What to Do If Your Email Is Hacked: Step-by-Step Guides for Gmail, Outlook, and iCloud Mail

Your email account is connected to so much of your online life: your banking, your social media, your shopping, and more. And that makes it an attractive target for hackers.

Fortunately, it’s relatively easy to secure your account when you know what steps to take. In this guide, we’ll walk you through how to spot the signs of a hacked email account, what to do if your email is hacked, and how to protect yourself from future hacks.

Though it’s impossible for this guide to cover every conceivable scenario, we discuss below typical hacking symptoms and remedies.

How Do I Know If My Email Has Been Hacked?

Not every hack is immediately obvious. Sometimes a hacker will access your account quietly, without triggering any alerts or making changes you’d notice right away. Here are some of the most common signs that you’ve been hacked:

• Unexpected changes to your account details: Changes to your recovery email address, backup phone number, or account signature can all indicate hacking. Cybercriminals often update these details early on to make it harder for you to regain control of your account.
• Difficulty logging in: If your password suddenly stops working, a hacker may have changed it to lock you out. Try your email provider’s account recovery process immediately.
• Unusual emails in your sent folder: Check your sent folder for emails you didn’t send, especially ones containing links or requests for money. Hackers sometimes use compromised accounts to run phishing scams targeting your contacts.
• Suspicious password reset emails: Receiving password reset requests for accounts you haven’t tried to log into is a sign that someone may be using your email address to gain access to your other accounts.
• Missing emails: Hackers sometimes delete emails to cover their tracks. If messages seem to have disappeared – particularly from specific senders or around a specific time – it’s worth investigating.
• Being locked out of other accounts: Because so many accounts rely on email for login and password recovery, a compromised email address can quickly give a hacker a foothold across multiple platforms.
• Unfamiliar login attempts or active sessions: Most email providers let you view recent login activity. Logins from unfamiliar locations or devices are a red flag.
• Contacts, folders, or rules you didn’t create: Hackers sometimes set up email-forwarding rules to quietly copy your incoming messages, or create folders to organize stolen data without you noticing.
• Altered security settings: Changes to your two-factor authentication (2FA) settings or trusted devices that you didn’t make are a serious warning sign that someone else has had access to your account.

My Email Has Been Hacked: What Now?

If your email has been hacked, the next steps you take will depend on the service you use. That said, there are some universal best email security practices worth keeping in mind regardless of which platform you’re on:

• Use your email provider’s recovery process: Most major email providers have a dedicated account recovery process to help you regain access if you’ve been locked out. This should be your first port of call.
• Change your password: Once you’re back in, update your password immediately. Make it long, unique, and something you haven’t used before. 
• Enable 2FA: Two-factor authentication adds an extra layer of security by requiring a second form of verification to log in, making it significantly harder for hackers to access your account even if they have your password.
• Let your contacts know: If a hacker has been using your account to send emails, let your contacts know so they’re aware they should ignore any suspicious messages that came from your address.
• Report it to your email provider: Most providers have a process for reporting compromised accounts. This helps them flag suspicious activity and can assist in securing your account.
• Update your security questions: Security questions can be a weak point if the answers are easy to guess or find online. Take the opportunity to update them with answers that are harder to crack.

Let’s take a closer look at how to tackle some of these tasks for the three major email providers, starting with Gmail.

Jump to step-by-step instructions for: Outlook | iCloud Mail

What to Do If Your Email Account Is Hacked via Gmail

If your Gmail account has been compromised, you’ll need to access your Google Account settings and your Gmail settings to secure your email.

1. In your Gmail inbox, click your profile picture in the top right corner and select Manage your Google Account. 

2. Click on Security and sign-in in the left-hand menu and scroll down to the Your devices section and click Manage all devices. Here you’ll see every device currently signed into your account. 

3. Click on any device you don’t recognize and select Sign out.

4. Return to the Security and sign-in menu and find the How you sign in to Google section and click Password. 

5. Enter your existing password before setting a new one. 

6. Return to the Security and sign-in page and the How you sign in to Google section, click 2-Step Verification.

7. Click Passkeys and security keys and follow the on-screen prompts to set up 2FA.

8. To add or update a recovery email, click Personal info in the left-hand menu and then click Email.

9. Click Recovery email to add or change your recovery email address.

10. To add or update your recovery phone number, return to the Personal info menu and click Phone, then edit or add your number.

11. Go back to the Security and sign-in menu, scroll down to Your connections to third-party apps and services, and click See all connections. 

12. Click on any apps in the list you don’t recognize or no longer use to inspect what type of access they have to your Google Account.

13. If necessary, click Delete all connections you have with the app.

14. Navigate to your Gmail inbox and click the cog icon in the top right to open the Quick Settings menu, then click See all settings.

15. Go to the Filters and Blocked Addresses tab and check for any filters you didn’t create. Delete anything suspicious.

16. Click the Forwarding and POP/IMAP tab and check whether forwarding has been enabled to an address you don’t recognize. If so, remove it immediately.

How to Secure Your Email Account on Outlook

If your Outlook account has been compromised, you’ll need to secure it using your Microsoft Account settings and Outlook’s inbox settings.

1. Go to account.microsoft.com and sign in, then click your profile picture in the top right corner and select My Microsoft Account.

2. Click Security in the left-hand menu, then select Manage how I sign in.

3. Review your current sign-in and recovery details, including your password and other verification methods like emailing or texting a code, or using a passkey.

4. Scroll to the Additional security section and click Turn on under Two-step verification. Sign in with your password and follow the on-screen prompts to set up 2FA.

