account.
  • Remove forwarding rules and connected apps: Review your email settings and delete forwarding addresses and third-party applications that have permission to access your email account.
  • Secure your recovery information: Update your recovery phone number and backup email address. Ensure these recovery methods haven’t been changed by the hacker and are under your control.
  • Alert your contacts: Notify your friends, family, and colleagues that your email was compromised. Warn them not to click links or download attachments from emails that may have been sent from your account.
  • Review financial and other accounts: Check any accounts connected to your email, including banking, social media, and online shopping. Look for unauthorized transactions or changes to account settings. Update passwords where necessary.
  • File reports to stop identity theft: Immediately file reports with your local authorities and consider placing fraud alerts with credit bureaus. When you do this, it blocks the cybercriminal from misusing your account.

Ongoing best practices to protect your email

From communication tools, email accounts have expanded their use to encompass a broader digital life. From banking and shopping to social media, many of your online accounts are linked to your inbox. That’s why protecting your email account is imperative.

Keeping your email secure is an ongoing commitment to your digital safety. The best way to do this is to combine vigilance, good security habits, and automated security tools. Make online security part of your routine, just like updating your devices or backing up important files. With a few smart habits and the right security settings, you can build strong defenses to keep hackers out and your personal information safe.

Don’t fall victim to a phishing scam

Never respond to an unexpected email or website that asks you for personal information or your login details no matter how professional it looks. Enable spam and phishing filters in your email settings to automatically block suspicious messages. You can also fortify your settings with a scam detector that alerts you to anything dubious in an email.

Comprehensive internet security software

Make sure you have comprehensive internet security software (that includes anti-spyware), and please keep it updated! Spyware hides itself on your computer, collects personal information about you and passes on your personal details without you knowing.

Avoid logging into your email from public places

Not only is there a greater chance of spyware on untrusted computers but some of them sport key logging programs which monitor and record the keys you strike on the keyboard – a great way of finding out your password! Avoid accessing email on public Wi-Fi. If you must use public Wi-Fi, use a trusted VPN to encrypt your connection when necessary.

Use strong passwords

Create strong passwords that include a variety of characters including numbers and symbols. A password manager makes this easy and secure. It is best to change your passwords at least every 6 months. Just as importantly, never share your passwords with anyone.

Final thoughts

Email security isn’t only about avoiding embarrassment. It’s about protecting your digital identity. Once a hacker gains access to your inbox, they can infiltrate nearly every part of your online life. Fortunately, blocking hackers doesn’t require deep technical expertise. You only need consistent, smart habits and alertness. Every time you take a few minutes to verify a sender or double-check a suspicious link, your security expertise grows. Make it part of your routine to review your account settings, check for unusual activity, and update your passwords.

To support your good digital habits, use automated tools such as McAfee Total Protection to safeguard you against fake messages, deepfake scams, viruses, malware, and more. A few proactive steps today can spare you the stress—and potential damage—of a compromised account tomorrow.

Also, if you start receiving strange emails from your friends that are totally out of character, please give them the benefit of the doubt and assume their email has been hacked. If not, it may be time to rethink your opinion of them!

====================================

*My dear friend’s name was changed to protect her privacy.