5 Steps To Fixing Your Hacked Email Account

How to regain control (and security) of your hacked email account.

Are you thinking your email account has been hacked?

Perhaps some of your contacts are complaining that you are sending emails with spammy links. Maybe you keep getting logged out of your account with a message that you are logged in on another computer. These are some things that I have had happen to several people I know recently.

You use your email for a lot of other important accounts.

You may use it to log into your bank account. You use it to create almost any social media account like Facebook, Twitter, or YouTube. Once someone gets control of your email address, they can find out what accounts it is used for and then request new passwords for them. Worse, many people use the same password for many of their accounts. You also probably have a lot of personal information in those emails that could really mess up things for you. Your email account is important and needs to be secure.

How can you make sure no one has hacked your email account and it is safe?

Here are 5 steps to securing your email account after it’s been hacked.

Now, this will only work if you can still log into the account. If the password has been changed, your only hope is to contact the email service and get their help. If you can still log in, this should lock anyone that’s been in it out. This can also work for a hacked Facebook, Twitter or any online account.

Follow the steps in order. Also, do them fairly quickly and go through them all. Taking a few hour fir a  break in the middle of the process makes it possible for the hacker to get back in, even though it would be unlikely to happen. The whole process could be done in just a few minutes (for each account) but is probably going to take much longer than that since few people are familiar enough with the account sections in their email. You’re going to have to struggle with finding some of the sections as each email service is different. If it takes you a long time to come up with passwords, get a couple ready before you start (read through first though).

[mc src="http://www.youtube.com/watch?v=nf2zA00Qhto" type="youtube"]5 Steps To Fix A Hacked Email Account[/mc]

1. Change your password.

Kind of obvious. For this password change, you don’t need a super good password. Just something that someone who has been reading all your email for a few weeks in not going to guess real quick. Just a quick easy password. Make sure you will remember it for then next few minutes too. :) It won’t do us much good to be locked out of our own email. This password change is just to lock the hacker out while we close some of the other holes.

2. Check for any forwarding email addresses.

Google's Email Forwarding

Gmail Email Forwarding

With a forwarding address, any email coming in to your email is copied and automatically sent to another email address. There is no notification like a normal sent email. Hotmail and Gmail allow free email forwarding. Forwarding addresses are part of Yahoo’s premium email so if you don’t use the premium service (pay for it) it’s unlikely that there will be one. Check anyways. If there is a forwarding address (and it is not one of your email addresses that is secure) make sure you delete it and change the password again.

3. Change the security questions and answers.The Google Account Security Question

These are those questions like “What is your mother’s maiden name?” or “What city were you born in?” You need to change the questions and give a nonsense answer to them. A hacker could easily have check or changed them to make regaining access to your account easy. The answer should not able a realistic answer for the question. Write down your answers as they won’t be easy to remember when you have answered several with wrong answers. You don’t want someone who has had access to your email to be able to guess the answers. They already may know a lot about you.

4. Check the backup email address.

The Google account backup email address

Check the backup address

Very likely, you needed to have an email address to create this one. Maybe you still use it and maybe you don’t but it is probably still there. It may be the way they got the password this time. Make sure that the backup email is still secure and controlled by you. It would be easy for a hacker to substitute an email he controls in place of yours so he could request a new password sent to it.

5. Finally, change to a really good strong password.

Your password should be at least 12 characters, use upper and lower case, numbers, and punctuation or other none standard character. Write it down if you need to but keep it in a safe place. A good idea for a password is to take the first letter of each word in a few sentences from your favorite book. Keep or add some capital letters, punctuation and the page number and you have a strong password that should be very difficult to crack and still be easy to remember. Whatever you do, make sure it is strong (in away, you are securing your bank account).

Now your email account is secure!

Avoid logging into your account on public computers or on unsecured wi-fi networks. Try to always use the https address ( https://mail.google.com instead of http://mail.google.com ). Never use your email password on other accounts.

Those are the 5 steps to fixing your hacked email, but you are not done yet. :(

You need to go through this with any account that you used your email address to create. Remember the hacker could have gotten those password using your email address.

Lastly, you need to consider how your email password was compromised.

Maybe you were tricked into using your password on a phishing site (a site meant to look like another site to steal your log in credentials. Maybe it was sniffed at an unsecured wi-fi network.

