My Email Was Hacked

Your email is not just an inbox. It is the reset button for almost every other account you own.

That sounds scary, but it also gives us a clear order of operations: secure the email first, then check what the attacker may have used it to reach.

---

First 10 Minutes

Use a device you trust. If someone was controlling your computer or you installed remote access software, use your phone on cellular data or another clean device.

1. Go directly to your email provider’s website or app.
2. Change the password to something long and unique.
3. Turn on two-factor authentication.
4. Save backup codes if the provider gives them to you.
5. Sign out of all other sessions.
6. Remove any device, browser, or app session you do not recognize.

If you cannot get in, start the account recovery process with the provider. Do not pay anyone who claims they can “recover” your account for a fee. That is often another scam.

---

Check What They Changed

Attackers often leave a way back in. Look for these settings:

• Recovery email: Remove anything you do not recognize.
• Recovery phone: Remove unknown numbers.
• Forwarding rules: Disable anything forwarding your mail elsewhere.
• Filters or rules: Delete rules that archive, delete, or hide security emails.
• Connected apps: Remove apps, extensions, or devices you do not use.
• App passwords: Revoke old app passwords if your provider supports them.

Then search your inbox for:

• “password changed”
• “new login”
• “security alert”
• “verification code”
• “order confirmation”
• “bank”
• “wire”
• “Zelle”
• “PayPal”
• “crypto”

You are looking for clues about what else they touched.

---

If Messages Were Sent From Your Email

Check sent mail and deleted mail. If the attacker sent scam messages to your contacts, send a short warning:

My email was compromised. If you received a link, attachment, money request, or unusual message from me, please ignore it and do not click anything. I have changed my password and secured the account.

Keep it simple. You do not need to explain the whole story.

---

Protect Accounts Connected To This Email

After email is locked down, secure the highest-risk accounts in this order:

1. Banking, credit cards, payment apps, crypto, retirement, and brokerage accounts.
2. Apple ID, Google account, Microsoft account, phone carrier, and password manager.
3. Work, school, health insurance, government, tax, and benefits accounts.
4. Shopping accounts with saved payment methods.
5. Social media and messaging accounts.

For each one, change the password, turn on two-factor authentication, check recent activity, and remove devices you do not recognize.

---

If Money Or Identity Information Was Involved

If you see suspicious transactions, call the financial institution using the number on your card, statement, or the official app.

If your Social Security number, driver’s license, passport, or tax information may have been exposed, use IdentityTheft.gov to build a recovery plan. You can also report scams and fraud at ReportFraud.ftc.gov.

---

What To Watch For Next

For the next few weeks, expect follow-up attempts. Scammers may try again because they know this email was valuable.

Watch for:

• Password reset emails you did not request.
• New login alerts.
• Friends asking why you sent them a strange message.
• Delivery or purchase confirmations you do not recognize.
• Calls from people claiming they can help recover money or accounts.

The last one matters. Recovery scammers target people who have already been hurt. If someone asks for money to recover stolen funds or “trace hackers,” pause and verify before engaging.