Stolen digital assets, compromised accounts, identity theft - you have probably read about such cybercrimes many times. Often, they are the result of a hacked email account. Once an unauthorized third party obtains access to your mailbox, they can read your emails, send emails on your behalf or access other accounts that are associated with that mailbox. They can obtain personal information or private photos, confidential contracts, scanned IDs, travel confirmations and any other information you may have sent or received. The longer this person has access to your email account, the more damage they can do. This is why, you should take measures the moment you realize that you are not the only one browsing your mailbox.

How can your email get hacked?

  • If you use a weak password, it’s not a question of if somebody will get access to your account, but when. You will be surprised to find out how many people use “12345” or even “password” as their password.
  • If you use a strong password, but you use it for multiple accounts, it may have leaked online due to a data breach. Once one account has been compromised, all other accounts that share the same password are at risk.
  • By clicking on a “password confirmation” or a “login” link in a phishing email, you will directly supply your password to hackers.
  • If you use a public computer and forget to log out, the person who uses the computer after you will have full access to your electronic correspondence.
  • Malware on any computer you use can also result in your login credentials being sent to a third-party. This includes spyware, keyloggers and any other malicious software that can be used to steal your data or to trick you into submitting it yourself.

Whatever the reason, what matters is that you will not be the only one with access to your electronic correspondence. It may not matter much for a personal mailbox that you rarely use, but if your work email gets hacked, it can have a detrimental effect on your business. This is why, you should be careful and you should always keep an eye for anything of the ordinary.

Here are five common signs that your email has been hacked

1. You can no longer log in.

This is the most obvious sign that something is not right. If you are not able to log in, most probably somebody found out your password and changed it. There are different ways how this may have happened. What matters in this case is that you no longer have access to your electronic correspondence.

2. Your mailbox is accessed from a different location.

If an unauthorized third party accesses your email address, they may not want to make you suspicious by changing the password. Instead, they may just monitor your incoming and/or outgoing messages to steal more information. Your email provider keeps access logs, so you may be able to access that information somewhere in your mailbox (hosting control panel, webmail interface) or you can contact your provider and ask them to tell you what IP addresses have accessed the mailbox lately. If you have any doubts, you will find out pretty quickly if somebody else is accessing your mailbox.

3. There are unknown messages in your Sent folder.

If somebody got into your mailbox and didn’t change the password, it doesn’t mean they don’t want to use the mailbox for malicious purposes. People rarely check their Sent folder, so if somebody sends out messages from your mailbox, it will probably take you much longer to notice that, especially if nobody replies to them and you don’t see any other sign of unauthorized access in your Inbox.

4. You receive password reset emails.

A lot of services are available online these days, so if you start receiving emails with password reset instructions about online banking, social networks, hosting accounts, shopping sites, etc., it is a clear sign that somebody probably has access to your mailbox and wants to access other services you use. Of course, it is possible that somebody is trying to access these services directly, without being able to read your emails, but you should not rely on that.

5. Your contacts receive messages you did not send.

If people you know tell you that they have received some emails from you that you did not send, most probably somebody got access to your mailbox and tried to trick them into submitting their own contact/login/personal information. If they realize these emails are not legitimate, they can delete them, but if they don’t, they will become victims of the same hacker who has accessed your email address. Sometimes such a thing can have a negative impact on your communication and reputation.

What should you do next?

First of all, do not panic. You should act quickly if you want to minimize the damage. There are a few things you should do as soon as possible.

1. Change your password immediately.

If you still have access to your mailbox, this is the first thing you should do to prevent further unauthorized access. If possible, use a different computer to do that, not your own. Once you update the password, anybody using your mailbox will be logged out. Enable 2-factor authentication, if such an option is available. This will either solve the problem for good, or will give you time to take additional measures.