The other possibility is malware on your computer. Email as well as other account passwords and information are one of the prime targets of malware. My suggestion is to use a malware removal too like Malwarebytes Antimalware or SuperAntiSpyware (aff). Both are excellent tools and have free versions. If I am certain a computer is infected, I will usually use both to check and clean it off (as well as a few other tricks I’ve picked up). These two programs do an excellent job at getting malware that has slipped by your normal anti-virus and disabled it. Follow it up by reinstalling your anti-virus software and running a full scan.

Email has become a major form of communication.

Recently, courts have ruled, giving email the same privacy protection as regular mail. An email address is used as an ID for many online accounts and services. Protect it with a good password and be careful whenever you sign in that you are really on the right page. Make sure your the computer you log in with is safe.

Hope this helps you keep your email safe! Please Tweet this post or Facebook like it if you can.

*With all the requests for information on passwords I have created a post The Ultimate Guide To Passwords. Check it out if you have questions about passwords.

About James Thoenes

James spends way too much time working with computers.


  1. This was very helpful thank you! One thing I didn’t see in the article was to check any online payment transactions that you have to make sure that the hacker is not using any accounts connected to your credit card.

    • James Thoenes says:

      @Rachel from credit card processing for small businesses: That would be a very good suggestion. This post was about email accounts though and not credit card accounts. Like I said, you need to change the passwords on any accounts the email address is used for and that would include any credit card accounts you have that use that email address.
      Be sure not to fall for any phishing attempts to get you log into a credit card account from your email too.

  2. Hi James! Thank you for this awesome guide! One of my emails might have been hacked recently. I’m not sure, but someone hacked the Facebook account that was registered on this email, and I thought that my email was in trouble, too. The only thing to do that occurred to me was to change the passwords, both at Facebook and at Gmail. I chose 2 different passwords and I have had no troubles since then. But after reading your article I got a little frightened. I think I’ll check my email for forwarding and backup settings.

  3. Hacking has become so common that these tips should be used bible talks…… a must implement stuff……
    I need to know more about FACEBOOK hacking………. My facebook account has been hacked many a times and have put me in terrible mess…..
    Please give some tips how to keep my FB account safe…????

  4. Most hackers are able to hack accounts either via using malware or brute force hacking.

    Malware = opening attachments of emails without scanning or checking. As such, it is a golden rule to not open attachments unnecessary, even if from known sources. Check with your friends if they really did send the attachment before opening it.

    Brute Force hacking = real waste of time and efforts by hackers. Most of them wont do it, unless they know you very well (aka they know what sort of passwords you will use). Meaning, your password is too easily guessed or you have post it online somewhere for people to read.

    For banking accounts, to be honest, work with your bank closely. The moment you suspect any problems, SUSPEND the account immediately! Its not a joke when you are dealing with your money. Inform your bank whenever you receive any “verifications” of banking accounts – which is IMPOSSIBLE as all banks usually do NOT do online checking via emails.

    Hope these two cents of information help.

  5. What safety measure should i take for i am using netbanking for all my transactions as well as bill payment… Please guide with some safety points…..

    • James Thoenes says:

      @Sam Rickkets from Professional locksmith Sacramento: First, your operating system and programs updated. Have a good anti-virus program and keep it updated and do full scans at least monthly or better yet weekly. Never follow a link in an email to an account. Make sure the address in your browser starts with https and not just http when you log in.
      Follow those steps and you are fairly safe banking online. You may want to do those scans before you do your banking and it does not hurt to use a malware removal program like SuperAntiSpyware in addition to your normal anti-virus.

  6. With so many ID thefts taking place and hackers prowling to get a chance, it is really a big concern. I’ve read a couple of other articles too on how to take measures so that hackers do not reach our accounts but this article definitely have more valid points which I found very helpful. Thanks for posting such an important article.

  7. Thanks for all the great tips. A lot of people have multiple emails, and this could heighten the risk of losing track of them and having one or even more hacked. Also, the reason for more than one email is usually because you have personal emails and business emails. This makes the idea of someone hacking into your email accounts even more scary! I’d suggest having different passwords for each email instead of having the same one. Once a hacker gets a hold of one, they can easily hack everything else.

