What Should You Do if Your Email’s Been Hacked?

Follow these tips to protect you and your contacts.

Interested in Business?

Get Business articles, news and videos right in your inbox! Sign up now.

Business + Get Alerts

A few weeks ago, I received a frantic email from a friend who works for a real estate company. I had seen her only two days prior and she, who generally shares a lot of personal information, never mentioned an upcoming international trip. But her email to me said she was in Greece, where she had been robbed outside of her hotel and needed my help and money to get home.

The truth is she never left town, and her email account was hacked.

Having personal email hacked is inconvenient. But when you’re running a plumbing business it’s worse. For starters, you have a lot more contacts. Receiving a spam email could anger customers who have trusted you with their email addresses, and email hacking can also be a prelude to identity theft. Unfortunately, small businesses are the most vulnerable to email hacking because it’s likely your email account contains more information than an individual account but has less security than a large corporation’s email accounts.


Your email account may become vulnerable if:

  1. You don’t have up-to-date security software installed
  2. You have weak passwords
  3. You’ve clicked on a malicious link in an email or instant message, on a social networking site, or on a webpage
  4. You’ve downloaded a corrupt video, game, song or attachment


If a contact calls and asks if you’ve really been mugged in a foreign country, assume you’ve been hacked and take action immediately.

First, review your email settings. Make sure the hacker hasn’t added malicious links to your signature or set up any automatic forwarding. If these changes go undetected, every time you send out a new email, you are exacerbating the problem.

Once you’ve confirmed your settings, run updated antivirus software to make sure your mail account is clean. Then get ahead of any bad publicity the fraudulent emails might cause for your company. Send an email message to everyone on your contacts list telling them to be on the lookout for strange emails from you and warning them not to click on any links or attachments in emails that appear to have been sent from you. Use “BCC” (blind carbon copy) rather than “To” or “CC” on this email so you don’t provide everyone on your contacts list with a list of your customers’ email addresses.

Once you’ve cleaned up your computer and mail settings and notified your contacts, the problem may be over. But not necessarily. Always assume a hacker got away with some private information and be on alert. Monitor your credit for a while.

You can even contact one of the credit reporting agencies and put a temporary fraud alert in your credit file if you are really worried.

You’ll also want to report that you were hacked to your email service provider and change your password and security questions. If access to your account is blocked, your provider can help. There will be steps to follow on their site’s help center for creating new passwords. You’ll also want to change your password on any site that uses the same one as your email.

Remember that if you’ve been hacked, you should wait to change your password until after your antivirus and anti-malware programs are updated. If you change your password first, the hackers may collect your new password as well as your old one.


To protect your email from being hacked again, get into a routine of changing your passwords frequently and make passwords as secure as possible.

The best passwords aren’t necessarily difficult to remember, they are just difficult to guess. Don’t use “123456,” which CBS News reported to be the most common password used in 2013. And don’t make your password, “password.” That was No. 2.

Here are some tips for creating a strong password:

Create a password that’s at least 10 characters and include capital letters, lowercase letters, numbers and symbols.

Do not use your name or the name of a spouse, child or pet. Don’t use your birthday, anniversary or city name.

Do not use words that can be found in a dictionary, spelled forward or backward.

One way to set a password that’s easier to remember than random letters and numbers but difficult to guess is to use text messaging shortcuts. For example L8r2DayG8r! translates to “later today gator!” and l00kb4ulEEp? translates to “Look before you leap?”

Another key to preventing hacking is to be smart about spam and scams. If an offer in an email sounds too good (or bad) to be true, it almost always is. You did not win any foreign sweepstakes or lottery. No one needs your help getting out of a foreign country. There’s no miracle cure for anything available by clicking a link in an email or on a website. Your friends aren’t really sending you those emails with nothing but “Look at this!” or “Check this out!” in the subject line and nothing but a link in the message.

Those are obvious scams, but what if an email appears to be from your internet service provider, your bank, your credit card company, or some other legitimate company you’ve done business with? If they are asking you to click on something or provide information, look closer. No reputable bank or company is ever going to ask you to authenticate or verify information online.

If an email of this type slips through your spam filter and you think it’s legitimate, don’t click on any links. Rather, use a search engine to find the company’s website, and then log in or call the customer service number. If the email is legitimate, they’ll confirm it. If it is fraudulent, they’ll appreciate knowing about it.


And finally, if you are ever mugged outside your hotel in a foreign country and need help, borrow some change from a local and call the American embassy.


Comments on this site are submitted by users and are not endorsed by nor do they reflect the views or opinions of COLE Publishing, Inc. Comments are moderated before being posted.