My email has been hacked! What should I do next?

My email has been hacked! What should I do next?

Your email account is the digital nerve centre of your daily life, a vital tool for work and personal communication. Yet, it’s also a prime target for hackers and securing it is paramount. So, what to do if your email has been hacked? In this post, we’ll unravel the unsettling potential of scammers who possess just your email address. You’ll learn to identify signs of email hacking, discover crucial steps to take if your account is compromised, and acquire proactive measures to cyber threats. For businesses, we’ll unveil email security solutions that safeguard your data. Protect your digital world, starting now.  

In this article, we cover:

What can scammers do with just my email address?

Like your phone number, your email address represents important contact information that is necessary to share with businesses and people in your working and personal lives. Whether that’s to book a train ticket, communicate with a third-party agency, or donate to charity, you will need to provide your email address. And that’s fine! Email addresses are an important and unavoidable part of our lives. 

At the same time, because email addresses are shared so widely, it’s important to know the risks associated with your email ending up in the wrong hands and the precautions you need to take to prevent this. 

For example, if a scammer gets hold of your email address, they can:

  • Spoof your email address: Hackers can mimic your email address (e.g., by making very subtle changes, like removing a letter or adding a number) and send harmful content, like malware or requests for money, pretending to be you. Because these email addresses often look legitimate, they can more easily bypass email security filters. 
  • Send you phishing emails: At some point, all of us will have received a phishing email. This refers to a scam email, often pretending to be a legitimate business or person, asking for money, passwords, or for you to click on a malicious link. The more exposed your email address is, the more phishing emails you’ll receive, and the more likely you are to accidentally fall for one and become a victim of a cyber-attack. 
  • Discover more personal information about you: With your email address, hackers have a basis to investigate further information about you. This includes searching your social media accounts, place of work, where you live, and who your friends and family are. The more a hacker knows about you, the easier it is for them to curate a targeted scam that could leave you extremely vulnerable to a cyberattack. 
  • Access your email account: The more information a hacker has on you, the easier it is for them to search for and guess your passwords using the dark web. As such, there is a possibility that they can hack into your email account, leaving you at serious risk. Once a hacker gains access to your emails, they are more likely to: send malicious emails to your contacts; search for and steal financial information; blackmail you; steal your identity; and gain access to other personal accounts. 

Poor email security can, therefore, cause a number of serious issues, especially in a working environment. Hacked email accounts could leave your business exposed to financial loss, reputational damage, GDPR fines, and distrust or potential legal action from clients. That’s why it’s so important to prioritise your email security. 

Before we get into what to do if your email has been hacked, let’s uncover the signs of compromised.

How do I know if my email has been hacked?

Are you worried you’ve become a victim of email hacking? But not sure how to check? Here are our five signs to look out for: 

  • Check your sent and outbox folders: Are there any emails you don’t remember sending? A hacker may have gained access and started emailing your contacts. 
  • Deleted emails, folders, or contacts: If your inbox is well organised, you’ll know where everything is stored and how it should look. Is there anything that looks off? Any missing emails, folders, or contacts? 
  • Unexpected emails in your inbox: Are you experiencing a high volume of random, unexpected emails? For example, from ‘delivery companies’ even though you haven’t ordered anything? It’s likely these are phishing emails, so make sure to check before taking any action. 
  • Unrecognised login attempts: Are you receiving two-factor authentication notifications even though you haven’t tried to log in to your emails? This may be because a hacker is trying to log into your account. 
  • Urgent requests for payment: Be suspicious of any emails requesting payment urgently, even if they look like a legitimate sender. Scammers can often replicate businesses and email content to a high standard, and legitimate companies will very rarely send urgent payment requests unexpectedly. 
  • New forwarding rules are in place: Be vigilant for any unfamiliar forwarding rules within your email settings. Hackers often manipulate these settings to divert your incoming emails to another email account they control. Even if you change your password, these rules can persist, allowing cybercriminals ongoing access to your correspondence and potentially sensitive information. Regularly review your email settings to ensure no unauthorised forwarding rules have been established, as this can be a subtle yet critical indicator of a compromised email account.

what to do if your email has been hacked?

If you think you’ve become a victim of email hacking, follow these 8 immediate steps to secure your email account and prevent a cyber-attack: 

  1. Change your password: This should be the first step you take. Make sure your password is completely different, using complex and uncommon words with letters and numbers. 
  2. Enable two-factor authentication: Most email providers will allow you to add an extra layer of security by requesting additional verification methods when you try to log in, e.g., by entering a code sent via text or to another email account. 
  3. Check your email settings and filters: Remove anything that seems unfamiliar, e.g., new forwarding rules or unrecognisable contacts. 
  4. Scan your device for malicious activity: Perform a scan using your antivirus software to identify and remove any malware or viruses. 
  5. Contact your email service provider (Outlook, Gmail, etc.): Follow their advice, especially if you need to recover your account. 
  6. Monitor your account activity: Once your password has been changed, watch out for any other suspicious activity to ensure that the hacker no longer has access. 
  7. Notify your contacts and colleagues: Warn them that you’ve noticed suspicious activity on your account and advise them not to open or click on any unexpected emails from you. 
  8. Ensure your security software is always up to date: Install updates and patches as soon as they become available, and don’t ignore pop-up reminders to update your security, apps, operating systems, or devices. 

How do I prevent email hacking?