  8. This is a great help. I had never thought of looking into the forwarding email address before. A few days ago I could not log into my email account because it said I’m logged in on a different computer. I was surprised and decided to change my password. I would install a malware removal tool right away. Would it be wise to change my passwords frequently?

  9. Well Jonathan, I don’t feel that changing your password frequently would help much. In fact there would be better chances of your forgetting your password. Yes installing a malware removal tool is a good thing to do. It would help you a lot. I have had a good experience with it, so you may give it a try for sure.

  10. My password never got hacked till now, but I am curious to know about securing it. I am glad to know about the forwarding email address because I didn’t know that it could be a tool of hacking. My password is already quite long and I use symbols like “@” which make it more complex. It is a very good tip to check the backup address. These two things were new to me and I thank you for sharing them here.

  11. I agree with James, we really need some tips on passwords. Will it be wise to choose one password and then shuffle it to have a new one for another account? I know there would be a risk of forgetting it, but if one manage to remember, then? And what is the recommended length of a secured password? Thank you.

    • James Thoenes says:

      @Dominic Faith from yacht storage: Make your passwords as long as possible. The longer it is the more difficult it is to crack (not impossible but more difficult). You should do your best to have separate passwords for each use. Otherwise, if one is compromised, all the places that use that password are compromised.

  12. Yes! This just happened to my best friend. Thanks for the advice and I’ll send her your site so she can fix the bug. Would you suggest that she make a new email address?

  13. It is so difficult to get back your hacked account. I can say this because the same thing had happened to me. My account was being hacked. And the worst part was that I had kept the same password for all my accounts. Ohh God, it was a big loss for me because I had all my passwords and my credit card number stored in my drafts folder. My status was like “I am dead now. Everything is finished.” Then I had to rush everywhere just to lock my credit card, my bank accounts. All my email accounts got hacked just cannot tell you guys what I went through. I just want to say please never keep the same password for all your accounts. What happened with me should not happen to you.

  14. Allan,
    Your story has really scared me. Same like you even I had a bad habit of having the same password for all my accounts. Your story has really thought me a lesson. The moment I read your story I quickly changed all my passwords because even I have a lot of confidential information stored in my email accounts. Thanks for sharing your experience with us. It is so important to have very good and strong passwords so that your account does not get hacked.

  15. Forget about me using the same passwords. U all will be surprised to hear that I am a kind of person who can never remember my own passwords. I am a businessmen and I have a lot of accounts to handle on daily basis. So I have to use passwords that are a little similar to each other. I have noted them on my laptop. And now after reading your blog I am a bit scared, what to do so that I don’t get my accounts hacked. Please suggest..?? Should I change all my passwords or should I keep the same ones?

    • James Thoenes says:

      @Nicholas from Hardwood floor: I used to do something similar to you with passwords but I do not think it is a safe method any more. Especially for those who run a business as they are likely to be singled out as targets (called spearphishing). The only real safe solution is long, complex, random passwords that are different for each account.
      I use a program called KeePass (which is completely free) to generate those passwords and save them. Then you only need to remember one password (to KeePass) to bring up the others. You can check keepass.info for it.
      As to changing the passwords you are using now, that is a judgement you need to make for yourself. I know I need to change a few. Changing the password all the time just to change it does not really help. However, if you suspect an account may be compromised and that password is the same (or fairly similar) to passwords you use elsewhere, I would not feel safe until they were changed.
      I do know someone who changed his Facebook password monthly and still saw the account hacked. I’d hate to have any passwords remotely similar to my Facebook password – Facebook security is about as bad as it gets and they don’t seem to do a good job at notifying users there is a problem either.

  16. After reading this I really feel that I´ve had no clue how important it is to protect your email. I have job to do, thanks for a good post!

  17. James, I have changed all my passwords for all the account. And also there is an application called Last Pass wherein I have confidentially saved all my passwords. It is a nice application. I think even you should try. For businessmen who have a lot of confidential data stored online, for them it is a big deal to lose their passwords but for students and other people who do not deal much on the internet for them they can still manage to open a new account. All the tips that you have shared above, I have also implemented those tips on my account. Hope now I am far away from the hackers.

