How to recover from a hacked email account
The first sign that something’s wrong is almost always the same. Friends and business contacts complain that they’re receiving mail with advertisements from you. Dozens of notifications from mailer daemons accumulate in your inbox, claiming that your mail cannot be delivered. Either the addresses of the recipients were misspelled or they did not exist. Or, perhaps, you received a message from your mail provider saying that someone has changed your personal data.
Now your alarm bells should be ringing, as it’s possible that your mail account has been hacked. A Trojan virus that spied out the access data to your account and sent it to a criminal hacker via the Internet or a hardware keylogger on the USB port that records your keystrokes and mouse movements may be responsible.
Run a virus scan
the best antivirus overall
Norton 360 Deluxe
Read our reviewPrice When Reviewed:$49.99 for the first yearBest Prices Today:$19.99 at PCWorld Software Store | $49.99 at Norton
The first step should always be to scan the computer for viruses. To do this, run a deep scan or a complete scan of the hard disk with your antivirus software.
In Windows Defender, you can find the corresponding command by double-clicking on the Defender icon in the taskbar corner under “Virus and threat protection -‘ Scan options”. In the next window, select “Full scan” and then “Scan now”.
In addition, you should check the USB ports on your PC to see if the plugged in device is yours or not. Caution: Keyloggers are very small and inconspicuous and often look like plug-ins.
Stolen passwords from the Internet
If the virus scanner finds nothing and no keylogger is connected, your mail password has probably been hacked. In most cases, hackers resort to passwords that appear under your mail address in the Darknet. There are huge collections of addresses and passwords there that have been captured by criminals as a result of security leaks at companies or online services.
the best password manager
Dashlane
Read our reviewPrice When Reviewed:Free I Advanced: $2.75/mo I Premium: $4.99/mo I Friends & Family: $7.49/moBest Prices Today:$4.99 at Dashlane
Since many people use the same password to log in to online shops, streaming services, company websites, and even mail accounts, hackers also try out the combinations of mail address and password published on the Darknet with a whole range of popular mail services.
If you have been using the same password over and over again, you should change it as soon as possible, for all services and shops where you have used it. Define a different password each time to make such attacks impossible. Write down the passwords on a piece of paper or save them in the database of a great password manager.
Another possibility is that you’ve identified a weak and easy-to-guess password for your mail account, which the attackers can easily crack. Therefore, make sure that you only use strong passwords.
Have your access data been leaked?
To check whether your password has been leaked published on the Darknet, go to the website https://haveibeenpwned.com and enter your e-mail address. The site maintains a database with millions of entries from data thefts of the past years. If your access data appear there, it will show you the companies from which the hackers took the data. You should then change the passwords for these companies immediately. Alternatively, you can use fee-based tools such as Bitdefender Digital Identity Protection or F-Secure ID Protection , which regularly and automatically perform scans for your access data on the internet and inform you about new findings.
In the “Notify me” tab, you can also leave your email address at haveibeenpwned.com. If the address appears in a list of stolen access data in the future, you will automatically receive a mail notification. In the “Passwords” tab, you enter passwords for verification. The website shows you whether this password appears in the relevant lists. If it does, it is insecure, as hackers keep lists of such passwords and try them out on login masks automatically and in frantic succession.
Send a warning to friends and colleagues
When criminals crack a mail account, they usually do so in order to be able to send spam via a legitimate address. This is because all major mail providers today keep blacklists of mail addresses of known spammers in order to automatically sort out their mails.
Spammers therefore always need new sender addresses. Addresses that have existed for a long time have the advantage, as recipients trust the sender and read the message instead of deleting it immediately.
As soon as you discover an intrusion into your mail account, you should send a message to your friends, colleagues, and business partners, warning them of the possible spam.
You should also check your account settings, especially for online accounts. It’s important to see if the list of people who have access to your account has changed. You should also check for automatic mail forwarding, out of office notifications, blocked mail addresses, and newly set up remote access and filters for incoming messages.
Access denied: What to do?
To prevent the owner of a mail account from taking control of their account again after a successful hack, criminals sometimes change the password so that it is no longer possible to access the account settings. However, the major providers have taken precautions and show ways and means for a reset.
Google Gmail: If you can no longer access your messages, you will not be able to use the other services of the search engine giant. To log in again, call up the account recovery via this address. There you can identify yourself using your e-mail address or the telephone number you have stored.
Pixabay
On the following page, Google offers you several options for confirming your identity, ranging from a message to your smartphone or tablet to an alternative mail address or a confirmation in Google Authenticator or SMS. After clicking on “Try with another login option”, you also have the option of entering an older password.
If Google detects that you want to sign in from a new device or a different location, you may have to answer some questions. If you have requested a code, enter it now. You can then change your password.
Microsoft Outlook: Microsoft’s Outlook.com mail service is tied to your user account. If your password no longer works, you need to recover the account. To do this, you need a working mail address to which the company can send further information. This can be a secondary address of yours, but you can also enter the address of another person. You can find the account recovery form at https://account.live.com/acsr.
Microsoft will send you a code, which you enter on the website. You will then be asked to enter your personal data such as first and last name, date of birth, postcode of place of residence, and to answer a security question. The next step is to ask for older passwords and whether you use other Microsoft services or have subscriptions for Windows or Microsoft 365, for example.
In this case, the assistant wants to know your credit card details. As soon as you have entered all the information, you will receive a message that says your details are now being checked and will receive an answer within 24 hours. Microsoft also registers your location and the device from which the account recovery request comes. If you want to log in to a new location using a different device, this process becomes more complicated.
Twp-factor authentication: For security reasons, you should set up two-factor authentication on your account. A smartphone app such as Google’s Authenticator or Microsoft’s Authenticator is recommended as a second factor in addition to password entry.
What a secure password should look like
It consists of at least 16 characters.It contains upper and lower case letters, numbers and special characters.It is not in the dictionary.
The password generators of password managers are helpful for creating a secure combination of characters.
This article was translated from German to English and originally appeared on pcwelt.de.
Author: Roland Freist
Roland Freist bearbeitet als freier IT-Fachjournalist Themen rund um Windows, Anwendungen, Netzwerke, Security und Internet.
Recent stories by Roland Freist:
4 dangerous PC security exploits attacking right now (and how to fight them)10 must-know PC security tips that keep you safe onlineWhat is a zero day exploit? The most dangerous security attacks, explained