5. Return to the Security menu, scroll down to Sign out everywhere and click Sign out everywhere, confirm the sign-out by clicking Sign out.

6. Click on Privacy in the left-hand menu, then select Start privacy checkup to check for any suspicious recent activity on your account. Follow the prompts on screen to improve your account privacy and security.

7. Click on Security in the left-hand menu and click View my sign-in activity in the Account Security section. 

8. Inspect the current sessions and, if any look unfamiliar, click Secure your account. Follow the prompts to review your recent activity and remove devices.

9. In your Outlook inbox, click the settings cog in the top right corner, then select Mail, followed by Forwarding and IMAP. Check whether email forwarding has been switched on to an address you don’t recognize. If so, disable it immediately.

10. Still in Settings, select Mail and then Rules. Review all listed rules and delete any you didn’t create.

Easy Steps to Secure a Hacked iCloud Mail Account

If your iCloud Mail account has been compromised, you’ll need to work across your Apple ID account settings and your iCloud Mail settings. Here’s what to do:

1. Go to account.apple.com and sign in. If you’re already signed in on an Apple device, open System Settings, tap your name, and scroll down to Devices to see the list of devices currently signed in with your Apple ID.

2. Click on any device you don’t recognize and select Remove from Account to sign it out.

3. Under Sign-In & Security, review the email and phone numbers associated with your account under Email & Phone Numbers. Remove anything that looks unfamiliar or that you no longer have access to.

4. Return to the Sign-In & Security menu, click Change Password, enter your current password and then a new, strong password that you haven’t used anywhere else.

5. Next, click on Two-Factor Authentication and add a trusted phone number to enable 2FA if you haven’t already.

6. Open your iCloud Mail application, navigate to the Settings menu and click on Rules. Remove any that you don’t recognize.

How Do Hackers Get Your Email Login Details?

Understanding how hackers get into email accounts in the first place can help you stay one step ahead. Below are some of the most common methods.

Phishing and Similar Attacks

Phishing is one of the most widespread ways hackers steal login credentials. It typically involves a fraudulent email designed to look like it’s from a legitimate source (e.g. your email provider, your bank, or another trusted organization) that tricks you into entering your details on a fake website. 

Variations include smishing (phishing via SMS) and vishing (phishing via voice call). What all these attacks have in common is that they rely on urgency and deception to catch you off guard, so taking a moment to verify any unexpected request before acting on it can go a long way.

Browser-in-the-Browser Attacks and Sneaky 2FA

A more sophisticated technique involves what’s known as a browser-in-the-browser attack. This is where a fake login pop-up window is embedded within a legitimate-looking webpage, mimicking a real sign-in prompt so convincingly that it’s easy to mistake it for the real thing. 

Some attackers take this further by also intercepting 2FA codes in real time – sometimes called sneaky 2FA – using fake login pages that pass your credentials and verification codes straight to the hacker while you’re in the process of logging in.

Credential Stuffing

Credential stuffing is a real risk if you reuse passwords across multiple accounts. This is where hackers take login credentials exposed in one data breach and use automated tools to try them across other websites and services. 

If your email password is the same as one you’ve used elsewhere and that other site has been breached, your email account could be compromised without the hacker ever targeting you directly. This is why you should use a unique password for every account.

Data Breaches

Sometimes your email credentials can be exposed through no fault of your own. When a third-party service you’ve signed up to suffers a data breach, your email address and password can end up in the hands of hackers. 

It’s often helpful to use specialised tools (like PIA’s Identity Guard) to monitor whether your email addresses have been involved in known data breaches.

Malware and Keyloggers

Malicious software installed on your device can record your keystrokes or harvest saved passwords, giving hackers direct access to your login credentials without you ever knowing. 

You can help prevent these kinds of attacks using PIA’s MACE feature. It’s a DNS-based ad and malware blocker that automatically blocks known malicious sites and trackers that can be used to deliver this kind of software.

Man-in-the-Middle Attacks

On unsecured public Wi-Fi networks, hackers can position themselves between you and the websites you’re visiting, intercepting data – including login credentials – as it passes between your device and the network. 

Using a VPN on public Wi-Fi encrypts your internet traffic, making it much harder for anyone on the network to intercept your data.

How to Prevent Future Email Hacking Attempts

Now that your account is secure, here are some steps you can take to reduce the risk of it being hacked again.

Use Strong, Unique Passwords

A strong password is one of your best defenses against unauthorized access. Use a long combination of letters, numbers, and symbols, and make sure it’s unique to your email account – never reuse passwords across multiple sites. 

You can use a password manager to help you generate and store strong passwords without having to remember them all.

Enable 2FA

If you haven’t already set up 2FA as part of securing your account, do it now. It means that even if someone gets hold of your password, they’ll still need a second form of verification to get in.

Set Up Login Alerts and Recovery Notifications

Most email providers allow you to set up alerts for new sign-ins or changes to your account details. Make sure these are enabled so you’re notified immediately if something looks suspicious.

Monitor Your Account’s Security Activity Regularly

Get into the habit of periodically checking your account’s recent activity, connected devices, and third-party app access. Catching something unusual early gives you a much better chance of limiting any damage.

Be Aware of Phishing and Other Scam Emails

Many email hacks start with a phishing email designed to trick you into handing over your login details. Be cautious about clicking links in unsolicited emails, and always verify that emails claiming to be from your email provider are genuine before taking any action.

FAQs About What To Do If Your Email Is Hacked