article featured image


My email account has been hacked. How much trouble am I in?

Well, having your email account cracked could pose a serious problem given that your photos, contracts, invoices, tax forms, reset passwords for every other account, and sometimes even passwords or credit card PINs are all saved there. Plus: our emails are interconnected to all our other digital accounts, from bank accounts to social networks, cloud services, online shops, and so on. By simply breaching the email, a malicious hacker can easily get access to all these.

Hackers don’t just want your money. They want all the details they can possibly get, no matter if you’re the CEO of a top company, a celebrity, or just someone with “nothing valuable” on their emails. Your data can be used to make financial operations in your name. Cybercriminals can use your credit card details, open bank accounts, take out loans, or ruin your credit card’s rating – not to mention that if the hacked email account belongs to a company, we’re already talking about a data breach, which usually results in revenue loss, time loss, brand damage, and legal action.

Why Would Cybercriminals Want to Hack Your Email?

Email hacking has become a gold mine for cybercriminals constantly trying to gain access to our accounts and steal our sensitive information, given that we now link everything – from online banking and federal taxes to our confidential documents – with our emails. Here’s what they are usually looking for and why:

Contracts. Contracts almost always contain confidential information that you wouldn’t want anyone else to see – especially malicious hackers!

Personal conversations. We know you’re well aware that your email conversations don’t just consist of funny images, videos, and stories from your daily life but also discussions in which you handle important issues related to working with your partners or colleagues. That’s exactly what they’re looking for.

Photos – especially nudes. Remember the Fappening, when hundreds of nude photos, mostly with women, were leaked? Various celebrities were affected by this scandal, including Jennifer Lawrence, Kate Upton, Kirsten Dunst, and many others. The attacker used a simple phishing technique to gain access to victims’ accounts: he sent them emails that appeared to look like they came from Google or Apple, warning them that their accounts might be compromised. He asked them for their passwords and that’s how he managed to get into their emails and iCloud backups.

Invoices, scanned IDs, insurances. Invoices usually contain many sensitive details about the recipient: name, phone, addresses. All these can be used by malicious hackers for identity theft.

Passwords, credit card pins, or bank account information. If you’re storing your passwords on your email, in case your email gets hacked, so do all your other accounts. For safety reasons, you could either write them by hand and store them in a secure place, where only you have access, or you could use password management software to keep them encrypted for you. You can find more tips on how to manage your passwords here

“Reset your password” emails. This type of stored email is another treasure that cybercriminals can find in a hacked email account. They’ll be able to see what other accounts you have, reset your passwords, and take over those as well. You could make their job harder by deleting all the emails you get from those accounts.

Travel itinerary and calendar. These are gold for thieves or scammers. Just think about it: they know precisely when you’re gonna leave home, when you will be on a plane (and most likely without network coverage) when you’ll be in a meeting, and when you’ll return back home – you could even end up with your house broken into. 

Tax forms. Tax forms contain a crazy amount of information about us, that can be used by identity theft criminals. If you emailed them in the past, search for them and delete them. 

Order confirmations from online shops. Such emails contain all the order details, from what you bought, to the delivery address, date, phone number, and method of payment. From here, a cyber crook can also access your online shop profile and see your saved credit card details. Remember to delete all transactional emails after you received the orders. Also, do not save your credit card details on any shopping website. Instead, fill them in every time you want to buy something.

Your contacts. It’s not only your contact information that would be compromised in case of a hacked email account but also all of your contacts. They are also valuable to cyber attackers, as they can use them for identity theft as well or sell them on the dark web to spammers. 

How to Know if Your Email Account Has Been Hacked

You have probably understood by now how valuable your email accounts could be for a malicious actor. If you’re wondering how could you tell that your account has been compromised, have a look at the tell-tale signs below: 

  • You’re told that your password is incorrect 
  • You notice strange emails in the Sent folder 
  • You receive unexpected password reset emails 
  • You notice unusual IP addresses, devices, or browsers 

What Should Users Do if Their Email Account Is Cracked?

Because of the widespread usage of email and its ongoing development, cybercriminals will continue to be more and more tempted to target email users’ accounts. Here’s what you should do if your email account has been compromised.

Change your password

If you suspect someone is tampering with your account, the first security step is to change the password. If that is not possible, try the recovery process. If that fails too, don’t hesitate to contact your email provider’s customer service as soon as possible. 

Add two-factor authentication

This is the second most important step you should take. Activate two-factor authentication (also called multiple-factor verification) everywhere you can. Almost all major companies offer this option and some even impose it by default. From bank accounts to email providers, big social networks, cloud services, and so on, you should keep it enabled everywhere it’s available. It works as an extra protection layer, besides passwords. The second factor usually consists of a unique passcode that’s time-sensitive and you can only receive it through your mobile phone or some other physical object that you have. You can see how this can be an impediment for malicious hackers, lowering their chances of success. Even if they somehow manage to find out your passwords, they’ll only be able to access your account if they also get past this second security layer.

