Six things to do if your emails are hacked

Kara Gammell / 19 April 2016

Limit the damage with these simple steps to reclaiming your email account and protecting your personal information from criminals.



When your email account is hacked the impact can be disastrous.

But you can take back control from the fraudsters with these simple steps.

1. Change your password pronto

If you have fallen victim to email hacking, the first thing you must do is assess the damage, by logging into your email account.

Once you are in your account, it is crucial that you change your password. 

It's possible that your password has been changed, but you can reset this by clicking on the link marked “Forgotten your password?” or similar.

Getting a strong password in place will be a great line of defence. Always use different passwords for all shopping websites and never use the same password for a shop as you do for your email account.

10 signs that your computer has a virus.

To pick a password that is hard to crack, try substituting numerals for letters in memorable words.

For example, if you want “October’’ as a password, use the zero key instead of the letter “o’’. While the number 1 can be used for the letter “I’’, a 5 for “s’’ and so on.

Another option is to use your first car’s registration number. This is ingrained on many people’s memory but unlikely to be known by others.

Or why not use a mnemonic device? Write out a phrase or sentence that means something to you. For example, the nursery rhyme, “hickory, dickory, dock, the mouse ran up the clock”, would create “Hddtmrutc” as a password, which would otherwise be a difficult string of letters to commit to memory. 

For additional security, try adding the last two letters of each site to the start of itspassword, ie, for Facebook – okHddtmrutc, or for Amazon – onHddtmrutc.

Seven common password mistakes and how to avoid them.

2. Report it to your email provider 

Your email provider has seen this type of thing before and may be able to provide you with further details about the nature and source of the attack, as well as any tools they may have available to protect your information and get you back up and running.  

Find out more be searching the 'Help' section on the email providers website.

3. Notify your friends                   

Some hackers compromise email accounts in order to attack your friends or contacts. They use your email address to send spam or phishing emails attempting to trick them into thinking you need help, buy something or into giving up personal information.

Notify everyone on your contact list that you have been compromised and they should not open messages or click on any links from your account.

Signs that an email make be fake or a scam.

4. Tighten security

Fraudsters do not hack your email simply for the fun of it, this is often the first step in an attempt of identity theft

This is often done with a type of virus called a Trojan which is inserted it into your system so that it can collect your personal details. Having your security software up-to-date is essential as it will eliminate any and all viruses, spyware or malware that it discovers.

Read our guide to free anti-virus software.

5. Check your personal email settings 

Check that the hackers haven't created forwarding email addresses and if you find any, delete them immediately. 

Look carefully at the signature block and make sure it's really yours. The hackers may have included some malicious links there too.

What’s more, many of us a create subfolders in our inbox for important – and often financial – information. If this sounds like you, it is vital that you go to any accounts identified (a mortgage application, for instance) and change the user ID and password.

It’s also worth looking in your ‘sent’ folder and the trash folder. If your email has been hacked, it’s possible that you won’t recognise emails in these folders.

Go one step further and check what email addresses are 'whitelisted'. Email providers label whitelists in different ways, but an attacker may add an alias to this list to guarantee future emails get delivered to the inbox.

Eight warning signs that your identity has been stolen.

6. Keep an eye on your accounts 

Assuming that the hacker has been able to find pieces of personally identifiable information, it is important to monitor your credit report and various financial accounts for suspicious activity.

Under the Consumer Credit Act, you can write to one of the credit reference agencies, such as Experian or Equifax, and ask to see your file for a cost of £2. Alternatively, if you need to see your report in a hurry, you can check your file online.

Credit Expert from Experian offers a free 30-day trial, which enables you to see your credit report, and then charges £14.99 a month for continued access. Equifax’s service also offers a 30-day free trial and charges £9.95 a month for the rest of the year, but these can be cancelled once you have seen your report.

What’s more, it’s a good idea to have a fraud alert put on your file. Simply contact one of the above credit agencies for help.

Find additional support by contacting Action Fraud, who will offer you help and advice about fraud, by phoning 0300 123 2040.

For more tips and useful information, browse our technology articles.

The opinions expressed are those of the author and are not held by Saga unless specifically stated.

The material is for general information only and does not constitute investment, tax, legal, medical or other form of advice. You should not rely on this information to make (or refrain from making) any decisions. Always obtain independent, professional advice for your own particular situation.