We invite you to do a little exercise:  open your email and take a look at everything that you keep on it, both sent and received conversations, on both personal and company accounts. Scan all of them, every attachment you ever sent or received, every personal and work conversation, every email draft. We keep it all there, in only one place: photos, contracts, invoices, tax forms, reset passwords for every other account, sometimes even passwords or credit card PINs. Plus: our emails are interconnected to all our other digital accounts, from bank accounts to social networks (LinkedIn, Twitter, Facebook, etc), cloud services (Google Drive, iCloud, Dropbox), online shops (Amazon, for example, where you most likely saved your credit card details as well) and so on. By simply breaching the email, a malicious hacker can easily get access to all these – do you really (still) think that a hacked email account would not represent a serious problem? 

interconnectivity - hacked email account dangers

Source 

Hackers don’t just want your money. They want all the details they can possibly get, no matter if you’re the CEO of a top company, a celebrity or just someone with “nothing valuable” on their emails. Your data can be used to make financial operations in your name. Cybercriminals can use your credit card details, open bank accounts, take out loans, ruin your credit card’s rating and many others – not to mention that the hacked email account is a company one, we’re already talking about a data breach, whose consequences usually are revenue loss, time loss, brand damage and legal actions. 

Hacked email account – what’s in it for the cyberattackers 

Contracts

Contracts almost always contain confidential information that you wouldn’t want anyone else to see – especially malicious hackers! Remember the Sony Pictures Entertainment hack, from a few years ago? A hacker group leaked personal information about the company, their employees, their families, their emails, executive salaries, copies of (then unreleased) movies and many others, including emails of its co-chairman, Amy Pascal. It was a very expensive hack, costing the company more than $100 million.

Personal conversations

Ryan Holiday went through such a scandal, back in 2008. While he was the Marketing Manager of American Apparel, a former IT employee leaked the personal conversations between him and the CFO. The media outlets span them in order to appear as if the company was facing bankruptcy.

Photos – especially nude photos

It’s only been two years since the Fappening, when hundreds of nude photos, mostly with women, were leaked. Various celebrities were affected by this scandal, including Jennifer Lawrence, Kate Upton, Kirsten Dunst and many others. The attacker used a simple phishing technique in order to gain access to victims’ accounts: he sent them emails that appeared to look like they came from Google or Apple, warning them that their accounts might be compromised. He asked them for their passwords and that’s how he managed to get into their emails and iCloud backups.

 Invoices, scanned IDs, insurances

Invoices usually contain many sensitive details about the recipient: name, phone, addresses. All these can be used by malicious hackers for identity theft.

 Passwords, credit card pins or bank account information

This one’s easy: if you’re storing your passwords on your email, in case your email gets breached, so do all your other accounts. For safety reasons, you could either write them by hand and store them in a secure place, where only you have access, or you could use a password management software to keep them encrypted for you. You can find more tips on how to manage your passwords here

“Reset your password” emails

“Reset your password” emails are another treasure that cybercriminals can find in a hacked email account. They’ll be able to see what other accounts you have, reset your passwords and take over those as well. It’s not hard for them to find them, but you could make their job harder by deleting all the emails you get from those accounts.

Travel itinerary and calendar

These are gold for thieves or scammers. Just think about it: they know precisely when you’re gonna leave home, when you will be on a plane (and most likely without network coverage), when you’ll be in a meeting, and when you’ll return back home – you could even end up with your house broken into.  If you’re preparing to travel, here are some tips on how to how to have a cyber safe holiday.

Tax forms

Tax forms contain a crazy amount of information about us, that can be used by identity theft criminals. If you emailed them in the past, search for them and delete them. 

Order confirmations from online shops

Such emails contain all the order details, from what you bought, to the delivery address, date, phone number and method of payment. From here, a cyber crook can also access your online shop profile and see your saved credit card details. Remember to delete all transactional emails after you received the orders. Also, do not save your credit card details on any shopping website. Instead, fill them in every time you want to buy something. Moreover, don’t save any credit card details or delivery addresses on your profiles – not on Google storage, not on Amazon, not on Dropbox, nowhere.

