“My mail has been hacked, how do I fix it?” A step-by-step guide

“My email has been hacked, how do I fix it?” is a more common question than you might think. Learn what to do if someone gets access to your account.

Your email account hosts plenty of sensitive data, so you should invest time and effort in protecting it to prevent unauthorized access. If you don’t follow proper security practices, you might leave dangerous vulnerabilities that malicious parties can exploit.“My email has been hacked, how do I fix it” is a question nobody wants to ask, but the good news is that you can resolve this issue and take steps to safeguard your online identity in the future. This guide will teach you how to do this by answering the most burning questions:

How does someone hack your email?
How to know if your email is hacked
How to recover a hacked email and prevent future attacks

Regain control of your emailPrevention is key with Skiff's rock-solid security measures coupled with beautiful UI

How can someone hack your email? Common cyberattacks explained

Despite the constant evolution of cybersecurity, 2022 saw a 38% rise in the number of cyberattacks compared to 2021. As alarming as this may sound, most attacks are preventable with the right security measures. To implement them, you should first know what you’re up against.The following table breaks down the most common ways a hacker can get ahold of someone’s email account:

Attack type	How it happens
Phishing	The user receives a malicious email resembling a legitimate one, typically from a brand asking the user to confirm their login credentials or visit a spoof site
Man-in-the-middle (MitM) attack	The attacker uses an unsecured public network to position themselves between the sender and recipient, intercepting their correspondence to uncover sensitive information
Brute force attack	The hacker submits numerous passwords (starting with common passphrases) using specialized software to break into the user's account. The attack is based on a trial-and-error approach

These are broad categories of attacks, and each can have various implementations. For instance, there are many types of phishing, including:

Spear phishing—A highly targeted phishing attack focused on a specific user
Whaling—Aimed exclusively at affluent users like CEOs or celebrities
Clone phishing—Involves sending someone the exact copy of an email they’d already received, except the legitimate links or attachments are replaced with malicious ones

Each attack type shows different signs your email is compromised. Understanding them can help you react quickly and take back control of your account.

How to know if your email has been hacked

The most obvious sign that someone took over your account is the failure to log into it, but not every hacker will lock you out. Some attacks aim to do long-term damage without the target realizing it.In this case, the best thing to do if you suspect unauthorized access is to check your sent folder. If you notice any emails you don’t remember sending, it’s a tell-tale sign someone else is using the account.Checking your login activity is another helpful strategy that most email service providers (ESPs) allow. You can review the locations, IP addresses, and timestamps of your recent logins to spot any unusual activity.Realizing your email has been hacked might be terrifying, but there’s no reason to panic. In most cases, you can recover your account and fix the damage done by the attacker.

What to do if your email has been hacked

When your account’s security is breached, you must react immediately. Follow these steps to regain access and prevent extensive damage:

Contact your email service provider
Update your passwords and other security measures
Scan your device for malware
Alert your contacts

Ensure total control of your sensitive dataWith the strongest E2E encryption protocol, Skiff Mail ensures your email remains protected

Visit your provider’s account recovery page

The first and most important thing to do if you get locked out of your account is to contact your email service provider. Every platform has a dedicated recovery page with steps for retaking control. It’s best to log in from a different device, as the current one could be affected by malware.You might have to answer security questions or provide other proof of identity. Once you complete the necessary steps, you should be able to log into the hijacked account.

Change your credentials

As soon as you access your account, change the password and make sure it’s a secure one. Don’t use obvious or easy-to-guess information like common phrases or personal details. Choose a combination of alphanumeric and special characters to minimize the chances of brute force attacks.Write your new password on a piece of paper and store it somewhere safe. You can also use a password manager, but make sure to choose a reliable option.After changing your password, update your security questions and other security layers. Set up two-factor authentication (2FA) so that the hacker can’t access your account if they steal your credentials. The one-time passcode will keep your account secure, so you can avoid future takeovers.

