The Incredible Power of the Internet Has Come With Some Enduring Privacy Threats.
Nowhere is your personal information more exposed than through your daily use of email. We rely on our email service providers to stay ahead of bad actors, and our email service providers rely on us to use effective passwords, not fall for phishing schemes, and report suspicious activity.
We’ve compiled the following answers to key email security questions as a primer to help you augment the safety mechanisms your email provider has in place with some guidance on making your email more secure.
Why Would Someone Want to Hack Into My Email?
Email credentials are valuable on the black market. Hackers with usernames and passwords get paid to send spam on behalf of clients.
With access to your email, hackers can also send spam to your contacts appearing to come from you, in an attempt to compromise the accounts you are connected with. This is probably the most common way people discover their email has been hacked – a friend says they got a random/weird email from you.
But a hacker with your email credentials can do more malicious things nearer to identity theft. They can email your contacts seeking to pry away their personal information. They can also use your email to work into your banking logins if your email credentials are hooked up with your online banking accounts.
Hackers may try to use your email address and password to log into a list of financial websites (think AmericanExpress, Citibank, Fidelity, etc…). If you used the same password for both, your bank and email account you could be in trouble.
You may think you are small potatoes compared to government or corporate email systems. But individuals need to remain vigilant as well. A ransomware attack targets all computers and can cost you hundreds of dollars (if not more).
How Do You Know if You’ve Been Compromised?
As in the case of Yahoo in 2016, your email service provider may alert you of a breach several months after the breach (Yahoo was hacked in 2014). More often than not, email users discover abnormalities on their own that suggest a hack.
Some signs are unmistakable. As mentioned above, if your friends tell you they are receiving email from you that you didn’t send, your account is compromised. If you are not able to log into your account, a hacker with account access has likely changed your password.
Other signs of a hack are less obvious. In fact, a hacker may try to keep their activity under wraps so they can continue to use your account.
Periodically check your outbox for emails you didn’t send. Also realize that emails are stamped with IP addresses that record from where the email was sent. Email service providers let you monitor your IP addresses (for example, Gmail users can check the small details link at the bottom of emails for IP information.) Be alert for IP addresses that show locations you don’t recognize.
What Should I Do if My Email is Hacked?
If you can still log into your account but are noticing suspicious activity, change your password NOW! Make it markedly different from your previous password and avoid any identifying elements like a pet name or the street you grew up on. These identifiers may be floating around the web and easy for a motivated hacker to gather.
If your email provider uses two-factor authentication, get it. If John Podesta had used two-factor authentication for his email accounts (yes they used the hack of one account to get into another) the hack of the Clinton campaign manager would not have happened.
Notify friends, family members, and anyone on your contact list that may have been sent unauthorized spam from your account. This will hopefully prevent any of your contacts from clicking on a malicious attachment or link in an email that appears to come from you.
Also notify your email service provider. They rely on user reports to help them stay informed and ahead of threats to their networks. They also may be able to provide you with help to remedy the situation and recapture control of your account.
It’s a good idea to use the unfortunate occasion of an email hack as an opportunity to clean house on your passwords around the web. If you are using passwords that are identical or similar to your compromised email password, then your other accounts are also at risk. Password management services like LastPass, Dashlane, and 1Password are great tools to keep your passwords unique and accessible only to you.
Stay vigilant to suspicious activity and act fast if you find anything amiss!
Editor’s note: Originally published in August 2017, this blog has been edited and updated in April 2022.