  18. Hey I completely agree with all your tips that will help me get back my hacked e-mail account. But I just want to know one thing what if I don’t even remember the personal questions that I answered. And is it OK if I make only 2 or 3 changes from the above mentioned ones because I hardly remember any of the above settings that I made in my account and that too I have made these settings long back. Please can you suggest something else apart from this??

    • James Thoenes says:

      @Emily Fernandes from live baseball streaming: If you really want to be sure your email is safe (and any accounts you use it for) you need to be pretty thorough. It’s like finding out someone has broken into your house and now has a key. It won’t do much good to change the lock if you don’t change all the locks the old key may work in.
      I suggest keeping a note somewhere on the personal questions if your concerned about forgetting them. Just don’t keep those notes by your computer but somewhere else safe.

  19. One of my friends is a computer freak. Once my e-mail account was been hacked. So my friend was the one who got me my account back. He said one of the reasons may be that I don’t generally clear cookies and so there are full chances of my e-mail account being hacked. He taught me how to clear the cookies. Now after short intervals I ensure that I clear all the cookies because there are some cookies that contain our email id and passwords of our accounts. So if we want to save our accounts then we need to clear these cookies.

  20. Yes, it is scary to hear that our e-mail account is being hacked. The word ‘hacked’ itself sounds like a plane hijack. I took a precaution step well in advance because I did not want my account to get hacked. I have changed all the settings in my account starting from the password to the personal questions it asks. And lol! This time my password so strong that nobody can hack it. It will be a challenging task for the hackers if they think about hacking my account.

  21. All the above mentioned tips are the prevention steps that need to be taken before your account gets hacked. But then what about those accounts that are already hacked. Because one of my e-mail accounts is already been hacked and I am trying hard to get it back but I am unable to do so. Tried contact the e-mail account company but I could not so I am searching for some other solutions. Please suggest!

  22. I realized my email id has been hacked when I saw a number of sent emails and other weird things. I am glad I could log in. I did change my password but things continued. I guess they had done something so that even if I change the password they would come to know of the new one. Finally i left using that id and created a new one.

  23. Luke, it is so boring to open a new account as it is so long and a very time consuming process. Starting from the scratch is all the more boring. For those who have nothing confidential stored in their account, they can easily switch on to a new account but for businessmen it is very hectic to go through the long process. I am thinking to change all my passwords before it is been hacked. I don’t really know how to change the security questions and answers. I have never heard about anything called as Backup Email Address.

  24. Hi guys! I think it’s a mandate for all of us to change our passwords and keep strong passwords that cannot be hacked easily. Also it’s important to have different passwords to all your e-mail accounts because when we keep one password for most of our accounts then there is a possibility that if one account gets hacked then the others can also be hacked. So it’s better to be safe with all different and strong passwords.

  25. After your account is been hacked and if you still can log in to it then it’s an opportunity for you to still save your account being hacked completely. All you need to do is check you outbox for the spam messages and e-mails forwarded and the other thing is that you change your password immediately and have a strong password where your new password is not similar to the old one. Change all the settings you previously had on your account.

  26. I think there are very rare cases where you find that you can actually enter or login into your email account. Because the one who hacks the email account will always block the other person from accessing his own account. I just want to know if there is any other solution to it as it is very difficult to get back your lost account. Please help

  27. Fixing your hacked e-mail account is not at all a tough job these days. After gaining back your hacked email account try to have a strong password which is in an alpha-numeric order. Change all your account settings and also after you are done with the processes just ensure that you delete all the cookies from your computer as some of the cookies contain your user name and password in it.

  28. James Thoenes says:

    For those needing help with getting good passwords, I’ve added a link at the bottom of this post to The Ultimate Guide To Passwords.
    A good place to start to help prevent someone from hacking you email.

  29. Hey it’s an amazing blog. I got to learn a lot from you. My account had some forwarded emails in my Sent items. I was so shocked to see all of the spam messages. First I thought that it must surely be my brother who must have done this. When I asked him he said “NO”. Then my IT professor told me that there are possibilities that my account might get hacked. So he made some changes and finally I could save my account from being hacked.

  30. There are some companies who have made some software’s which automatically hack your account once you login. These companies then earn money by just unhacking your account. They implement the same process on everybody’s account. I think it’s better to protect our e-mail accounts by following the steps that are mentioned above. Great tips! Thanks for uploading such important information and making everybody aware of it.

