My email has been hacked: How do I fix it?

How do I know if my email has been hacked?

Hackers break into email accounts for all kinds of reasons: to steal personal info, commit identity theft, spread malware, or use your inbox to scam other people. Whatever their goal, the sooner you spot the breach, the better.

Common red flags include:

• You can't log in. You go to check your email, but suddenly, your login details are "wrong." That's a big one. If someone's changed your password, they've locked you out.
• Friends get weird emails from you. If people ask, "Did you mean to send this?" (and you didn't), your account may be sending spam or phishing messages.
• You're getting password reset emails you didn't ask for. That could mean someone's trying to use your email to get into other accounts.
• You're locked out of other accounts. Many services use your email for login or recovery. If someone's hijacked your inbox, they may be taking over more than just your email.
• Login attempts from strange places. Most email services show recent activity. If you see logins from devices or locations you don't recognize, someone else may be poking around.
• Other suspicious activity. This red flag often includes seeing messages you didn't write, deleted emails you didn't delete, mysteriously changed security settings. All of it's worth a closer look.

If you notice any of this, don't wait. The longer someone's in your inbox, the more damage they can do.

What should I do if my email has been hacked?

When your email account has been hacked or exposed in a data breach, you have one job: lock it down fast. These steps will help you retake control of your account and stop the damage from spreading:

1. 1.Change your password immediately. Your main priority when dealing with a compromised email address is to secure your account with a new password. Make it strong, unique, and nothing like your old one. Also, don't recycle a password from another account — if one gets hacked, the rest become easy targets.
2. 2.Log out of all active sessions. Most email platforms let you see where you're logged in. Sign out of all sessions to kick out the intruder. (On Gmail, it's at the bottom of your inbox under "Details.”)
3. 3.Enable two-factor authentication (2FA). This adds a second lock to your account. Even if someone has your password, they'll need a code from your phone or authentication app to log in. Avoid SMS-based 2FA if possible — it's better than nothing but vulnerable to SIM swapping. Use an app like Authy or Google Authenticator instead.
4. 4.Check your account recovery information. Make sure your recovery email address and phone number haven't been changed. If a hacker has swapped them out, they can keep getting in even after you change the password.
5. 5.Scan your device for malware. Keyloggers or spyware could be how the bad actors got in. Run a full malware scan using trusted antivirus software.
6. 6.Look for unusual activity in connected accounts. Your email is often the key to your other accounts — banking, shopping, and social media — that cybercriminals see as even more valuable. If a hacker got in, they may have already tried to reset your passwords for these other accounts. Look for unfamiliar login attempts or changes.
7. 7.Alert your contacts. Send a heads up to friends, coworkers, or anyone who may have received a message from your account. Hackers often use compromised accounts for phishing scams or money requests.
8. 8.Report the hack. Let your email provider know what happened. Most have a form or support contact for reporting compromised accounts. 
9. 9.Watch for follow-up attacks. You may get phishing emails pretending to help you "recover" your account. Don't fall for them.  

How can you protect your email from getting hacked?

You've cleaned up the mess — now let's make sure it doesn't happen again. A few smart habits go a long way when it comes to keeping your inbox (and everything connected to it) safe:

1. 1.Use strong and unique passwords. Don’t use any pets’ names or "123456." A strong password is long (think 12+ characters) and totally random. Also, don't reuse the same password for different accounts, and change them in case of a data breach. A password manager like NordPass can generate and remember complex passwords for you.
2. 2.Use two-factor authentication (2FA). Yes, this tip is worth repeating. Most major email services support it, and it's one of the best defenses you have.
3. 3.Stay on the lookout for phishing emails. If something feels off, don't click. Hackers use fake login pages or urgent-sounding emails to trick you into giving up your password. 
4. 4.Avoid public or unsecured Wi-Fi for email. If you absolutely have to, use a VPN for public Wi-Fi. Hackers love unsecured networks.
5. 5.Keep your software and apps updated. Your email app, your browser, your phone's OS — keep them current. Updates often fix security holes hackers exploit.
6. 6.Review your login activity. Every so often, take a look at your login history. If you spot logins you don't recognize, investigate immediately.