Home > Identity Theft > 9 Things You Need to Do When Your Email Is Hacked

Comments 5 Comments

For many people, the first sign that their email has been hacked comes when a friend shoots them a text or an email saying, “Hey there. Uh… I think your email was hacked… unless you meant to send me that link to the Viagra store.” Or you might figure it out because you can no longer log in to your account, or your smartphone can’t retrieve your messages. Or maybe you can log in to your email, but find that your inbox is suddenly empty and all of your contacts have been deleted. No matter what tips you off, when your email is hacked (notice I say when, not if, here), the impact can be disastrous.

The fact is, despite Twitter, Facebook and texting, we still rely on email for most business and personal interactions. So it can be pretty disquieting when inexplicable things start to happen to our email accounts, or our access to email is blocked. When these things happen, we can’t just will them away or delude ourselves into thinking that our computer is simply having a bad day. They could well be manifestations of email hijacking, which often is the prelude to identity theft. So your response should not be “Oh God,” but rather, “Houston, we have a problem.”

There are plenty of things you can do to minimize the risk of having your email hacked, as we’ve covered in the past.  And if you’re worried about how to spot suspicious emails in your inbox, there are plenty of telltale signs. Nevertheless, these days nothing is foolproof and nobody is perfect, so the likelihood that you will be exposed to a phishing scam at some point is relatively high. The question is what do you do when it does eventually happen, to keep both you and your friends safe. With that in mind, we offer these tips:

1. Change your password.

If the wizards who hacked into your account forgot to change your password and you can still log in – do it immediately and change that password. Oh, and make it stronger, stranger and less “you.” That means no birthdays, addresses, kids’ names, dogs’ names, maiden names, favorite movie names, favorite band names, or anything else that you might otherwise feature on your Facebook page.

2. Recapture your account.

If your access is blocked, follow the directions on the email site help center. Once you again become the master of your email kingdom, invent a very sophisticated password, change your security questions and get creative in your answers because the hacker may well have nailed those questions correctly in the first place. Trust me — you want them out of your life and not as permanent pen pals.

3. Report the incident to the email site.

Your email provider has seen this type of thing before and may be able to provide you with further details about the nature and source of the attack, as well as any tools they may have available to protect your information and get you back up and running. (You may also have access to identity protection services through your insurance company, bank, credit union or employer).

4. Speak to your peeps.

Notify everyone on your contact list that you have been compromised and they should look at any communication from you with suspicion for the time being. Further, they should double down on their computer protection. If they have already been victimized, offer your condolences and support, and make sure they are following these steps, too. (Hey, maybe forward them THIS article!)

5. Scan your computer with an updated anti-virus program.

Don’t think that sophisticated email hackers are in it for the fun of grabbing your email and then doing a spam conga line. Often their goal is much more insidious. Why crawl into a life unless you can truly monetize it? Therefore, beware of the Trojan. (As a Stanford guy, that has always been my motto when dealing with people from USC.)

In this case however, they may have inserted it into your system so that it can conduct recon and report back to them with all of your passwords or a treasure trove of your information. Get that program running and eliminate any and all viruses, spyware or malware that it discovers. If you don’t have a new and sophisticated security software program now is not the time to cheap out. It’s a reasonable investment that will ultimately show a serious return by keeping your information yours.

6. Don’t fail to review your personal email settings.

Make sure the cyber ninjas haven’t created forwarding email addresses and if you find any delete them immediately. Also, look carefully at the signature block and make sure it’s really yours. The hackers may have included some malicious links there too.

7. Change passwords or security questions for other sites.

In the event you shared your email passwords or security questions with any other site, change them, too. Too often consumers opt for convenience (or simplicity) over security and use a single password for multiple websites — including financial services, social media, retail or secondary email sites. Not a good idea. In fact it’s a very bad idea. Change all of them and use different passwords for each.

8. Check your email folders.

Folks have a tendency to send financial or personally identifiable information to others via email and then archive the offending email in a file in their system. If so, immediately go to whatever account is identified and change the user ID and password.