  31. I have changed all my passwords and this time they are very strong. But I have the habit of forgetting passwords so I have kept the new strong password for all my accounts. I have heard about Last Pass as a safe password saving application but I am unable to use it as the settings are a little confusing.

  32. The main reason behind your accounts being hacked is your password. The length of your password may be short. Ensure that you have long and strong passwords. As soon as you come to know that your password is being hacked contact your service provider immediately. if you are able to open your account just check the outbox for the emails forwarded and inform your service provider ASAP. They will get you a solution out soon.

  33. Luke Audrey@ersonalized shirts says:

    My account is hacked. I am trying hard to get it back big time. But the service providers seem to be of no help to me as they say that they are not able to un-hack my account since there is something strange happening. I am frustrated now as I don’t have any other option left. Please help if you know some other way out!

  34. Hacking an account is become quite common as these hackers are the ones which operate the computers and prepare software’s. Have a strong password is a mandate. It’s better to opt for a password which is of an alpha numeric format. This will help you against the hackers getting your password hacked. Change all the settings as soon as you get an access to your account.

  35. Install the Hyper Text Transfer Protocol Secure (https) in your computer. This will prevent all your accounts from getting hacked. As of now if your account is hacked and if you still are able to open it then ensure that you send all the forwarded e-mails from your outbox to the customer service centers so that the computer from which this process is done can be traced soon to avoid further misuse of confidential data.

  36. Back up e-mail address is something I have heard for the first time. But yes I will surely check it as I am unable to get access to my account through the other ways. Also my password was very easy and anyone could hack it easily. I doubt it must be my brother this time to hack my account as he is aware about everything related to the internet and computer.

  37. Yes of course, it is very important that you update your computer whenever there are pop-outs on your PC. The processing speed of your computer increases the moment you install all the updates on your PC. Also updates provide you with more ad-ons to your software are which will help you ease at work and also your work gets completed on time.

  38. In my experience one of the biggest problems people had in the past was number 3 on your list. I have known some people in the past to have checked the security question then ask the person and they would give the answer up without any thought. I think more people are becoming smart about their online security but probably not enough.

  39. I would rather suggest everyone to leave the account if you did not store any of your confidential data in it. It’s just waste of time because no matter how hard you try you will still find it very difficult to get your account back. I have experienced this myself and so would recommend you not to get involved in this matter. For those who want access over it should talk to the company manager directly as the executive over the phone would not be of help.

  40. Thanks for the tips, but maybe the best solution to this is prevention. More security. That is why I avoid checking my email on other people’s computers and I scan my computer for viruses weekly. Also changing our passwords every now and then will surely keep it safe from getting hacked.

  41. At times it’s of worthless putting in so much efforts to gain access to your account because no matter how hard you try you still will not be able to recover your lost e-mail account. Ensuring that you have a back up of all your account data on your computer will help you to gain access to your data. Installing HTTPS and also by keeping a new and a strong password will protect your account from being hacked in the future.

  42. First check whether you have not committed a mistake while logging into your account. Try accessing your account by using some other browsers. Check whether you have entered the correct password. If it still does not open then it’s better to contact the specific company’s officer and talk to him about the issue you are facing.

  43. At times even the Internet Service Providers would not help you out with the matter. I have experienced it myself. Even after requesting them hundreds and thousands of times I still have no staff member of the service provider who would help me out to fix my hacked e-mail account. Finally after requesting so many times I had to change my service provider. I still do not have access to my previous account.

  44. These are great steps, I just saw an actress on Twitter write that her Facebook had been hacked again, I wonder if she could safeguard herself using these tips.

  45. OH, I have not thought of checking the back up email address! I can’t imagine how mortified I would be if I had changed my information/password and the back up email was sent back to the hacker.

  46. How often would you recommend changing your password? And would you recommend changing the questions as well?

  47. how if it’s on facebook? coz.. gosh! it stressed me out :(

  48. Change all your account settings and also after you are done with the processes just ensure that you delete all the cookies from your computer as some of the cookies contain your user name and password in it.I appreciate with the ideas and suggestion provided in the post.