My Email Was Hacked — Step-by-Step Recovery Guide

Your email account is the master key to your digital life. With access to it, an attacker can reset the password to your bank, social media, shopping accounts, and anything else tied to that email address. If you think your email has been hacked — or you've confirmed it — every minute counts. This guide walks you through exactly what to do, in order, to regain control and limit the damage. Signs your email may be hacked: password stopped working, friends received strange emails from you, you see emails in your sent folder you didn't send, or you received a security alert from your email provider.

If your password still works: - Log in right now from a trusted device - Go to Security Settings immediately - Change your password to something long and unique (use a password manager) If your password no longer works (attacker changed it): - Go to the login page and click 'Forgot Password' or 'Account Recovery' - Use a recovery phone number or backup email if you set one up - Gmail: accounts.google.com/signin/recovery - Outlook: account.live.com/acsr - If recovery options don't work, contact the provider's support — have account creation details ready to verify your identity Do this before anything else. You can't secure the account without access.

Once you're back in, do all of the following immediately: 1. Change your password — make it at least 16 characters, unique, not used anywhere else 2. Enable MFA immediately — add an authenticator app (Google Authenticator, Authy) not just SMS if possible 3. Check and remove recovery options you don't recognize — attackers often add their own phone number or backup email to lock you out again 4. Review connected apps — go to Security > Connected Apps and remove anything suspicious or you don't recognize 5. Check email forwarding rules — attackers often set up silent forwarding rules to receive copies of all your emails even after you change your password. Delete any rules you didn't create 6. Check your profile — make sure your name, recovery email, and phone number haven't been changed to the attacker's details 7. Sign out all other sessions — most email providers have a 'Sign out of all devices' option. Use it.

Check what the attacker may have accessed or done: Search your sent folder for emails sent during the compromise period — did they email your contacts asking for money or spreading phishing links? Check your inbox for password reset emails — did the attacker use your email to reset passwords on other accounts? Check for banks, PayPal, Amazon, social media. Look for new account creation confirmations — attackers sometimes create new accounts using your email address. Check if sensitive information was accessed — search your email for terms like 'password', 'account', 'bank', 'SSN', 'invoice' to see what may have been read.

This is the most important step that most people skip: Any account that uses this email address for login or password recovery is now potentially compromised. Priority order: 1. Banking and financial accounts — change passwords immediately, check for unauthorized transactions 2. PayPal, Venmo, Cash App 3. Amazon, eBay (saved payment methods) 4. Social media accounts 5. Work accounts 6. Everything else For each one: change the password, enable MFA, and check for any account activity you don't recognize. This is exhausting but essential. Consider using a password manager going forward — it makes changing many passwords much faster.

If the attacker sent emails from your account to your contacts: 1. Send an email from your now-secured account warning your contacts that your email was compromised and to ignore any unusual messages 2. If the attacker asked for money or gift cards, contact those people directly by phone to make sure they didn't send anything 3. If the attack involved your work email, notify your IT department immediately — corporate networks may be at risk 4. Consider filing a report with the FBI's Internet Crime Complaint Center (IC3) at ic3.gov, especially if money was stolen