Make sure that you choose a strong password that you have not used before. Check out our article on the topic:

2. Contact your email provider.

If you are unable to change the mailbox password for some reason, you should contact your provider to regain access or at least to disable the mailbox temporarily in order to prevent further damage. If you use a corporate email provider, this will be your only option. If you use a web hosting provider and your hosting account has not been compromised, you can log in to your control panel and change the password yourself. In any case, you can contact your provider not only for assistance, but also for additional information – when the mailbox got hacked, where it was accessed from, were there any messages sent out that do not appear in your Sent folder, etc.

Our top-notch support team has an average response AND resolution time of only 7 minutes. If you ever experience any problem with your emails, we will be there to assist you.

3. Check your mailbox settings.

Even if everything is intact, somebody may have added a filter or email forwarding, so even if you are the only one who can access the mailbox, they will still receive a copy of all your messages. Check all mailbox settings, including some that you may not find that important, such as additional identities that may have been added.

4. Scan your computer for malware.

This is one of the possible ways for a third party to find out your password and to start exploiting your mailbox. Run a scan with some antivirus software, update your operating system and browsers, and double-check for any suspicious software you may have on your computer. Sometimes phishing emails can trick you into installing software that includes keyloggers or some other type of malware. Check our article how to recognize and avoid phishing emails:

5. Inform your friends and partners.

Whether you will tell them in person, you will send them a message or you will publish a post on social media, they should know that any suspicious messages they may have received from you, were actually sent from another person. It is likely that whoever hacked your email address, may try to lure your contacts into sharing their own login credentials.

6. Check your other accounts.

If you used this particular mailbox to sign up for different services, it is possible that the hacker gained access to them as well by requesting a password reset email. If you received any lost password emails, this is most certainly the case. Even if you have not received such emails, it is recommended that you take precautionary measures to be on the safe side. Update your passwords for all accounts that are associated with this email address and if possible, add 2-factor authentication.

7. Restore a backup.

If any of your emails have been deleted, you can restore them. If you have a backup, that is. Web hosting providers usually keep a backup of the site files and emails, so if this is the case, you can easily restore everything. If you use an enterprise email provider, backups are not available by default, so you will either have to download all your emails every now and then, or you will have to use a third-party paid service that will generate backups.

How can ICDSoft help you?

If you host your emails on our servers, there are several things we can help you with – either to prevent your email getting hacked, or to minimize the damage in the unfortunate event of the mailbox getting compromised.

When you create a new account in your hosting Control Panel, you can use our password generator to create a strong password. You can choose a random alphanumeric password (8-64 characters) or a phrase that consists of up to 8 words. This way, you will be sure that you use a strong password. In addition, our system will not allow you to create the same mailbox with the same password using more than one domain. If [email protected] gets compromised, it is natural that the hacker will try the same combination for [email protected], but they will not be successful.

To minimize the chance of getting tricked into downloading and installing some software or clicking on a phishing link in an email, we protect all mailboxes with antivirus software and the powerful SpamAssassin anti-spam platform by default. Of course, you should have antivirus software on your computer as well, but out system will be your first line of defense in case that somebody decides to send you malicious files/links.

If your email address gets hacked nonetheless, and you lose any of your correspondence, you can restore a backup with a few clicks. We keep two daily backups of all your emails for the past 15 days by default, but our Extended Backups optional upgrade will give you access to additional monthly backups going a whole year back. In the meantime, you can stop the email service for that particular hosting account through your Account panel as we give you full control over all services associated with your hosting account.

Wrap Up

If your email address gets compromised, you may lose not only personal information, but also money and access to other services. All it takes is for the hacker to find out what services you use and to request a password reset. This is why, you should take measures immediately after you find out your email has been hacked. A few signs you should be aware of are - being unable to log in, strange emails appearing in your mailbox, or people telling you they have received emails you have not sent.

If anything like that happens, you should not panic and you should act fast. Updating your password, contacting your email provider and restoring a backup (if available) if anything is missing are among the first steps you should take. Make sure that you tell your contacts about that to warn them and double-check all your other accounts to make sure the damage has been contained. Getting hacked is not impossible, so you should always be prepared.


A web hosting provider since 2001. We host over 58,000 websites for customers in over 140 countries around the globe.