My Friend Says My Email Got Hacked – What Can I Do?

Last Updated on August 4, 2023

You may be spending a day relaxing, shutting off all your tech devices for a while. Life is good. 

But when you return to the digital world, you find a flood of text messages waiting for you. 

Your friends and family wonder if you sent them a weird email with a link. Worst, some of them tell you that they clicked on the link. 


You still aren’t quite sure what happened until your tech-savvy friend lets you know it’s almost a certainty that your email account got hacked

The questions are running through your mind. How did my email get hacked? What is the danger after or the consequences?

We’ll break down everything you need to know after a hacker gains control of your email account, including how to fix the problem.

black laptop computer

Source: Stephen Phillips on Unsplash

Signs That Someone Hacked Your Email

Some hackers are not that subtle, using your email account to send hundreds of scam emails to those in your contact list in one message dump. However, others want to elongate the email hack, occasionally sending only a few messages, hoping you won’t notice for a while.

Spotting an email hack as early as possible means you can warn your friends and family about the hack, helping them avoid email scams from clicking malicious links. 

Some signs your email has been hacked include the following:

A sudden flurry of questions from friends and family

One of the first clues about an email hack occurs when you start receiving texts and calls from people in your email contact list. They wonder if you sent them an odd message or they tell you that your account is generating spam.

If this happens, assure them that you did not send the message and remind them not to click on any links in messages “from you” until you figure out precisely what happened.

Loss of account access

If you suddenly cannot access your email account, a hacker may have changed your password after taking control of the account. 

Before going into panic mode, you may have forgotten your password or your IP address is different, and your email provider doesn’t recognize your device. See if you can reset your password.

The ‘Sent’ folder looks odd

If you suspect that your email account has been hacked, check the ‘Sent’ messages folder. If you see messages you didn’t generate – this is a sign of a hack.

Another sign is if you have an empty sent messages folder – especially if you know you sent several messages in the past few days. The hacker may have sent spam messages using your account. Then, they delete all items from the sent messages folder to throw you off if you’re searching for clues.

Black and Gray Digital Device

Source: Torsten Dettlaff on Pexels

How to Fix Your Email After Someone Hacks Into It

Recovering from a hack requires following several steps, depending on the complexity of the hack. If you catch the hack early enough, you may only need to follow a few steps. If you catch it late, it can take a long time to set things right again.

1. See if you can access your account

You may get lucky and catch the problem before the hacker can change your password and lock you out of the account. If so, change your password immediately to something more complex than what you’ve been using. You may want to consider using a password manager or use Chrome’s or Firefox’s password suggestion.

Once the hacker knows that you used a breakable password in the past, the hacker may try to crack your password again after you change it. Therefore, a long and complex password will be necessary.

After updating your password, change any security challenge questions used with the account. If available, turn on 2FA (two-factor authentication) with your account.

2. Use the email provider’s recovery service

If you cannot access your account because the hacker changed the password, you might still be able to use the self-directed recovery service the email provider offers.

You can recover your account if you registered it with your phone number as a backup verification option. 

Unfortunately, the hacker may have changed the phone number associated with the account at the same time as changing the password for it. If so, you’ll have to go to the next step.

3. Contact the email provider

If you cannot gain access to your email account because the hacker changed your password, you have a tougher challenge. 

Reach out to your email provider and explain the situation. The provider can temporarily suspend your account and help you regain control of it. 

Understand that you must find a way to prove what is happening to you and that you are who you say you are. Email providers don’t make this process easy for good reason. You don’t want a hacker to be able to pretend to be you and gain access to your account this way, after all.

Different email providers will have other means of proving you are the rightful account owner. If you have a hacked Gmail account, here are some of the items you may be able to provide to prove that you are the account owner.

Your most recent password before the hacker changed it.
The month and year when you opened your Gmail account.
Answers to the security questions you chose at signup.
Email addresses of some of your most frequent email contacts.
The phone number associated with your Gmail account.
Other products from Google that you use in addition to Gmail.
The month and year when you signed up for other Google products.

Your email provider likely does not have a telephone technical support center, especially if it offers free accounts. This means you will have to reach out to the email provider via live chat or email to try to solve the problem, which can take a long time.

4. Update your device’s security protection

Ensure you have up-to-date antivirus, anti-malware, and firewall software on your computer. You also should make sure you are running the latest version of the operating system on your computer.

If you use your email account on your smartphone, ensure you are running the latest operating system on your phone as well. 

5. Last resort: Close your account

If the hacker continues to bother your email contacts, and if you simply cannot regain access to your account after multiple tries, it may be time to ask the email provider to close the account permanently.

Close-Up Shot of Bills

Credit: Tara Winstead on Pexels

Possible Consequences After a Hacker Takes Control of Your Email

Suffering an email account hack not only creates hassles for the people in your contacts list, but it could also lead to far more significant problems for your online identity and for your finances.

Loss of sensitive personal information in messages

With control of your account, the hacker can suddenly read every email. Some of these messages may contain banking information, copies of bills, tax information, or medical information, which could lead to a case of stolen identity in the near future.

Loss of social media accounts

If you have copies of your signup information for your social media accounts in your email inbox, the hacker may take control of these accounts too.

Ask for a ransom

You might hear from the hacker, who offers to give you back your email account – for a price. As the FBI states, you have no guarantee that the hacker will actually give back your account if you pay the money, which means agreeing to this kind of transaction is filled with uncertainty.

Hacking of other accounts

With your email address in hand, hackers may go after other accounts you own, like banking or credit cards. Most people use their email address as a username for account logins. With your username in hand, the hacker may try a brute-force password attack on these other accounts.

