Email has been around for a few decades now, and practically everyone has one, even if they use it infrequently. Chances are, if you’ve had your address for a few years, you’ve started to see scams, ads, and plenty more unwanted content showing up in your inbox.

You’ve probably also heard of emails getting hacked, and you may have even seen a few of these before—you get a message from your “friend” telling you they need a random amount of money, ASAP, and you’re their only hope. But what if you’re on the other end, and someone else on your contact list gets an email from “you” requesting a similar favor. What do you do then?

Email security

First off, let’s address some basic email security habits that everyone should have. If you haven’t been hacked and there’s something here you’re not doing, consider this your wake up call.

1. Have a strong password. In today’s digital world, running about with weak and simple passwords is like leaving your car unlocked with your cash-stuffed wallet inside. If you want to anonymously test the strength of your passwords or need help coming up with stronger passwords, check out our guide to passwords.
2. Consider two-factor authentications (2FA). Another step beyond having a password is setting up 2FA. This means you have to provide a special, one-time code in addition to your password in order to log into and access your email. It may not be right for every use case, but it’s generally a good idea. This can also be known as Multi-factor Authentication (MFA).
3. Create “better” security questions. You’ve probably had to set up some security questions before: “What street did you grow up on?”, “What’s your mother’s maiden name?”. While these are a nice idea and their original intent was to help a user lock down their account—after all, who else would know these answers besides, well, you? The problem is that since the advent of social media, it’s often pretty easy for a hacker to either guess or do a couple minutes of research to find the answers to these secure questions. A “better” way to answer these questions is by choosing an answer that is meaningful to you but may not even have anything to do with the question itself. For example, answering “What’s your favorite drink?” with “Harry Potter”.
4. Don’t open unexpected emails. The final tip is crucial to preventing not only your email from getting hacked, but infecting your computer or phone with viruses. Even if you have a rock-solid password, 2FA enabled, and an active virus shield, the moment you click on a strange email, follow the links inside, or try to open an attachment on it, none of that prior protection matters. The best thing you can do is to never even open these emails and instead delete or mark them as spam.

What happens when your email is hacked?

If your email hasn’t been compromised that you know of, but want to know some of the warning signs to watch for, or are simply curious and want to take a couple minutes to learn more about it, this next section is for you.

Typically, the main reason a scammer or hacker wants access to your email address is to use it to try and spread malware or propagate scams to your contact list. Once they have access to your account, they will immediately begin using it to send out malicious emails to every saved address in your contacts. The thinking is that a person is more likely to click on and entertain a suspicious email if it’s coming from their “friend”.

The sad truth is that many people don’t take the time to consider who is actually sending the emails they click on. A lot of users will notice their friend’s email address and assume they are the one who’s sent them a request for a gift card, wire transfer, or link to a compromising video. It’s always better to check with that person (if you actually know them well enough to receive unsolicited emails from them), and verify if they actually did send you that. Otherwise, this should raise a huge red flag.

How does your Email get Hacked?

While it’s technically possible that a hacker could head over to gmail.com, type in a random address and then guess a password, this just isn’t an efficient way for a scammer to operate. More commonly, they will acquire these email addresses either from a hacked website, newsletter, or other kinds of compromised databases.

Once they’ve obtained a list of, say, a few thousand email addresses this way, a hacker might decide to use these themself or put them up for sale on the dark web for other scammers to purchase. Just the addresses themselves without a password aren’t terribly valuable, and so most people who collect these lists are looking to start spamming malicious emails in the hopes that a fraction of the recipients open up and fall for the traps they’ve laid within.

What’s more dangerous, however, is if someone does get both your email address and the password. At this point, unless you’re lucky, they’ll immediately change the password and you’ll find yourself locked out of your account. If this happens, it’s too late to protect your account proactively and you’ll instead need to take some steps to try and recover your account.

What to do if your Email gets Hacked

If you’re lucky and the hacker didn’t change your password but you’ve received reports of people getting scammy emails from your address, you should immediately call your iDefend Advisor team at 801-724-6211.

If you’ve found yourself on the receiving end of a hacked email account, following these steps is the best way to reclaim your data and get back up and running again.

1. Report the hacking to your email provider. Most of the major providers have a way to do this from the sign-in screen.
2. Scan your computer/phone for viruses and malware. If you have [our service], one of our techs will have your back on this one.
3. Change your security questions and make them better. Better questions equal better security. If you’ve ever done one of those social media posts about “your first car, your high school mascot, etc.” you may have unknowingly given out answers to your security questions. Try using answers only you would know and never share them.
4. Change your password and make it stronger. If you use this same password or email to log into other websites, you should also change it there.
5. Let friends and family know you got hacked. If you suspect any malicious or scammy emails have been sent from your account, letting people know you got hacked and not to open anything weird from you is a good idea.
6. Check your email settings. Pay especially close attention to the automatic forwarding settings to make sure nobody else is snooping in your inbox.
7. Activate monitoring. If you’re worried that any of your sensitive personal data might be compromised (things like personal IDs, SSN, DOB), having active dark web monitoring and identity theft protection in place will give you peace of mind.
8. Pay attention to any 2FA you’ve set up. As stated above, if you start seeing texts on your phone or messages through another email account with access and verification codes you didn’t request, report it to your email provider right away.

Final Thoughts

Nobody wants to wake up to a hacked email account, but unfortunately identity theft, hacking, and scams have risen exponentially over the last few years. For most of us, identity theft, ransomware, and hacking is no longer only something we’ll hear about on the news, or that doesn’t happen to us.

Having active protection in place is no longer something only business owners and global corporations need to be concerned with, as more and more individuals, families, and small businesses are falling prey to cybercrime daily. We believe that everyone deserves the peace of mind that comes with knowing your information is safeguarded, and you have steps in place for the day that identity theft comes knocking at your door.