1. Check your email provider’s site for information.
Most email providers like Yahoo, Google and Microsoft will have online instructions on what do to in case of an account takeover.
Yahoo Mail has a links entitled “I can’t access my account” on the front page; for Microsoft’s Outlook.com, it’s “Can’t access your account?”
Google has separate sets of instructions for “Compromised Gmail account” and “Someone is sending from my address” in the Security & Privacy section under Help.
2. Call your email provider to report the incident.
“If [the website FAQ] doesn’t work for you, call [the company] directly and ask to speak to their tech department to find out what you should do,” said Adam Levin, former director of the New Jersey Division of Consumer Affairs and the founder of Credit.com and Identity Theft 911.
You should also report the incident to your email provider’s security team, Levin said.
“Do this as you’re in the process of getting your email account back,” he said. “It can help them find a pattern they can use with law enforcement to help find the people who are doing it — although the problem is usually the people who are doing it are 17 countries removed.”
3. Alert family, friends and acquaintances.
“You should tell people that your email has been hacked and that they might be receiving emails from you asking for money or promoting certain products or services — but they weren’t really from you,” Levin said.
“You also have to deliver the bad news,” he added. “If, by some chance, they actually clicked on whatever the [hackers] sent, it is not inconceivable that there might have been malware attached to it.”
Both you and all the persons who have received emails from your hijacked account should run malware scans, Levin said.
4. Examine your personal email settings.
Your email hijackers might have created forwarding policies from your email address to other addresses. Those other email addresses will receive everything you receive — including bank statements and personal messages.
“Even if you get back in your email and straighten everything out, unbeknownst to you, it is forwarding every email you are sending and receiving to the hacker,” Levin said.
Look at your email account’s signature settings to be sure the hacker hasn’t changed your automatic signature.
“Check to make sure you signature block hasn’t become ‘Hello Kitty,'” Levin said. “They might have put some malicious links in there as well.”
5. Change your password and user ID.
“If you are one of those people who believes in a universal password and user ID, it is time to revise your beliefs,” Levin said.
“Change your password and user ID on all the other sites where you’ve used your email password and user ID — and use different ones for each site,” he said. “You have to change them up. Make them long and strong, and use alphanumeric passwords and user IDs.”
6. Look in your email folders.
“It’s a wonderful, eye-opening experience” to look in your email folders, “because you’re going to see things you forgot you had in there,” Levin said.
“And when you see them,” he said, “you will delete them and delete anything that leads to another site — and then change the user ID and password associated with those other sites.”
7. Get serious about monitoring your other accounts.
If your email account has been hijacked, you may find that a little paranoia is a good thing, Levin said.
“That means look at your credit reports, go to sites where you can get your credit scores for free, and where you can go back every 30 days or so, and make sure there is no change — especially a negative change — in your score,” Levin said.
“Look at your bank accounts, your credit card accounts, a couple minutes a day,” he added. “If you’re really worried, then you should enroll in more sophisticated credit- and fraud-monitoring programs.
“You should also check with your insurance company, bank, credit union [and] employer to see if they have a program available that you may already be enrolled in, or [that] you can spend a few dollars and enroll in,” Levin said. “You decide whether it’s worth it or not.”