Your contacts

It’s not only your contact information that would be compromised in case of a hacked email account, but also all of your contacts. They are also valuable to cyber attackers, as they can use them for identity theft as well or to sell them on the dark web to spammers. 

Hacked email account – how do you know it happened?

You have probably understood by now how valuable your email accounts could be for a malicious actor. If you’re wondering how could you tell that your account has been compromised, have a look at the tell-tale signs below: 

You’re told that your password is incorrect 

If you’re told that your password is wrong, it has probably been changed by a malicious player. 

You notice strange emails in the Sent folder 

Not all hackers’ goal is to completely lock you out of your email account. They might just want to be able to access it whenever it suits them, to send spam or just to collect information. If your contacts complain that they have received abnormal emails from you, you might deal with a hacked email account. 

You receive unexpected password reset emails 

Unexpected password reset emails are a clear sign of someone messing up with one of your email accounts. This kind of emails is usually sent to secondary email addresses, just like the ones which confirm a password modification. 

You notice unusual IP addresses, devices or browsers 

Many email services allow you to check your login activity and the locations where your accounts have been accessed from. If you notice unknown IP addresses, devices or browsers, most probably someone is trying to take over your account. 

Hacked email account – what now? 

Change your password 

If you suspect someone is tampering with your account, the first security step is to change the password. If that is not possible, try the recovery process. If that fails too, don’t hesitate to contact your email provider’s customer service as soon as possible. 

Add two-factor authentication 

This is the second most important step you should take. Activate two-factor authentication (also called multiple-factor verification) everywhere you can. Almost all major companies offer this option and some even impose it by default. From bank accounts to email providers, big social networks, cloud services and so on, you should keep it enabled everywhere it’s available. It works as an extra protection layer, besides passwords. The second factor usually consists of a unique passcode that’s time-sensitive and you can only receive it through your mobile phone or some other physical object that you have. You can see how this can be an impediment for malicious hackers, lowering their chances to succeed. Even if they somehow manage to find out your passwords, they’ll only be able to access your account if they also get past this second security layer.

Double-check account recovery information 

If you manage to regain access to your account, don’t relax just yet – check all your account recovery information. If you don’t recognize the phone numbers and email addresses listed there, change them immediately. 

Check account forwarding and auto-replies

Cybercriminals might use auto-forwarding to get copies of the emails you receive and auto-replies to automatically send spam to your contacts. Make sure you check these sections after you get access to your account again. 

Check if other accounts were affected 

We use emails to secure other accounts, so you have to make sure that nothing else was compromised. Make sure you can log in and consider changing the other accounts’ passwords anyway.  If you can’t access the accounts you use the hacked email account for, try to reset their passwords immediately or contact customer service. 

Alert friends and family 

If you’re dealing with a hacked email account, it is recommended to alert your friends and family that they might receive spam emails or that someone might try to steal information from them too. Advice your contacts to be on the lookout for suspicious emails or even phone calls and give them a safe email address where they can reach you. 

Clean up your device 

After recovering your hacked email account, make sure that you run an antivirus scan to check for any type of malware. Make sure that your browsers and applications are up to date and, if you do not have backups already, now would be the perfect moment to start compiling them. 

Heimdal Official Logo

Simple Antivirus protection is no longer enough.

Thor Premium Enterprise

is the multi-layered Endpoint Detection and Response (EDR) approach
to organizational defense.
  • Next-gen Antivirus which stops known threats;
  • DNS traffic filter which stops unknown threats;
  • Automatic patches for your software and apps with no interruptions;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today Offer valid only for companies.

Hacked email account – but what if it’s a business email account? 

A business email compromise (BEC) is also called a Man-in-the-middle attack and it can have much more unpleasant consequences than the hacking of a personal email account. If you notice something unusual with your business email account, try taking the following steps to avoid spreading phishing schemes or even malware to other employees of the company: 

Lock down your accounts 

As in the case of a personal hacked email account, it’s important to check all other accounts and information linked to the compromised one and cut off the access to them. Notify the bank or other financial institutions you work with about the breach and check the settings of the company’s social media accounts.   Don’t forget to make sure that your email account has strong security questions and two-factor authentication. 