9. Monitor!

Assuming that the hacker in question was able to find either your Social Security number or other valuable pieces of personally identifiable information, it will become important for you to monitor your credit and various financial accounts for suspicious activity. You can get a copy of each of your three major credit reports for free once a year, and you can use tools like Credit.com’s free Credit Report Card for an easy to understand overview of your credit history, along with your credit scores. Finally, you might also wish to contact the fraud department of one of the big three credit reporting agencies and have a fraud alert put on your file, or you may even want to ask them to “freeze” your credit.

Your email is an important component of your identity portfolio. You must manage it like an investment. That means you minimize your risk of exposure by being smart, discrete and sophisticated in your security approach; keep a watchful eye for things that seem a bit “off,” and know what your damage control options are before you need to control the damage.

Image: iStockphoto

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

  • Pingback: Thursday's need-to-know money news()

  • FRE000

    If we use a different password for each site, how do we remember all of them? How many of us can actually remember 10 or more passwords?

    • http://www.credit.com/ Credit.com Credit Experts

      This is so true. When you have several dozen logins, this is a problem. Some people keep their passwords in password protected files like excel, word, etc. On Windows and Mac systems, there’s also a built in feature that will auto save your passwords for you (which is risky as well if your computer ends up in the wrong hands).
      Yet, another option is password memory software that keeps track of passwords. A recent piece in the NYTimes actually talks about this very problem and offers several “password memorization program” options that are available on the market: http://www.nytimes.com/2013/06/06/technology/personaltech/too-many-passwords-and-no-way-to-remember-them-until-now.html?pagewanted=all&_r=0

      • Sherry

        I have a notebook I keep all my P/W in for each site I am on. I have at least 50+ P/W at my hand without having to think, ok which one was for what site. I also carry a copy with me, however I mix it up with the wrong P/W to each sites, all you have to remember is your formula you came up with for this. Yes, I know this isn’t foolproof as it’s a process of elimination to get them, but by the time you know it’s missing you will have changed them starting with all emails & bank accounts then start on anything that holds onto other information like your social sites, FB, YB, Myspace, ETC., you get the idea. I’ve been here it’s not easy to clean up.Trust me some of my friends has to click and read anything/everything that looks good or enticing and then they get hack and like this article says you don’t know it till it’s too late. Then they gets into everyone’s information on their FB or whatever sites friends list without you even knowing until it too late. Then you have friend saying please don’t send me porn or i’m deleting you. I have a posting I post to my friends wall that is warning them that they were hacked from opening up random ads that are from scams & hackers and they are passing it on to me and everyone else on their list and they need to change their P/W and scan. Then in a nice way, I tell them if it continues I will delete them. By this time you have to do damage control over and over till you’re safe again. I’m not sure if this helps or not, but it is what works for me and has been successful for me now and to help me remember more than a few P/W, plus I do change my P/W about every 2-3 months. Sorry so long!

    • Guest

      If you have anti virus protection, like Norton Internet Security, they usually have a “vault” where you can enter one password, and it will auto fill it for you. Obviously you’ll want this one to be the strongest. Also if you frequently log into these 10 accounts, its not that difficult. Do something often and it eventually becomes a habit, in your memory.

    • Oscar Mayer

      keep a list to track your passwords and security questions. The password list is no good if you make the security questions easy i.e. “what was your high school mascot?” Just lie on the security questions and keep the answers on a list.

Certain credit cards and other financial products mentioned in this and other articles on Credit.com News & Advice may also be offered through Credit.com product pages, and Credit.com will be compensated if our users apply for and ultimately sign up for any of these cards or products. However, this relationship does not result in any preferential editorial treatment.

Hello, Reader!

Thanks for checking out Credit.com. We hope you find the site and the journalism we produce useful. We wanted to take some time to tell you a bit about ourselves.

Our People

The Credit.com editorial team is staffed by a team of editors and reporters, each with many years of financial reporting experience. We’ve worked for places like the New York Times, American Banker, Frontline, TheStreet.com, Business Insider, ABC News, NBC News, CNBC and many others. We also employ a few freelancers and more than 50 contributors (these are typically subject matter experts from the worlds of finance, academia, politics, business and elsewhere).

Our Reporting

We take great pains to ensure that the articles, video and graphics you see on Credit.com are thoroughly reported and fact-checked. Each story is read by two separate editors, and we adhere to the highest editorial standards. We’re not perfect, however, and if you see something that you think is wrong, please email us at editorial team [at] credit [dot] com,

The Credit.com editorial team is committed to providing our readers and viewers with sound, well-reported and understandable information designed to inform and empower. We won’t tell you what to do. We will, however, do our best to explain the consequences of various actions, thereby arming you with the information you need to make decisions that are in your best interests. We also write about things relating to money and finance we think are interesting and want to share.

In addition to appearing on Credit.com, our articles are syndicated to dozens of other news sites. We have more than 100 partners, including MSN, ABC News, CBS News, Yahoo, Marketwatch, Scripps, Money Magazine and many others. This network operates similarly to the Associated Press or Reuters, except we focus almost exclusively on issues relating to personal finance. These are not advertorial or paid placements, rather we provide these articles to our partners in most cases for free. These relationships create more awareness of Credit.com in general and they result in more traffic to us as well.

Our Business Model

Credit.com’s journalism is largely supported by an e-commerce business model. Rather than rely on revenue from display ad impressions, Credit.com maintains a financial marketplace separate from its editorial pages. When someone navigates to those pages, and applies for a credit card, for example, Credit.com will get paid what is essentially a finder’s fee if that person ends up getting the card. That doesn’t mean, however, that our editorial decisions are informed by the products available in our marketplace. The editorial team chooses what to write about and how to write about it independently of the decisions and priorities of the business side of the company. In fact, we maintain a strict and important firewall between the editorial and business departments. Our mission as journalists is to serve the reader, not the advertiser. In that sense, we are no different from any other news organization that is supported by ad revenue.

Visitors to Credit.com are also able to register for a free Credit.com account, which gives them access to a tool called The Credit Report Card. This tool provides users with two free credit scores and a breakdown of the information in their Experian credit report, updated twice monthly. Again, this tool is entirely free, and we mention that frequently in our articles, because we think that it’s a good thing for users to have access to data like this. Separate from its educational value, there is also a business angle to the Credit Report Card. Registered users can be matched with products and services for which they are most likely to qualify. In other words, if you register and you find that your credit is less than stellar, Credit.com won’t recommend a high-end platinum credit card that requires an excellent credit score You’d likely get rejected, and that’s no good for you or Credit.com. You’d be no closer to getting a product you need, there’d be a wasted inquiry on your credit report, and Credit.com wouldn’t get paid. These are essentially what are commonly referred to as "targeted ads" in the world of the Internet. Despite all of this, however, even if you never apply for any product, the Credit Report Card will remain free, and none of this will impact how the editorial team reports on credit and credit scores.

Our Owners

Credit.com is owned by Progrexion Holdings Inc. which is the owner and administrator of a number of business related to credit and credit repair, including CreditRepair.com, and eFolks. In addition, Progrexion also provides services to Lexington Law Firm as a third party provider. Despite being owned by Progrexion, it is not the role of the Credit.com editorial team to advocate the use of the company’s other services. In articles, reporters may mention credit repair as an option, for example, but we’ll also be sure to note the various alternatives to that service. Furthermore, you may see ads for credit repair services on Credit.com, but the editorial team isn’t responsible for the creation or implementation of those ads, anymore than reporters for the New York Times or Washington Post are responsible for the ads on their sites.

Your Stories

Lastly, much of what we do is informed by our own experiences as well as the experiences of our readers. We want to tell your stories if you’re interested in sharing them. Please email us at story ideas [at] credit [dot] com with ideas or visit us on Facebook or Twitter.

Thanks for stopping by.

- The Credit.com Editorial Team