Hacked email? How to protect your account before attackers take over

If a mail account is compromised, hackers can not only read messages, but also reset passwords and take over other accounts. This makes it all the more important to take an immediate and structured approach in an emergency. Below we show you what immediate measures you should take and what help pages and support channels the major providers have available for affected users.

General measures in the event of a hacked email account

Case 1: You can still log in

If you can still access your mailbox, you have the best chance of securing your account immediately. It’s important that you close all possible backdoors step by step:

• Change your password: Log in directly via your provider’s official login page. Avoid links from emails, as these can lead to phishing sites. Choose a new, strong password that you only use for this account and that consists of upper and lower case letters, numbers and special characters.
• Log out all devices and sessions: Many providers offer an overview of the devices and sessions currently logged in in the security settings. End all active sessions or use the “Log off all devices” function. In this way, attackers who still have access will immediately lose their connection to the account.
• Check recovery options: Check which phone numbers and alternative email addresses are stored for account recovery. Attackers often enter their own data here in order to take over the account permanently. Remove unknown entries immediately and only enter your own current data.
• Delete filters and redirects: Take a look at the mailbox rules in the settings. Attackers often set up automatic forwarding or filters so that emails are forwarded to a different address or certain messages are made invisible. Delete all rules that you have not created yourself.
• Activate two-factor authentication: If your provider supports it, be sure to activate two-factor authentication. When logging in, you must enter a second factor in addition to your password, for example a code via text message or confirmation in an authenticator app. Even if your password falls into the wrong hands again, you are better protected this way.

Case 2: You can no longer log in

If you are locked out, everything runs via the support of the respective provider. In this case, use the respective recovery form or the account wizard, which will guide you through the recovery process.

Microsoft Outlook / Hotmail

Microsoft provides a recovery wizard for hacked accounts. After entering your e-mail address and—if stored—your telephone number, the system checks whether any suspicious logins have occurred. It then guides you through the process step by step: from resetting your password and confirming security information to checking for suspicious activity.

If you can still log in, you should immediately change the password in your account and check all stored security data (alternative e-mail, telephone number). If access is already blocked, use the account recovery form.

Microsoft offers toll-free numbers in the U.S.: 1-855 270 0615 (or 1-800 865 9408 or 1-800 642 7676). However, Microsoft usually refers hacked or blocked accounts to the recovery wizard and the online support forms, as the identity check is structured there. However, the hotline can support you if you get stuck with the online forms or have any queries.

Google / Gmail

With Gmail, it’s particularly important to call up the device and security overview. There you can see which devices have recently accessed your account. Unknown entries can be cancelled with just a few clicks. You can find clear instructions in our guide article “Is a hacker logged into your Google account? Here’s how to find out“.

Google also provides a detailed guide for a complete recovery: Secure a hacked or compromised Google Account. There you will learn step by step how to reset your password, check recovery options and stop suspicious activity.

If you can no longer log in at all, go to the account recovery page linked in the above site and follow the steps provided there.

Google does not provide a hotline for free Gmail accounts. The entire process runs via the online help pages and the recovery form. Only paying Google Workspace or Business customers are entitled to telephone support.

Author: Florian Kastner, Contributor, PCWorld