Your Email’s Been Hacked—Now What?
A Step-by-Step Recovery Guide on what to do if your email has been hacked
A Step-by-Step Recovery Guide
Your Email’s Been Hacked—Now What?
Imagine this: You open your inbox, and something feels off.
Maybe you can’t log in, or you spot strange emails in your sent folder that you definitely didn’t write.
Worse yet, your contacts are receiving phishing messages that seem to be from you.
It’s a nightmare scenario, but unfortunately, email hacks happen all too often—and they can have serious consequences.
For businesses and individuals alike, email is the gateway to so much more than just messages.
It’s linked to bank accounts, cloud storage, confidential work files, and even personal identity information.
If hackers gain access, they can exploit it in ways that could cost you money, data, and even your reputation.
But before you panic, take a deep breath.
The good news?
You can recover your account, stop further damage, and lock hackers out for good—if you act fast. In this guide, we’ll walk you through exactly what to do to regain control and prevent this from happening again.
Reset
Review
Reinforce
your three-step rescue plan
or find out more click here for an enquiry today.
Change Your Password Immediately
The moment you suspect your email has been hacked, your first move should be to change your password—before the hacker locks you out completely.
A strong, unique password is your best defence against cybercriminals trying to regain access.
Avoid simple or commonly used passwords like 123456, password1, or anything remotely easy to guess.
Instead, create a long and complex password with a mix of uppercase and lowercase letters, numbers, and symbols.
A passphrase—like a random sentence or a combination of unrelated words—can also be a great option.
Once you’ve secured your password, take things a step further by enabling Multi-Factor Authentication (MFA).
This adds an extra layer of security by requiring a secondary verification step, such as a code sent to your phone.
Even if a hacker somehow gets your password, they still won’t be able to access your account without that second factor.
Check for Unauthorised Access & Activity
Changing your password with a strong password is a critical first step, but don’t stop there.
Hackers don’t just break in and leave—they often try to maintain access in the background.
That means you need to check your account settings for any suspicious activity.
Start by reviewing your sent folder for any messages you don’t recognise.
If hackers have been using your email to send phishing scams, spam, or fraudulent requests, you’ll see traces of their activity here.
Next, look at your login history—most email providers allow you to see recent login attempts, including location and device details.
If you spot logins from unfamiliar places, that’s a red flag.
Finally, check your connected apps and third-party access settings.
Cybercriminals sometimes add email forwarding rules that secretly send copies of your emails elsewhere, or they may grant themselves access through linked apps.
If you see anything suspicious, remove it immediately.
Email Security Isn’t Optional
it’s essential for Business Survival
Looking for IT Support for your Business?
Everything from IT Advice to Microsoft 365 to VoIP business systems
Call our Team of IT Experts Today on 9111 1740
Secure Other Accounts Linked to Your Email
Your email isn’t just for communication—it’s often the master key to your other accounts.
Think about all the services where you use your email to log in—social media, online banking, cloud storage, work accounts… if your email is compromised, those accounts could be at risk too.
To prevent further damage, change the passwords for any accounts linked to your email—especially for services that contain sensitive data or payment information.
Also, keep an eye out for password reset attempts.
If you receive emails saying “Your password has been reset” or “Click here to confirm your password change” but you didn’t request them, hackers may be trying to take over your other accounts.
Act fast to secure them before they do.
Warn Your Contacts & Prevent Phishing Attacks
Once hackers gain access to your email, they don’t just stop with you—they often try to exploit your contacts by sending phishing emails in your name.
These emails may contain fake invoices, requests for money, or malicious links designed to steal login details.
The best way to limit the damage is to warn your contacts right away.
Send a message from a secure account, letting them know your email was hacked and to ignore anything suspicious they might have received.
You can keep it simple:
“My email was hacked. If you received any strange messages from me, please ignore and delete them. Do NOT click any links!”
By taking a few moments to notify your contacts, you help prevent further attacks and protect your professional and personal reputation.
Scan Your Device for Malware
Hackers don’t just steal passwords—they sometimes use malware or keyloggers to monitor everything you type, making it easy for them to steal even more information. If your email was compromised, it’s worth checking your devices for hidden threats.
Run a full system scan using updated antivirus and anti-malware software on any computer, phone, or tablet where you access your email.
If the scan detects anything suspicious, follow the removal steps and then change your passwords again, just in case they were stolen.
Enable Extra Security Measures
Now that you’ve regained control, it’s time to fortify your defences so this doesn’t happen again.
Enable Multi-Factor Authentication (MFA) if you haven’t already
Update your security questions Hackers can often guess common answers like your pet’s name or mother’s maiden name. If possible, set answers that are completely unrelated to the question
Review your recovery email and phone number—make sure they’re correct and haven’t been secretly changed by the hacker
Use a password manager to generate and store strong, unique passwords for every account. This helps prevent the temptation of reusing weak passwords across multiple sites
Taking these steps now can save you from another security headache in the future.
Report the Hack & Restore Your Email
If you’re still locked out of your account, or if hackers have changed recovery options, you’ll need to contact your email provider’s support team for help.
Services like Gmail, Outlook, and Yahoo have dedicated recovery options that guide you through the process of regaining access.
For businesses, if your email is part of a corporate system (like Microsoft 365 or Google Workspace), notify your IT team or managed service provider (MSP) immediately so they can investigate and secure the network.
If you suspect sensitive data was stolen, it may be necessary to report the breach to cybersecurity authorities or regulatory bodies—especially if it involves financial fraud or business-related data leaks.
Prevent Future Attacks
Now that you’ve dealt with this security scare, it’s time to make sure you never have to go through it again. Here are some best practices for keeping your email (and your business) secure:
Stay alert for phishing scams. Hackers often trick people into revealing their passwords through fake login pages or urgent-sounding emails. If something seems suspicious, verify it before clicking
Use strong, unique passwords for every account. Don’t rely on the same password across multiple sites—if one gets hacked, they all become vulnerable.
Regularly update your security settings. Check your email provider’s security features and enable the strongest protections available.
Train your employees on cybersecurity best practices. If you run a business, make sure your team knows how to spot phishing emails, secure their devices, and respond to security threats. One careless click can put the entire organisation at risk.
Stay Vigilant & Stay Secure
Getting your email hacked is a stressful experience, but by taking immediate action, you can limit the damage and protect yourself from future attacks. The key is acting fast, securing your accounts, and learning from the experience to build stronger defences.
If you want to strengthen your business’s email security and prevent cyber threats before they happen, Southeast IT is here to help. Get in touch today to learn how we can keep your data—and your business—safe.
How to Recover & Prevent Future Attacks
A compromised email account can be disastrous, but strategic action can mitigate risk.
Update your credentials, audit account activity, and remove unauthorised access.
Secure linked accounts, warn contacts, and implement strong cybersecurity measures like MFA.
Looking for expert protection? Southeast IT offers tailored security solutions.
or find out more click here for an enquiry today.
