Your Reading List & recommendations

What to do if your email is hacked

If you’re hacked, cybercriminals may be able to access your data and cause real damage to your business. In this article, we explore what to do and how to respond quickly.

Unfortunately, email hacking happens all too often. If you are a victim, it helps to know what to do in order to minimise damage, recover your account and prevent it happening again. Cybersecurity experts McAfee have shared advice on the essential steps you should take1. We’ve shared their recommendations and added some additional considerations for small businesses.

Spotting an email hack

There are usually tell-tale signs that an email account has been hacked:

  • You might not be able to get into your email account because the hacker has changed your password and the personal details associated with your account.
  • You may be receiving emails from your colleagues or contacts asking if you sent a suspicious looking email.
  • Your device may work very slowly or unexpectedly, particularly if the hack has resulted in malware being placed onto it.
  • Your email provider might have reported a log-in to your account from an unrecognised device.

What to do after an email hack

1. Change the password

Immediately change the password for the hacked account so the hacker can’t access it again and do any further damage.

2. Recover your account

It’s possible that you cannot change your password because the hacker has locked you out of your account. In this case, read the instructions from your email provider or contact them directly about how to recover your account.

Recovery processes usually rely on alternative contact information and additional security questions, so it pays to always know what these are. Once you recover your account, change your password if you need to.

3. Warn your employees

Let your other employees know immediately. They may be receiving strange emails from the hacked account, or could also be victims of a hacking attempt. Warning them to be vigilant and taking steps to change their password can limit the risk of another hack.

4. Get in touch with your contacts

Email hackers love to send out emails to all the contacts in your address book. Most of us have received one of these dodgy emails, supposedly from someone we know. If you are hacked, reach out to your contacts and customers – anybody in your address book – to warn them not to open any odd emails from you. In particular, they should not open any attachments.

It can be sensible to contact them using an alternative account which you know is secure, or even call them. Even if you feel a bit sheepish being hacked, it is always best to let everyone know.

5. Check other accounts and systems

One of the reasons people get hacked is because they use the same passwords across different accounts. Urge employees to change passwords on other accounts if they are the same as the details on the email that has been hacked.

If you suspect a hacker has accessed details of any sensitive information, check any other systems that may have been compromised and change any related passwords.

6. Scan devices for virus and malware

An email hack might be the result of existing malware on your device, or lead to a virus or malware being placed on it. Scan any impacted computers and smartphones using your online protection software. It would also be advisable for your other employees to do the same.

7. Review the security you have in place

After an email hack, it’s sensible to see if there are any steps you can take to prevent a repeat attack. There are several things you can do, including:

  • Implementing multi-factor authentication – for example, everyone needs a one-time passcode when they first access their email.
  • Introducing stronger formats for passwords, such as forcing numbers and symbols, and ensuring passwords are changed more regularly (your email provider may have a facility for you to control this).
  • Educating employees about cybersecurity risks, particularly around email.
  • Making sure you have the right level of cyber-protection software in place in case your emails and devices get hacked.

For more information about how to keep your business and employees safe, see our cyber security solutions for small and medium businesses.


1. Source

All articles


Public sector

Safe & secure


Tech advice

Work smarter