Double-check account recovery information

If you manage to regain access to your account, don’t relax just yet – check all your account recovery information. If you don’t recognize the phone numbers and email addresses listed there, change them immediately. 

Check account forwarding and auto-replies

Cybercriminals might use auto-forwarding to get copies of the emails you receive and auto-replies to automatically send spam to your contacts. Make sure you check these sections after you get access to your account again. 

Verify if other accounts were affected

We use emails to secure other accounts, so you have to make sure that nothing else was compromised. Make sure you can log in and consider changing the other accounts’ passwords anyway.  If you can’t access the accounts you use the hacked email account for, try to reset their passwords immediately or contact customer service. 

Alert friends and family

If you think your email account has been hacked, it is recommended to alert your friends and family that they might receive spam emails or that someone might try to steal information from them too. Advice your contacts to be on the lookout for suspicious emails or even phone calls and give them a safe email address where they can reach you. 

Clean up your device

After recovering your hacked email account, make sure that you run an antivirus scan to check for any type of malware. Make sure that your browsers and applications are up to date and, if you do not have backups already, now would be the perfect moment to start compiling them. 

But What if a Business Email Account Gets Hacked?

A Business Email Compromise (BEC) is also called a Man-in-the-middle attack and it can have much more unpleasant consequences than the hacking of a personal email account. If you notice something unusual with your business email account, try taking the following steps to avoid spreading phishing schemes or even malware to other employees of the company: 

Secure your accounts

As in the case of a personal cracked email account, it’s important to check all other accounts and information linked to the compromised one and cut off access to them. Notify the bank or other financial institutions you work with about the breach and check the settings of the company’s social media accounts.  Don’t forget to make sure that your email account has strong security questions and two-factor authentication. 

Notify necessary parties

If your business email account gets hacked, it’s important to notify your business associates that might work with sensitive information. If the email is linked to a subscriber list, consider writing a social media post and a paragraph on your website to explain the situation to your followers and apologize. 

Contact Customer Service

If you cannot recover your account by hitting the “forgot password” button, you might have to talk to your company’s IT department. Another option to get control over your email account is to contact the Customer Service of your email provider. 

Clean up your system and email

After regaining your email account, it is recommended to check your system for any suspicious software or files that might have led to the attack in the first place. If you have been the victim of a phishing attack, you might have malware in your system, so you might even need to restore the computer or reinstall the OS. 

How to Prevent Your Email from Being Hacked

Set strong and unique passwords

This should be the first and foremost step taken. The two main characteristics of a good password are its strength and uniqueness. A strong password should be long enough (go for at least 14 characters), including upper and lower cases, numbers, and symbols. Don’t use your name or nickname, your birth date or birthplace, nor the birth date, birthplace, or name of any of your family members or friends (pets included as well). Also, stay away from any variation of the word “password” or common passwords such as “qwerty”, “0000”, “1111”, “12345”. Here’s a longer list of bad passwords. Unique means that you shouldn’t reuse your passwords on any other accounts. Don’t set the same password for Facebook, Twitter, email, cloud storage, and so on. Otherwise, in case one of those services gets hacked, all the rest of your accounts will be vulnerable. If you can’t keep track of all your passwords by memory, you can make your life easier by using password management software. It will keep all your passwords encrypted and warn you if you try to set a password that’s neither strong nor unique. This way you’ll only have to remember the master password, the one that you use for the software. 

Activate two-factor authentication

As we’ve previously mentioned, two-factor authentication is one of the most effective security measures. It is secure and it will not take a lot of time to get through it – you won’t need to authenticate yourself every time you open your browser or mobile app and want to check your account. You can save the devices and browsers you use most often, and you’ll only be prompted to insert the second-authentication factor if you want to log in from a new device.

Set a lock code to your devices

It is a bit surprising how many people leave their devices unprotected by not setting an automated lock. We can’t always guard our laptop, mobile phone, or tablet and make sure that nobody else accesses them. A lock code is one of the easiest ways to keep intruders away.

Learn how to detect and prevent phishing attacks

Phishing isn’t a new technique, but it’s still an efficient one. Cybercriminals can use phishing attacks to withdraw money, steal your identity, open credit card accounts in your name, and further trade all that information about you, so be careful with what emails and attachments you open or what links you click on.

Declutter & Backup

Stop keeping things that you don’t need anymore in your inbox. Delete all useless emails and backup everything else, every important email or attachment. Encrypt them and store them in a safe place (it can be cloud storage or a separate hard disk).

How Can Heimdal Help?

Heimdal Security has developed two email security software aimed against both simple and sophisticated email threats (Heimdal Email Security, which detects and blocks malware, spam emails, malicious URLs, and phishing attacks and Heimdal Email Fraud Prevention, a revolutionary email protection system against employee impersonation, fraud attempts – and BEC, in general.