While the tips provided above can certainly assist you in addressing the aftermath of a potential data leak, the optimal strategy is to proactively safeguard your email account against hacking before it ever becomes a concern. Preventing email hacking is not only more efficient but also helps you avoid the potentially severe consequences that may arise from a breach of your personal or business information. 

Here are our top tips for protecting your emails: 

  • Have a robust email security system in place: Your email security software should be able to scan links and attachments for any potential threats, block malicious emails as well as warn you of potentially suspicious emails (e.g., from unknown senders or senders outside of your organisation).  
  • Have domain impersonation protection: Invest in robust domain impersonation protection to safeguard your company against hackers who use email accounts similar to those of your colleagues to deceive you into sending confidential information, making financial transactions, or modifying payment details. This proactive measure helps ensure that your employees can trust the authenticity of incoming emails and reduces the risk of falling victim to phishing schemes. 
  • Educate your staff: Your employees are usually the number one risk to your security, but it’s often not their fault! Proper cybersecurity training will teach them how to spot and manage scam emails, protecting your business from threats. 
  • Take advantage of two-factor authentication: Add an extra layer to your security with another form of identity verification (e.g., a fingerprint or a code sent via SMS). Alternatively, enable SSO for a smooth and secure login experience across all your accounts and apps. 
  • Implement a password policy: Encourage all staff to use long, complex passwords that include letters, numbers, and characters. If a password doesn’t represent a genuine word, even better! Take advantage of a password manager so that secure passwords can be created for you and stored safely, so your team won’t have to remember different passwords for each of their accounts. 
  • Never forget to update your software: Ensure your security systems are always up-to-date and encourage your team to update their apps, operating systems, and software. 
  • Take advantage of device encryption: Protect your data by encrypting it, meaning that if your devices end up in the wrong hands, your data is safe. 
  • Undergo regular security audits: Work with your IT partner to establish a cybersecurity policy and audit your security infrastructure. This should be reviewed and tested on a regular basis to stay ahead of emerging threats. 

How can I maximise my email security with Sereno?

Email hacking is the easiest way for cybercriminals to infiltrate your systems and launch a cyberattack. That’s why, at Sereno, we understand that a single email security service isn’t sufficient to protect against these types of attacks. 

Like other aspects of your cybersecurity, email security necessitates multiple layers of protection. This ensures that if one solution fails, you remain safeguarded. Examples of various email security solutions include: 

  • Email Antimalware & Spam Filters: These tools are designed to identify phishing emails and prevent them from reaching your inbox, thereby keeping you protected. 
  • Enforced Password Policies: Implementing stringent password policies ensures that your staff use a variety of complex passwords across their different accounts. 
  • Multi-Factor Authentication: This security feature ensures that any login attempts to your email account undergo verification in at least two different ways. 
  • Cloud Backups: Utilising secure third-party cloud backups to safeguard your email data. These backups serve as a safety net, allowing you to recover your emails and information in the event of a malicious attack or data loss. With cloud backups, you can quickly restore your email content and maintain business continuity even in the face of cyber threats. 
  • Secure Email Settings: Configuring your email settings to ensure that only authorised individuals can send emails from your company domain. Also, implement encryption and protection measures to safeguard email communications during transit and maintain the confidentiality of your sensitive information. 
  • Impersonation Protection: Deploying domain impersonation protection to defend against email-based impersonation attacks This security feature detects and blocks cybercriminals attempting to impersonate trusted colleagues or superiors, reducing the risk of falling victim to phishing schemes and preserving your organisation’s integrity and security. 
  • Reactive Services: It’s essential to have provisions in place to combat a breach if it does occur. Solutions may include device restoration and device quarantine. 
  • Security Controls: Implementing advanced security controls to enhance your email security This includes the ability to remotely wipe emails from specific devices, ensuring that sensitive data remains protected even if a device is lost or compromised. This is in addition to restricting the download of data to authorised devices only, providing an additional layer of security against unauthorised access. 
  • Security Reporting: Continuous monitoring and reporting on the status of your security ensure that you’re protected at all times and provide insights for implementing changes to enhance your security as your business evolves and faces evolving threats over time. 


We understand that there’s much to consider here, not only regarding your email security but also your cybersecurity more broadly. At Sereno, our goal is to alleviate the burden and stress of protecting your business. That’s why our security solutions are available in simple, easy-to-understand security packages categorised by the type of security and level of protection. 

Our email security packages include the best security software, controls, and reporting. You simply need to choose from our basic, standard, and premium options based on your budgetary requirements and your business’s needs. These packages clearly outline what you have, what you don’t have, and what additional features are available, enabling you to make fully informed decisions. Plus, every option complies with standard compliance requirements, ensuring that regardless of the package you choose, you know you’re in safe hands. 

All of our packages are exclusively managed by us, providing you with peace of mind that we will implement, maintain, support, and report on all of your security solutions. Furthermore, your dedicated technology advisor will conduct quarterly meetings with you to explain the current state of your security, including successes and areas for improvement. 

If you’d like to learn more about how we can help prevent email hacking or maximise your cybersecurity more broadly, please contact us today. 

Share this post on

Got a specific IT support use case to discuss?

We’re here to answer any question you might have. Get in touch today!

Grow Your Cyber Security Awareness

Join our quarterly newsletter to receive our experts’ insights, best practices, tips and market updates to help grow your business IT security.

You can unsubscribe anytime. For more details, review our Privacy Policy.