Notify necessary parties

If your business email account gets hacked, it’s important to notify your business associates that might work with sensitive information. If the email is linked to a subscriber list, consider writing a social media post and a paragraph on your website to explain the situation to your followers and apologize. 

Prepare to contact Customer Service 

If you cannot recover your account by hitting the “forgot password” button, you might have to talk to your company’s IT department. Another option to get control over your email account is to contact the Customer Service of your email provider. 

Clean up your system and email 

After regaining your email account, it is recommended to check your system for any suspicious software or files that might have led to the attack in the first place. If you have been the victim of a phishing attack, you might have malware in your system, so you might even need to restore the computer or reinstall the OS. 

Hacked email account – prevention strategies 

Set strong and unique passwords

This should be the first and foremost step taken. The two main characteristics of a good password are its strength and uniqueness. A strong password should be long enough (go for at least 14 characters), include upper and lower cases, numbers and symbols. Don’t use your name or nickname, your birth date or birthplace, nor the birth date, birthplace or name of any of your family members or friends (pets included as well). Also, stay away from any variation of the word “password” or common passwords such as “qwerty”, “0000”, “1111”, “12345”. Here’s a longer list of bad passwords. “Unique” means that you shouldn’t reuse your passwords on any other accounts. Don’t set the same password for Facebook, Twitter, email, cloud storage and so on. Otherwise, in case one of those services gets hacked, all the rest of your accounts will be vulnerable. Learn from the recent mega data breaches that affected hundreds of millions of users. Databases with passwords from LinkedIn, MySpace and Tumblr accounts led to many more breaches. Celebrities were just as affected: Mark Zuckerberg’s Twitter and Facebook profiles were hacked because he was using the same (extremely weak) password he had on LinkedIn. Katy Perry and Drake weren’t spared either. If you can’t keep track of all your passwords by memory, you can make your life easier by using a password management software. It will keep all your passwords encrypted and warn you if you try to set a password that’s neither strong nor unique. This way you’ll only have to remember the master password, the one that you use for the software. Here are more tips on managing your passwords

Activate two-factor authentication

As we’ve previously mentioned, two-factor authentication is one of the most effective security measures. It is secure and it will not take a lot of time to get through it – you won’t need to authenticate yourself every time you open your browser or mobile app and want to check your account. You can save the devices and browsers you use most often, and you’ll only be prompted to insert the second-authentication factor if you want to log in from a new device. Here’s how and why you should activate two-factor authentication.

Set a lock code to your devices

It is a bit surprising how many people leave their devices unprotected by not setting an automated lock. We can’t always guard our laptop, mobile phone or tablet and make sure that nobody else accesses them. A lock code is one of the easiest ways to keep intruders away. Here are more tips on how to keep your mobile phone secure

Install security software

Install security software on all your devices. It is recommended to have:  A strong, reliable antivirus You could try our very own Thor Premium. Its modules DarkLayer Guard and VectorN Detection will help you prevent data leaks and ransomware and spot hidden threats, and its powerful firewall will prevent incoming attacks and even let you isolate a device when necessary. Thor Premium offers local & real-time scanning and continuous monitoring of processes and changes through heuristic, behaviour engines.  An email security solution If you want more than a simple spam filter for your email, MailSentry Fraud Prevention is the perfect choice for you – with over 120 detection vectors, it can help you prevent business email compromise and discover imposter threats and advanced malware emails. Moreover, a team of experts would be there for you 24 hours / 7 days a week, to analyze possibly dangerous isolated emails in order to avoid false positives. 

Heimdal Official Logo
 

Email communications are the first entry point into an organization’s systems.