For example, you may want to consider Heimdal Security’s Heimdal Email Fraud Prevention, the ultimate email protection against financial email fraud, C-level executive impersonation, phishing, insider threat attacks, and complex email malware. How does it work? By using over 125 vectors of analysis and being fully supported by threat intelligence, it detects phraseology changes, performs IBAN/Account number scanning, identifies modified attachments, malicious links, and Man-in-the-Email attacks. Furthermore, it integrates with O365 and any mail filtering solutions and includes live monitoring and alerting 24/7 by our specialists.

Heimdal Official Logo
Email is the most common attack vector used as an entry point into an organization’s systems.

Heimdal® Email Security

Is the next-level email protection solution which secures all your incoming and outgoing comunications.
  • Completely secure your infrastructure against email-delivered threats;
  • Deep content scanning for malicious attachments and links;
  • Block Phishing and man-in-the-email attacks;
  • Complete email-based reporting for compliance & auditing requirements;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.


Email accounts are important because nowadays everyone who’s on the Internet has at least one. Their cybersecurity is important because any detail about the owner, no matter how insignificant it may seem, has great value for a malicious actor and can be used for ill purposes. Whatever method you choose for protecting your email accounts, please remember that Heimdal Security always has your back and that our team is here to help you protect your home and your company, and to create a cybersecurity culture for the benefit of anyone who wants to learn more about it. 

Drop a line below if you have any comments, questions, or suggestions – we are all ears and can’t wait to hear your opinion!

And follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Lat updated by Antonia Din.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.


Glad to come across this website. You have shared a very useful article on email security. I will recommend this website to my friends.

Thank you, James!

I got the same problem, somebody stole my email data from my Cpanel. Now he is misusing my emails. I am much worried about it.

WOW…Thanks so much for this info! Getting hacked is a very scary thing…believe me, I’ve been there

I just recently lost my job because my employer found incriminating evidence in my personal google/gmail/skype account, and used it against me to sign a “forced” voluntary resignation without pay or benefit. Almost two weeks after I left the company, I again noticed someone hacking into my google and skype accounts! They changed my passwords, security questions, changed recovery emails and deleted my mobile device connected to my account. I am now not able to access my skype account as it was deleted by them. We started tracing and gaining info and evidence of all the security activities and users/devices that accessed our accounts without authorization. Through tracing their IP, we gathered alot of evidence that it was infact my previous employer that hacked my google account. My country does not have any laws/act that protects us from cyber criminals, but i want to try and sue them for invasion of privacy. This article just highlights how much more they could have done on my account just through gaining access to my information


Usually, I do not post comments on blogs, but I would like to say that this blog really forced me to do so! Thanks for a really nice read.

nice post maybe they want to access our bank details?

Lots of good stuff here. Hackers are everywhere and relentless. They will never go away we’ll have to continue upgrading our security defenses.

I’m afraid this article has the same flaw as almost every other article on email security. It focuses on protecting the inbox, but fails to advise people that send email is completely unprotected when it leaves your computer.
This gives people a false sense of security. E.g. “I have two-factor authentication now, so it’s fine to send this spreadsheet attachment to by tax representative”.
The article would benefit from reminding people that sent email is completely unsecure unless it’s encrypted.

Hi Eddie, thank you for the feedback. Indeed, the article focuses on securing your email account, not necessarily protecting outbound communication. If you use encrypted solutions, we hope you checked out the recently disclosed PGP vulnerabilities 🙂

Thanks again for the input, have a great day!

heimdal security good post 🙂
This is a fact that we keep so valuable information in our inbox and thats why hackers want to hack it
but no has been able to hack gmail inbox except hamza
you can about hamza here btw
so even when hackers want to hack, they cant hack google gmail for sure
hence we are safe


Hacking isn’t always exploiting flaws in code or finding back doors. Everyone is one click from being scammed, phished, or conned to reset/confirm our password. Then you are hacked!

“I don’t care about getting hacked, there’s nothing valuable in my email”
– I’m going to put this mantra of the unaware on my shop window.

I would query “If you have accounts on online shopping websites such as Amazon, try not to save your credit card details on them. Instead, fill them in every time you want to buy something.” – Surely this only applies if your email account has already been hacked? Gmail 2-factor authentication should prevent this occurring? Probably open to debate?

Thank you for your feedback, Andy!

While the second part of the article is up for debate, we’d still recommend yo don’t save your card details, because breaches can happen irrespective of personal efforts to keep data safe. And Amazon accounts are a favorite target for cyber criminals precisely because of the card details they include. Of course, it’s up to each and every one of us to choose the level of protection we want to adhere to.

Florence Catherine on August 29, 2016 at 1:13 am

Getting hacked is scary but it’s real. It can do a lot of damage to you especially if you work online. I am glad I am actually using the two-factor authentication with my email for quite some time now. It’s a bit tedious but it’s all worth it. Need to take some time to delete personal info in my inbox though as what the article suggested. Great read, very informative!

Leave a Reply

Your email address will not be published. Required fields are marked *