Back View of a Person Typing on a Keyboard

Source: Mikhail Nilov on Pexels

How Did Someone Hack My Email?

Unfortunately, the most common reason you suffer an email hack is because you made a mistake while using the Internet. Don’t feel too bad – Norton says 14 percent of consumers have found unauthorized access to their email accounts.

Email hacks are big business for criminals. The FBI’s Internet Crime Report estimates email hacking victims, including users of both business and personal accounts, suffered losses of more than $1.8 billion annually.

With that amount of money on the line, it’s no surprise criminals are interested in hacking your email. But how do they do it? 

Clicking a malicious link

The link exposes your computer to dangerous malware, which could damage your data or could expose your personal information as you type it into legitimate websites. 

If someone hacked your email and sent spam messages to your family and friends, a phishing attack is what is happening to them.

Protect yourself: Read a message carefully if you’re unsure about it. Look for spelling errors or a writing style different from what the person or business typically uses. Reach out to the person who sent it to see if it’s legitimate.

Rather than clicking the link, hover your cursor over the top. You should see a small popup with the URL of the link. If it doesn’t seem to match what’s described in the message, don’t click it. 

Downloading malware inadvertently

If you recently downloaded a game, app, or video, it may have had malware attached to it. This dangerous code could then expose passwords, account information, and personal information stored on your device to a hacker.

Protect yourself: Always have high-quality antivirus software, anti-malware software, and a firewall running on your device, as it should catch the malware and eliminate it.

Only download games and videos from websites that you fully trust and know well. No matter how great a game or app sounds, if it’s coming from an unfamiliar website, you could be downloading malware.

Keep your device’s operating system up to date at all times. In other words, don’t put off that system update. Hackers write malware to exploit holes in operating system software, and the latest versions often fix these holes.

Weak password

Hackers have become really good at cracking passwords through brute-force attacks. Hive estimates a hacker can now solve a complex eight-character password in an hour versus four hours a few years ago.

A brute-force attack is a possible explanation if a hacker gains access to your email.

Protect yourself: Use longer, complex passwords with numbers, symbols, and uppercase and lowercase letters. According to Hive, a complex 12-character password takes 2,000 years to crack via brute force versus one hour for an eight-character password.

Additionally, set up 2FA wherever possible. Should someone hack your password and try to access your account, 2FA asks you to verify the account sign-in through a text message on your phone. The hacker almost certainly won’t have access to your phone, meaning they cannot access the account, even with the password.

Exposed account

Sometimes, you did not do anything wrong to have your email account hacked. If the organization that provides your email was the victim of a hack, it could lead to a compromise of your account and password information. Hackers then could take control.

It’s also possible that you exposed your email account information. Perhaps you received an email or text message from someone claiming to be involved in tech support for your email provider. This imposter may tell you it needs you to verify your password to fix an account problem.

Once you send the password, your email account is exposed.

Protect yourself: Don’t send passwords by email or text without absolutely verifying the identity of the other person. Tech support people should never ask for a password anyway.

To protect your account information from a third-party hack against your email provider, set up 2FA on your email account. 

a woman sitting at a table using a tablet

Source: Acrelia News on Unsplash

How to Guard Against an Email Hacker in the Future

You can take a few steps to protect yourself against email hacks, including the following. These steps can help you protect your social media accounts from hackers, too.

Use different, complex passwords

You’ve almost certainly heard it a million times before, but here comes 1 million and one: Don’t use the same password on multiple accounts

If a hacker gains access to a password for one of your accounts, the hacker almost certainly will try that password on other accounts you own.

Additionally, use complex passwords with several different types of characters and 12 total characters or more.

Consider getting a password manager such as 1Password or  BitWarden if you want tougher password protection.

Use 2FA

Two-factor authentication is one of the best ways to guard against this type of hack. 

If a hacker gains access to your email account password, your account remains locked unless the hacker also is looking at the verification text message on your phone. It’s highly unlikely a hacker can take over your account with 2FA enabled.

Yes, it’s a slight hassle to have to take a few extra seconds to enter your 2FA code before logging into your email account. This hassle is nothing compared to the hassle of trying to regain control of your account after an email hack, though.

Sign up for an identity theft protection service 

Sometimes, a hacking of your email account is a single sign of a larger hack of your personal information. Dealing with an email hack is a pain; dealing with the loss of your identity is many times more painful.

The best identity theft protection services give you a heads-up when something strange is occurring with your personal information. Some of these clues may help you figure out that your email account and other accounts are at risk. You then can take steps to protect yourself by changing passwords, activating 2FA, and keeping a close eye on your financial reports.

Perhaps an email hack spooks you into subscribing to an identity theft protection service. You then may discover that your personal information is exposed in many different places. The email hack was only the first domino to fall.

With the information in hand from the identity theft protection service, you then can figure out which areas of your personal and financial life need extra protection.

Services like Aura can monitor all your account and also offers access to a VPN, password vault, antivirus, and more for an affordable monthly or yearly fee. 

Avoid Dealing With a Hacked Email Account By Taking Preventative Measures

When someone hacks your email, it becomes a huge headache for you. To avoid these issues, the smartest option is to take steps to protect your email account before a hack ever happens. 

No one wants to have to tell their friends and family that they lost control of their email to a hacker. No one especially wants the guilt of having a family member click on a dangerous link that arrived in the malicious email that appeared to come from your account.

And if you use your personal email for work or for a side hustle, you could lose customers quickly after an email hack.

As we discussed earlier, preventative steps can go a long way to keeping your email safe. Be smart about how you share your personal information on the internet. Consider using an identity theft protection service to help you watch your back … digitally, at least.