MailSentry

is the next-level mail protection system which secures all your
incoming and outgoing comunications
  • Deep content scanning for attachments and links;
  • Phishing, spear phishing and man-in-the-email attacks;
  • Advanced spam filters which protect against sophisticated attacks;
  • Fraud prevention system against Business Email Compromise (BEC);
Offer valid only for companies.

Learn how to detect and prevent phishing attacks

Phishing isn’t a new technique, but it’s still an efficient one: 23% of email recipients open phishing messages, and 11% click on attachments! Cybercriminals can use phishing attacks to withdraw money, steal your identity, open credit card accounts in your name and further trade all that information about you, so be careful with what emails and attachments you open or what links you click on.

Declutter & Backup

Stop keeping things that you don’t need anymore in your inbox. Delete all useless emails and backup everything else, every important email or attachment. Encrypt them and store them in a safe place (it can be a cloud storage or a separate hard disk). Here’s a simple guide to backup.

Hacked email account – wrapping up

Email accounts are important because nowadays everyone who’s on the Internet has at least one. Their cybersecurity is important because any detail about the owner, no matter how insignificant it may seem, has great value for a malicious actor and can be used for ill purposes.  Whatever method you choose for protecting your email accounts, please remember that Heimdal™ Security always has your back and that our team is here to help you protect your home and your company and to create a cybersecurity culture to the benefit of anyone who wants to learn more about it.  Drop a line below if you have any comments, questions or suggestions – we are all ears and can’t wait to hear your opinion!

  This article was written by Cristina Chipurici in August 2016 and updated by Elena Georgescu in November 2020.

Comments

what is amazon aws used for

I got the same problem, somebody stole my email data from my Cpanel. Now he is misusing my emails. I am much worried about it.

Hacked my gmail.

I’ll take note of your internet site as well as inspect once again here consistently.

WOW…Thanks so much for this info! Getting hacked is a very scary thing…believe me, I’ve been there

I just recently lost my job because my employer found incriminating evidence in my personal google/gmail/skype account, and used it against me to sign a “forced” voluntary resignation without pay or benefit. Almost two weeks after I left the company, I again noticed someone hacking into my google and skype accounts! They changed my passwords, security questions, changed recovery emails and deleted my mobile device connected to my account. I am now not able to access my skype account as it was deleted by them. We started tracing and gaining info and evidence of all the security activities and users/devices that accessed our accounts without authorization. Through tracing their IP, we gathered alot of evidence that it was infact my previous employer that hacked my google account. My country does not have any laws/act that protects us from cyber criminals, but i want to try and sue them for invasion of privacy. This article just highlights how much more they could have done on my account just through gaining access to my information

regards
Holgar

Some guy hacked my Email so I tracked down their IP

Good article bro, I’m so happy I found blog like yours. Really appreciate work you do for us, already applied sugesstion on my site.

Usually, I do not post comments on blogs, but I would like to say that this blog really forced me to do so! Thanks for a really nice read.

nice post maybe they want to access our bank details?

great post keep it up.

nice post

[url=http://result-prediction.com/]Today Match Toss Prediction[/url] on December 26, 2019 at 11:33 am

Thank you so much for this wonderful Post.This is an awesome post thank you for sharing this interesting post,

This is a really helpful post, very informative there is no doubt about it. Thanks for sharing this information with us. I really appreciate your work.

Thanks for providing the information with this post. The post is very nice! By the way, I want to share with you information about the best.
This is a great inspiring article. I am pretty much pleased with your good work. You put very helpful information.
I’m impressed with the info you provide in your articles. I must say am highly overwhelmed by your whole story. It’s not easy to get such quality information online nowadays. I look forward to staying here for a long time. Best Regards

I like Your Site

Thanks for sharing your thoughts and ideas on this one. Please keep posting about such articles as they really spread useful information. Thanks for this particular sharing. I hope it stays updated, take care.

grateful for your blog post. You will find a lot of approaches after visiting
your post. Great work.

Things New Couples Do on October 29, 2019 at 2:12 pm

This is a good,common sense article.Very helpful to one who is just finding the resouces about this part.It will certainly help educate me.

I’m glad to hear it helps. Stay safe!

