Recovering from a hacked email account can be easy or hard, depending on which email service provider you use and whether or not you have backups. Let’s look at several likely scenarios, from most common to least common.
GMail, Yahoo Mail, Hotmail/MSN Email
Many people use Web-based email from the three largest email service providers: Google, Yahoo, and Microsoft. Breaking into one of these accounts is usually as simple as entering your email address or username and your password, so any hacker who gets your password from somewhere else (or guesses it), can break into your email. The reward for the hacker is that a lot of people store password emails and other valuable information in their email accounts, plus the hacker may be able to use your email account to scam people you know.
After hackers break into your account, they’ll often change your password or delete all of your emails (after downloading a copy of any emails they think might be useful). They’ll also delete your address book (contacts database) so you can’t immediately tell your friends and family that a hacker is using your identity to run a scam on them. You need to know how to check if your email account is hacked or not!
If you can login to your account then do so and change your passwords and recovery settings as soon as possible.
The sooner you report a problem with your email account, the better your chances of getting all of your emails back. It’s best that you report your problem within 24 hours; after that period, the email service provider may purge your old emails and contacts from their database. After you report your problem (or maybe before, if you need to login to report your problem), you can use the password reset on the site to change your password using another email account or your mobile phone.
Make sure when you report the problem, you ask Google, Yahoo, or Microsoft to reset your email account to where it was the last time you used it or before the hacker logged in for the first time. All three companies have the technology to do this, but you may need to push them to use it. (It’s not a fully automated tool, so an actual customer support person has to set it up, which means they need to pay someone to do work on your free email account. Companies don’t usually provide great service to their free customers, so you will need to be extra assertive.)
In my experience, most people don’t get their emails restored. They either wait too long to ask (the emails are permanently deleted), they aren’t assertive enough (seriously, you might have to call), or they just don’t try in the first place. That’s why I highly recommend that you use a tool to backup your online email. There are free or low-cost tools to backup email from Google, Yahoo, and Microsoft. You should run the tool once a week or more often.
ISP Email Hacking
Most people I know who don’t use Google, Yahoo, or Microsoft end up using the email which comes free with their Internet Service Provider (ISP) Internet connection, such as Earthlink, Errols, AOL, Comcast, and others. Many of these companies provide two ways to access your email, a Post Office Protocol (POP or POP3) connection which lets you download your email to your computer and a webmail interface similar to GMail but less fancy.
If you use the POP connection and download all of your email to your computer, you have a little bit more defense against attackers than webmail users. A hacker will need to break into both your computer and your ISP account to get your email. However, if you save your POP password on your computer in your email program so you don’t have to type it every time you download email, then that extra security disappears—the hacker can just break into your computer to get both your old email and your new email. So we all have another reason to protect our computer from viruses and intruders.
Unfortunately, most ISPs don’t work like Google, Yahoo, and Microsoft—they don’t keep old copies of your email in their database for 24 hours or so. When someone deletes an email in your webmail or downloads it to your computer using POP, that email is deleted forever.
If you get hacked on your ISP email, the only thing you can do is reset your password, scan your computer for malware, and restore your email from backup. On the upside, backing up your email is as easy as backing up the rest of your computer (you do backup your whole computer on a regular basis, don’t you?), so you probably have all of your email up until the last point you backed up.
Hacked Email At The Office
If you get your email hacked at the office, the first thing you should do—do it immediately—is call your technical department and report it. Many hackers who attack businesses can use your email information to attack your bosses or your boss’s bosses, which will look bad on you. The earlier you report the hack, the less time the hacker will have to make his attack before your technical department can lock down your internal security. That means less trouble for you.
Medium and large companies in the U.S. are required to keep email archives by law, so there’s a good chance you can get your email back. But remember that you’ll probably be the technical department’s least favorite person for a few weeks (locking down the network will interrupt the technician or technicians in your company from whatever else they were doing). For that reason, I suggest that you also keep a backup of your business email and address book. (I also highly recommend that you keep a personal copy of your business address book for yourself for a non-technical reason—who you know is a huge factor in getting promotions or better jobs, so you’ll want your contact database even if you get laid off, fired, or quit on your own.)
Most desktop business email programs offer a backup feature. If you get stuck with a corporate webmail interface, just ask the technical department if there’s a server which lets you use Microsoft Outlook or Apple Mail; most companies have these servers even if they’re a bit hidden. That way you can use Outlook, Mail, or another program to backup your email in case your email gets hacked.