Run a malware scan

Email breaches are sometimes followed (or caused) by malware, with the most common types including:

Malware type	What it does
Viruses	Corrupt programs/files and spread through the system when triggered by the launch of a malicious file or software
Worms	Similar to viruses, but don’t require execution by the user. Worms typically infect your hard drive and memory to corrupt files
Ransomware	Locks the user’s data and requires action or compensation to release it. If the ransom isn’t paid, the attacker might destroy the affected files or release them on the Dark Web
Trojans	Malicious programs masked as legitimate software that corrupt a device when opened by the user

A robust antivirus platform can protect your device from the vast majority of malware types. After you’ve secured your account, run a scan to ensure your device is safe and isolate any threats. Don’t open any other programs beforehand, as you can’t know which of them might contain malware.

Let your contacts know about the breach

The attacker might’ve sent malicious emails from your account while you were regaining access. This is a common way of stealing credentials from the target’s contacts, as they’d likely be unsuspecting of any danger since the email is coming from your address.To avoid this, notify your contacts about the unauthorized access and possible impersonation. Warn them about opening any files or following links received during the time your account was hacked so that they can stay safe.

How to stop email hacking and keep your account safe

The main reason people get hacked is that they unknowingly leave tons of data someone can use against them. Big Tech providers like Gmail or Outlook don’t prioritize users’ privacy and security, leaving you exposed to various attacks.That’s why privacy-first email services have gained so much popularity in recent years. They use numerous security layers to give you full ownership of your data.End-to-end encryption (E2EE) is one such measure. It keeps your correspondence safe from hackers and other third parties by turning your email’s contents into strings of unintelligible characters. Only the person with the decryption key can read the message, so even if someone intercepts your email, they can’t see or extract any sensitive information.If you need a secure E2EE email service to safeguard your online identity and prevent attacks, sign up for Skiff.

How Skiff Mail prevents cyberattacks

Unlike most commercial email service providers, Skiff Mail doesn’t leave vulnerabilities an attacker could use to break into your email. It implements the use of two separate keys to safeguard your emails. The public key is shared among users and used to encrypt the message, while the private decryption key is created by the user and safely stored on their device.This means that nobody besides the intended recipient—not even Skiff—has access to the decryption key and can see your correspondence.The advanced end-to-end cryptography that Skiff offers is highly effective at preventing MitM attacks and other forms of cybercrime. The platform also supports 2FA, which can save you from phishing or brute force attacks as long as you set a secure password.Using the Secure Remote Password algorithm, Skiff supports zero-knowledge proof for authentication, which means your login credentials aren’t stored on the platform’s servers. You can sign up without leaving any personal information, ensuring complete anonymity and confidentiality on the web.

High-end security without trade-offs

While Skiff prioritizes privacy, it doesn’t come at the cost of design or other features. The interface was carefully built to ensure smooth and intuitive use without the need for technical knowledge.

Besides advanced privacy measures, Skiff Mail offers numerous benefits free of charge:

Fast email and text search, typically included in paid services
10 GB of storage
Crypto wallet integrations:
- MetaMask
- Coinbase
- Keplr
- Brave
- BitKeep
- Unstoppable Domains
- Phantom
Support for browsers, iOS, Android, and macOS

You’ll also get access to a rich productivity suite encompassing three end-to-end encrypted platforms:

To learn more about Skiff’s platforms and security measures, read the whitepaper. The platform is open source and welcomes codebase reviews, so visit Skiff’s GitHub for a closer inspection of its libraries.

Get started with Skiff and fortify your correspondence

You can create your Skiff account in three easy steps:

Visit the signup page
Choose your account name and password
Start using Skiff Mail and other privacy-first products

Skiff offers one-click migration from other email service providers, so you can transfer all your data to protect it from future attacks once you’ve regained access to the hacked account. All your files and conversations will be shielded by the platform’s cutting-edge security measures, so you’ll have much-needed peace of mind.

While the free plan is robust enough for an average user, you can expand your storage and gain access to additional features by upgrading to one of the paid plans:

Essential—$3 per month
Pro—$8 per month
Business—$12/month

Checking your email for future breachesIf you're looking to check whether your email is part of a recent data breach, try out our free email checking tool here.