This Article is Really Fantastic And Thanks For Sharing The Valuable Post.

Lots of good stuff here. Hackers are everywhere and relentless. They will never go away we’ll have to continue upgrading our security defenses.

Brother Printers UK on September 11, 2019 at 11:14 am

Thanks for sharing this post here.

Thanks for sharing this fantastic blog, really very informative. Your writing skill is very good, you must keep writing this type of blogs.

Very helpful blog. I

terrariaapkmod.com on May 30, 2019 at 8:57 am

thanks for sharing this information

i understad , wat can i do to recover my account , normanlewis73@gmai.com

I think – Cyber Security will be the power asset of the future. Because everything can be destroyed by hacking.

Great post..!! thanks for sharing with us..!! This article really helpful for non-tech users..! Regards & Thanks



Nice information, its very useful for us, thanks for sharing.

I want to get security, which one is better.

Now a days security is important for us.

Thank you for sharing such a great article. Keep sharing. It will help lot of peoples.

Security is necessary for all sector.

Without security we can’t secure our important document, so please activate the security to save our important data.

Hi.
I want to tell you that I’m visiting your site for a long time and yoou post
good info. I shared your latest article on twitter and got a
lot of good feedbacks.
Keep up the great work!

Aw, this was an exceptionally good post. Spending some time and actual effort to make a good article… but what can I say… I put things off a whole lot and never seem to get nearly anything done.

great article.. thank you for sharing such a informative post..

nice post.. thanks for sharing..

This article is very useful and informative. that great article

This article is very useful and informative. that great article

This article is very useful and informative. that great article

This article is very useful and informative. that great article

Great blog, its very useful information for us, thanks for sharing.

Great post, informative blog. You cover a good topic of this era.

I think This would be the best as i found the topic, What is the basic tick tacks for which we are going to hire new things I like that way that you are sharing…..

thanks for sharing this psot

thanks for sharing this psot

What A Great Informative Post. Thank you for sharing this with us. Keep posting And Helping Us.

What A Great Informative Post. Thank you for sharing this with us. Keep posting And Helping Us.

Thanks For Sharing, Nice Article Keep Sharing Check Out Our Website for Pogo games related problems

Nice and helpful information shared by this article with us and I hope that we will also get more new information regarding this post as soon as. This information is valuable for most of the users.

Nice and helpful information shared by this article with us and I hope that we will also get more new information regarding this post as soon as. This information is valuable for most of the users.

Great Post! Thanks For Sharing, Nice Article Keep Sharing Check Out Our Website for Pogo games related problems

I enjoy this website – its so useful and helpful.

Thank you for sharing with us, its really nice post, you can also visit below link and take benefits of our services

Nice Post!! Hey Guys, Are you facing problems in Microsoft Software or getting invalid key error while Using Microsoft? Take help of Microsoft Support Number. At here, we provide you online technical help for your Microsoft Software.so call toll free and get quick help.

Wow! Great information, its really useful post for me, thanks for sharing.

Amazing information, such a great post and I love it.

Great Post! I really love how it is easy on my eyes and the information are well written

Your blog is meaningful, I have read many other blogs, but your blog has hit me, I hope you will have more great blogs to share with readers.

hello!,I really like your writing very a lot! share we keep in tohch more about your post on AOL?
I need an expert on this house to resolve my problem.
Maybe that is you! Looking ahead to look you.

sharing very useful post! thanks for this.

Thanks for sharing this article about cyber email hacking , really helpful

Thanks for sharing such informative article

Thanks for sharing this information………keep posting

Great article…..good work…keep posting

Great Blog! Cyber Security is one of the topmost aspects in the digital world. Once your email gets hacked you lost your identity.

PhoneSupport Hub A Reliable and Leading IT Compnay provide support for small business and home users for any kind of computer network problem.

Very helpful blog. I find it very informative. Thanks for sharing

Great information. Lucky me I came across your blog by chance (StumbleUpon). I have saved it or later!

Wow! its really amazing information for me, thanks for sharing great post.

