Hacked email? How to protect your account before attackers take over

If an email account is compromised, hackers can not only read messages, but also reset passwords and take over other accounts. This makes it all the more important to take an immediate and structured approach in an emergency. Below we show you what immediate measures you should take, as well as what help pages and support channels major providers offer to affected users.

General steps to take if your email account is hacked

Case 1: You can still log in.

If you can still access your mailbox, you have a better chance of protecting your account immediately. It is important to close all possible backdoors step by step:

• Change your password: Login directly through your provider's official login page. Avoid links in emails as they may lead to phishing sites. Choose a new, strong password that you use only for this account and consists of upper and lower case letters, numbers, and special characters.
• Log out of all devices and sessions: Many providers offer an overview of currently logged in devices and sessions in their security settings. Log out of all active sessions or use the Sign Out of All Devices feature. This way, attackers who still have access will immediately lose connection to the account.
• Check recovery options: Check what phone numbers and alternate email addresses are stored for account recovery. Attackers often enter their information here to take over your account forever. Immediately delete unknown entries and enter only your current information.
• Remove filters and redirects: Look at the mailbox rules in the settings. Attackers often set up automatic forwarding or filters so that emails are forwarded to another address or some messages remain invisible. Remove any rules that you did not create yourself.
• Activate two-factor authentication: If your ISP supports it, be sure to activate two-factor authentication. When logging in, you must enter a second factor in addition to your password, such as a code in a text message or confirmation in an authentication app. Even if your password falls into the wrong hands again, you will be better protected this way.

Case 2: You can no longer log in

If you are blocked, everything happens through the support of the relevant provider. In this case, use the appropriate recovery form or account wizard to guide you through the recovery process.

Microsoft Outlook/Hotmail

Microsoft provides recovery wizard for hacked accounts. After entering your email address and (if saved) your phone number, the system checks to see if any suspicious logins have occurred. It then guides you step-by-step through the entire process, from resetting your password and confirming your security information to checking for suspicious activity.

If you are still able to log in, you should immediately change the password on your account and check all saved security data (alternate email address, phone number). If access is already blocked, use account recovery form.

Google/Gmail

In Gmail, it's especially important to bring up the device and security overview. There you can see which devices have recently accessed your account. Unknown entries can be canceled with just a few clicks. You can find clear instructions in our guide article “Has a hacker logged into your Google account? Here's how to find out“.

Google also provides a detailed guide to complete recovery: Protect a hacked or compromised Google account. There you will learn step by step how to reset your password, check your recovery options, and stop suspicious activity.

If you are no longer able to log in at all, please go to the account recovery page linked on the above site and follow the instructions provided there.