Compromised email account? How to act when your account is hacked

One of the most common cyberattacks is phishing and email account hacking. These attacks, increasingly sophisticated, are becoming harder to detect, resulting in a higher success rate compared to other types of attacks.

Email account hacking is quite serious, as it is linked to all our online accounts: bank, social networks, online stores, etc., leading to the theft of private and personal information. It starts with the email account and ends with access to your bank account and credit cards.

Taking specific cybersecurity measures is key to preventing this type of cyberattack.

Signs that your email account may have been hacked

Sending of strange messages

Have you received a reply from an unknown sender or regarding a question you don't remember sending? If you start receiving messages with information you never received before, or from completely unknown senders, your account may have been hacked and is being used by a cybercriminal.

Sudden logout and unrequested password changes

Another sign that may alert you that your email account has been hacked are sudden and frequent logouts, as well as password changes that you didn't make yourself.

Login notifications

If you receive login notifications for any of your accounts but you haven't attempted to access them from any device, it may indicate there has been an attempted hack.

Unexpected changes to your email settings

If your email settings have changed without your intervention, it could mean that your account is no longer yours, but rather has been taken over by a cybercriminal.

Automatic forwards to unknown addresses

Is your account sending automatic messages to unknown email addresses or addresses you haven't authorized? This could be a sign that you may have been hacked.

Do you suspect that you've been hacked but don't know how to check? Below, we explain how to do it.

How to know if your email account has been hacked

Update your passwords

First and foremost, as a precaution, it's best to change all your passwords. This way, if there has been theft, you'll regain control of your account.

We recommend changing all passwords for accounts associated with the hacked email address. Additionally, it's important for passwords to be lengthy (at least 12 characters). The more characters, the harder to hack.

You can check the strength of your passwords on the dashboard of our Petam.io tool.

Change your security questions

This is somewhat related to the previous section. At the same time you change your passwords, it's important to change your security questions to recover your account.

Run your antivirus software

It's important to run a full antivirus scan to detect potential vulnerabilities or security breaches.

We recommend performing comprehensive scans capable of identifying and removing all forms of malware and potentially unwanted applications, including trojans, spyware, and keyloggers that could be tracking the keystrokes you press, for instance.

Report it to your cybersecurity specialist

If you have an IT or cybersecurity specialist in your company, it's important to inform them of what happened. This way, they will know what steps to take to verify if there has indeed been a hack, and if so, how to proceed to prevent further escalation.

Do you need help with this?

Measures to prevent email hacking

There are specific cybersecurity measures to prevent email hacking

Two-factor authentication (2FA)

Two-factor authentication (2FA) involves adding an extra layer of protection to your information. To access an account, you'll need a code sent directly to your mobile device. Without this code, access to the account is not possible. Additionally, this system sends alerts for login attempts. If it's not you trying to access the account, you can block access, preventing the unauthorized user from gaining entry.

Up-to-date updates

Updates are there to ensure the operation and performance of our computer, as well as to protect it against cyberattacks. The primary goal of updates is to continually search for security vulnerabilities in a system and patch them to prevent a computer from being targeted in a cyberattack.

Use different passwords

Using the same password for everything is a bad habit we have simply because it's easy to remember. However, if a cybercriminal hacks one of our passwords, they can access any other account you have.

It's advisable to have a different password for each account, make them long and complex to make it harder for cybercriminals. Also, consider using a password manager to store and remember them.

Avoid connecting to public networks

It's very common to connect to public Wi-Fi networks, which are those that don't require a password for connection. However, this is highly discouraged. Many of these public Wi-Fi networks do not encrypt their data with WPA2 or any other type of encryption. Data is transmitted in plain text, making it easy for someone to steal that information.

Install anti-phishing solutions

Anti-phishing solutions essentially filter emails, preventing suspicious ones from reaching the user's inbox.

At ESED, we offer an AI-based anti-phishing solution that rejects any attempt to directly send emails to protected accounts, ensuring all incoming emails are filtered. Additionally, we conduct phishing simulations to test systems' ability to detect malicious emails.

Compromised email accounts are among the most common cybersecurity issues for businesses, often stemming from human error. Therefore, educating employees about daily online risks is crucial for them to quickly spot suspicious behaviors that jeopardize company and personal information security.

At ESED, we provide cybersecurity training for businesses. Need assistance or interested in our services?

Contact us through the following link.