Without security we can’t secure our important document, so please activate the security to save our important data

Hacking is a bad process, we should protect our computer system.

Nice Blog, I really appreciated with you my friend keep posting I would like to see more blog. Have you any technical errors regarding emails problems and you need some help then contact to our experts technicians who available all time for help email users.

The security should be the main priority for everyone. We should keep the password so strong in which we can use alphanumeric characters and special characters also to sign up the email. We should not share the email id on the spammy websites.

Nice and helpful information shared by this article with us and I hope that we will also get more new information regarding this post as soon as. This information is valuable for most of the users.

Set the strongest password possible. Celebrities like Mark Zuckerberg, Katy Perry and Drake, along with scores of everyday folks, were hacked because they used weak passwords. You’d be surprised at how many folks use the same password for every account, despite repeated warnings. The biggest no-no is using the same password for multiple sites because if one site is hacked and your password is exposed for that site, your other accounts will then be vulnerable. Obviously, it’s hard to remember a bunch of strong (which means long and complex) and unique passwords.

Security is a need now a days. to secure your computer device is important for us.

Very helpful blog. I find it very informative. Thanks for sharing with us.

Great Post. Thanks for sharing very useful blog. All information is very helpful for us.

Thank you for sharing such a great article. Keep sharing. It will help lot of peoples.

There are certain things which are making the cybercriminals to hacked the emails inbox just because there is the personal conversation which is having it and the password which is the condition as many other things which will be risky to have it so for that it should be very attentive to save it.

There are some things that are making cybercriminals to hack email inbox because they have private conversations and passwords which are the status of many other things, which will be risky, for which it should be very careful to protect it.

There are certain things which are making the cybercriminals to hacked the emails inbox just because there is the personal conversation which is having it and the password which is the condition as many other things which will be risky to have it so for that it should be very attentive to save it.

I’m afraid this article has the same flaw as almost every other article on email security. It focuses on protecting the inbox, but fails to advise people that send email is completely unprotected when it leaves your computer.
This gives people a false sense of security. E.g. “I have two-factor authentication now, so it’s fine to send this spreadsheet attachment to by tax representative”.
The article would benefit from reminding people that sent email is completely unsecure unless it’s encrypted.

Hi Eddie, thank you for the feedback. Indeed, the article focuses on securing your email account, not necessarily protecting outbound communication. If you use encrypted solutions, we hope you checked out the recently disclosed PGP vulnerabilities 🙂

Thanks again for the input, have a great day!

Great article Cristina. Thank you for sharing the valuable information

heimdal security good post 🙂
This is a fact that we keep so valuable information in our inbox and thats why hackers want to hack it
but no has been able to hack gmail inbox except hamza
you can about hamza here btw
http://gadgetteacher.com/hamza-bendelladj-robin-hood/
so even when hackers want to hack, they cant hack google gmail for sure
hence we are safe

angad,

Hacking isn’t always exploiting flaws in code or finding back doors. Everyone is one click from being scammed, phished, or conned to reset/confirm our password. Then you are hacked!

“I don’t care about getting hacked, there’s nothing valuable in my email”
– I’m going to put this mantra of the unaware on my shop window.

I would query “If you have accounts on online shopping websites such as Amazon, try not to save your credit card details on them. Instead, fill them in every time you want to buy something.” – Surely this only applies if your email account has already been hacked? Gmail 2-factor authentication should prevent this occurring? Probably open to debate?

Thank you for your feedback, Andy!

While the second part of the article is up for debate, we’d still recommend yo don’t save your card details, because breaches can happen irrespective of personal efforts to keep data safe. And Amazon accounts are a favorite target for cyber criminals precisely because of the card details they include. Of course, it’s up to each and every one of us to choose the level of protection we want to adhere to.

Getting hacked is scary but it’s real. It can do a lot of damage to you especially if you work online. I am glad I am actually using the two-factor authentication with my email for quite some time now. It’s a bit tedious but it’s all worth it. Need to take some time to delete personal info in my inbox though as what the article suggested. Great read, very informative!

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP