Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

158 comments on “My Email Is Hacked, How Do I Fix It?”

  1. To back up your contacts list, most email providers have a function to export your address file. They often give you a choice as to which format to export to such as LDIF, VCF of CSV (comma separated values, which can be read by Excel and most other spreadsheet programs).

    Reply
  2. People i know sometimes get their accounts hacked and ask me for advice. I also tell them its a good idea to virus-scan their machine with a secondary antivirus (MalwareBytes Anti-Malware is the one I recommend most times) before changing passwords. Because if there is a keylogger can pick up password changes otherwise.

    Reply
  3. My contact list was hacked. I was notified through my yahoo account. The invaded(it came from a different country-with a IP address(can I tract the IP address or can I turn the IP address) in that they used) used a deivce and was able to spam my contacts. I changed my password and I have changed it before. This is the third time it has happend to me. Maybe I should change to a different type of service.

    Reply
  4. The following could be added to 4. Check Related Accounts:
    ” Since PayPal does not require the using of the security code on the back of your credit card, if hackers are able to access your PayPal account they can easily make charges to your credit card. I have had this happen to my PayPal account.”
    That is why I refrain from using PayPal and any other online business which does not go the extra step to protect its customers.

    Reply
    • PayPal does give you extra security whenever I make a purchase with paypal I get a security code sms’d to my mobile that I have to enter to complete the transaction. It also stops anyone being able to hack into your paypal account as you access your account unless you use the code sent to your mobile

      Reply
  5. >> Maybe I should change to a different type of service.

    You probably need a better and longer password.

    I recommend to people they pick 3 things they would never forget, like favorite color, dog’s name, and first child or some other name, etc, then pick a number you’d never forget like last 4 of your SSN, and then mix them up, maybe something like,

    blue5Thor8Sarah20

    If your email service can take this long of a password, you’d be wise to make up some kind of similar rules for yourself that are easy to remember, and then follow it.

    Also, *NEVER* reuse your email password as the password for any other account.

    Make slightly different password rules for your bank and other accounts.

    Reply
    • never using email password for another account, or perhaps for another email account is probably a good idea, but maybe not so much any kind of password with a contextual base. You’d be surprised how easy it is to crack, and even when you’ve got a seemingly secure password. Combination of Alpha-Numberic-Symbol (avoiding quotes) is the best way to go – 16 characters. Sign up for a free email certificate at comodo, so you can send secure email – there are lots of online javascript password generators that are designed for the purpose of defeating keyloggers, so they don’t get to your password from the get-go, copy and paste (cntl + c, cntl + v) passwords in a secure email to yourself and file it away. Hackers wont tell you that they are sitting in your email, so if you don’t lock it down, or simply don’t see activity – this doesn’t mean anything (if you become a target – they’ll simply hack your new password, and wait until you put your new bank password in an email). If passwords are important to you, consider a program designed to store and retrieve passwords, like 1password, and never enter personal and financial information from an email, that’s what customer support is there for, to help you.

      Reply
      • The company I work for was hacked. The data for employees and clients were at risk. Then I was compromised as we worked from home for a year. My 2 phone’s, 2 laptops, all email addresses, and debit cards. After 2 months and trying to unlangle the web I’m in, I was left with new phones & numbers, both laptops are locked, all accounts lost and gave up on debit cards. I would like a laptop back and they used a keylogger, I saw that just before I was logged out. Is it worth retrieving that laptop ( take to someplace to get in) or should I cut looses. The company is BIG and they sat on our information for a year before they moved on anything. The hacker actually communicated to me by Google articles as I talked to my phone ( myself) in confusion when it first started. I thought I was loosing it as the articles answered my questions like ” why me’. The spider web that is used to change the access so they control everything is very detailed. IE, Adobe, Facebook, Messenger, Dual Apps. Remote access, Redirection so you can’t access anything.. Left me and my family devestated as they dependents. Please do the 10 steps ASAP. I was locked out before I got educated.

        Reply
        • My ex keeps hacking into my email. I am now locked out of my email that I had for 30years, and iCloud. I have lost everything. I set up a new Apple ID, and email. Now that password never matches up. Could he be the admin on my computer, or is in a group? Could he have hired a spy program from England? Should I rest my TV’s? Is there a pro I can hire to help me?

          Reply
  6. Great article. I like the detail this article has,it’s very informative. I will be forwarding the Link to many seniors that I try to keep up to date on computer and Internet security.

    Reply
  7. I really, REALLY gotta wonder about all these people who’ve had their free email accounts hacked. Sure, there’s malware, password stealers, but it’s a lot like crossing a busy street. A LOT of the danger is avoided just by basic simple precautions, like looking for a break in traffic. Over the last 20 years, I’ve never had an account hacked, never had personal information compromised, nor ever used any stronger password than the same simple 7-LETTER one wherever I’ve been allowed to use it. I suspect a majority of these hacked accounts have been willingly shared with others. Any secret that’s known by more than one person is no longer a secret.

    Reply
  8. Mike – you are very lucky. I have had strong passwords for years (14 characters) and STILL a hacker managed to hack two of my email accounts — a Microsoft Live (Hotmail) account and an “inbox.com” account. I only found out when the hacker sent spam email — to my small business email account! I did some research and found that the hacker was located in Belgium and was using a smart phone at the time! How could he (or she) have found out my password? I’m not even sure how (or if) he got access through the “forgot my password” link offered. This also happened to my ex-wife’s Yahoo account (she had a much weaker password – only 10 characters. It was the same hacker IP address in Belgium. There are many ways to get your password; yes, it could be as simple as a password reset, but there are insidious programs that send your password to the hacker. In my ex-wife’s case, I found out through Malwarebytes that the computer had been regularly sending out an “outbound IP request” to this same IP address in Belgium. There was a small program capturing passwords on her PC. I finally was able to kill the process with TDSSKILLER, which I believe Leo had mentioned. Leo, keep up the good work — this is the most comprehensive article I’ve seen on email hacking; I hope people will heed your advice. Unfortunately, one can’t always back up email — I was able to use SeaMonkey’s (Firefox platform) email to grab my emails from inbox.com, but Yahoo won’t allow you to download using POP unless you have a paid account.

    Reply
    • So, in #3 above, Leo mentions the hacker possibly having put in his / her email address and / or phone number for purposes of “recovering” the account. Am I the only one who thinks this information should be useful in tracking down the perpetrator? Is there any sort of law enforcement effort, domestic or international, to deal with these pond scum creatures? Is there any value in capturing the hacker’s contact info for this purpose? (Or maybe to hunt them down & ….)

      Reply
      • Actually it’s often just another anonymous account. I suppose, technically, it could be used to track down the scammer somehow if enough resources were applied. However is YOUR email account hack SO important that a cooperation of international law enforcement agencies will go after yoru specific hacker? Maybe, but I would not count on it. Generally they have bigger fish to fry.

        Reply
  9. Seems like most if not all of these people who have had there email account hacked use an online email account. I have never heard of a Thunderbird or Outlook Express account hacked. Maybe these people should switch to Thunderbird, Outlook Express or some other PC based email account. Just a thought!
    Mike :-)

    Reply
  10. It seems to me if someone can figure out your password is something simple they can also figure out something hard. A person has to have a way of actually seeing your password to figure it out. If I decide my password is going to be I like duck’s I don’t see how a guy in Maine is going to figure that out. He is going to have to have a way to see it and if my password had 20 character’s wouldn’t he still see it?

    Reply
  11. @Mike W.
    You’re comparing apples and oranges. Thunderbird and OE are email programs which are used to access online email accounts, which can be Hotmail, Yahoo etc. These people who are having problems with their emails being hacked may also be using an email clients such as Thunderbird or Windows Live Mail. It doesn’t really make any difference whether they use an email client or access their email through a web based interface.

    Reply
  12. @Krktoday
    It’s not so much a question of someone figuring out your password. Hackers use programs that have different techniques to guess or crack the passwords, such a dictionary attacks, in which case ‘I like duck’s’ would be cracked in milliseconds or brute force where all combinations of characters are tried until they succeed. A long password can take an exponentially longer time to crack. This article on Ask Leo explains how this works. How long should a password be?

    Reply
    • Yes I was hacked the other day and I have no doubt it was from just simply knowing my phone number and I’ve seen those advertisements posted and available where you simply put in someone’s phone number and you will know everything about them I think is the claim they make how can this be legal. Also I sat and watched in amazement my screens on my tablet and cell phone as vericut verification after verification came rolling through where they simply kept changing my passwords once they were in they were in or so it seemed your thoughts ?

      Reply
  13. I have posted the following here before but nobody seems to notice. Beware a Yahoo IDENTICAL sign-in tablet/page which suddenly breaks your Yahoo email connection and presents you with an immediate opportunity to re-login which, in the circumstances without thinking, I did. The offenders were our Canadian ‘friends’ who are the largest sex pill spammers probably on the Net. I checked my login history and found that two Canadian entries adjacent to each other had carried out this operation two days before my Contact List was hijacked with 50% of my friends receiving one spam letter and the other 50% another. I told Yahoo but they made it difficult for me to copy the entry and send it to them. Surely, their computers can recognise this sort of attack especially when the two Canadian entries are surrounded ONLY by Indonesian traffic. I recommend to Yahoo users to use the sign-in feature (which I had ignored until then) which will absolutely prevent this trap I fell into. Luckily no other damage was done to my account but I was embarrassed to say the least.

    Reply
  14. Seems to me that someone can’t count: Someone said “Seven” things you need to do now, and then actually named NINE things!

    …Heh heh heh heh heh!     :)

    That’s on purpose. Numbers 8 and 9 aren’t really specific steps.

    Leo
    06-Jun-2012
    Reply
  15. Hi Leo
    … Another excellent, comprehensive article. Thank you.
    … I use a 4 character password to login to my iPad and Xoom tablets. I would appreciate your thoughts and recommendations.
    … Al

    If you mean a numeric PIN that you type in to unlock the device – I do too, but I struggle with it. That’s different than an online account, though, and really only protects the device if it’s physically stolen, so I’m kind of OK with it. But those types of on-screen PINs are apparently quite hackable (using, of all things, the smudge patterns on screens). As always longer is better, for sure.

    Leo
    06-Jun-2012
    Reply
  16. Something that may be related to this:
    A friend of mine has had their Yahoo account spam people (including me) on at least two occations, but only when they logged in to the Yahoo chat program. it is as if within seconds of them logging in, the program itself starts sending out e-mails promoting dubious links.
    Could this be a virus that only attaches itself to chat programs? It wouldn’t need to know your password as you have just provided it (though that wouldn’t stop it passing it on for future reference).

    Certainly anything is possible, but more likely using the chat program somehow allowed the password to be hacked or sniffed and a hacker took control quickly.

    Leo
    06-Jun-2012
    Reply
  17. Leo A friend sent me this in responce to a queston I asked. Thought it may be a good add on for this article. Thanks
    ———————————————
    Hackers work like this –
    – Most people dont want to have a password of more than 10 digets because it is a pain in the ass to remember or type when confirming their email addy – so they try to keep their password short.

    – Hackers know this, so usually they only hack passwords with 10 digets or less, because the hacking programs that they use, usually only show up to 10 digets – or 3656 TRILLION possible combinations.
    Plus it takes time to hack someone.

    —————————————————
    One diget could be any of 26 letters or 10 numbers = 36 – [times 36 for each additional diget].

    FOR EXAMPLE
    My computer calculates any program at 18 million digets per second.
    This means that I can calculate the first diget in someone’s password in about 3/100 of a second.
    For each additional password diget, the calculating time is SQUARED.
    [The hacking program must read the entire program over and over for each possible diget.]

    IE: diget one = 3/100 second or .3 seconds [total program run time .03 seconds]
    – diget two = 9/100 second [total program run time .12 seconds]
    – diget three = .81 seconds [total PRT aprox 1 second]
    – diget four = 6.5 seconds [total PRT aprox 7.4 seconds]
    – diget five = 71 seconds [ttl PRT aprox 78 seconds]
    – diget six = 84 minutes [ttl PRT aprox 85 minutes]
    – diget seven = 1.96 hours [ttl PRT aprox 3 hours]
    – diget eight = 3.8 hours [ttl PRT aprox 6.8 hours]
    – diget nine = 14.6 hours [ttl PRT aprox 21 hours]
    – diget ten = 213 hours [ttl PRT aprox 234 hours or 10 days]
    —————————————————

    If you have a password with 12 digets, then the hacker has to spend time ‘manually’ figuring out what the last 2 digets are.
    This could be any of 1296 possible combinations [36×36], and that takes time.

    If you have a 15 diget password, the hacker has to ‘manually’ figure out the last 5 digets, or over 60 MILLION possible combinations.
    – [36x36x36x36x36]
    This takes a long long time – and most hackers wont bother, just to SPAM you and your contacts.

    Sometimes I might use a password that says – ‘your’computor’is’now’infected’ – 25 digets, or 221 BILLION TRILLION possible combinations.
    – Good luck hacking that one.
    Not to mention that the hacker may spend additional time looking for the computer virus.
    LOL :-)

    Reply
  18. Good advice but came to late for me… My additional advice would be to emphasize the NEVER trust anyone with your password especially a spouse. You never know what they will do if the marriage goes sour and you should never underestimate what they would do. Not only did he get into my email and change the password but he then used yahoo to find out all my linked emails and then unsubscribed me or started spying on my email lists including domestic abuse support groups, and also used my bank account and credit cards to buy himself stuff. So, never trust anyone with any account information, ever.

    Reply
  19. One important comment.
    I keep a hard copy of articles like this in a 3 ring notebook, along with similar important items [like a printout of a Belarc analysis of my current system]. Why? It’s good to have important information related to your system and “how-to” printouts prior to beginning any endeavor to recover any loss. In other words, having the knowledge and a plan without having to access your PC’s system.

    Perhaps Leo could compile a “must haves” or “good things to keep a hard copy of” as an off-line guide to what you need to know. [?]

    Reply
  20. A friend had his email hacked and the only thing they changed was the “reply to” address… adding a dot “.” to the original address! something we nearly overlooked. They had sent out heaps of SOS emails requesting money and all replies when straight to the hacker – so be warned!

    Reply
  21. I think my hotmail account was hacked. When I try to sign in Windows Live, it says “We believe there is suspicious activity on your account, please enter recovery information” Trouble is, I never updated it! It’s my old cell number & old college e-mail address! Ugh! However, my son can log into his x-box live account, so does this mean I was really hacked? Or has my son changed the password? He says he hasn’t but would it be possible for him to sign in on the c-box if I am locked out of my own inbox? I also tried the recovery where they ask questions about contacts, recent sent e-mails, etc. but I haven’t received a reply, so I tried it again, but when I put in my perhaps hacked e-mail & my new one I set up, then try to type the captcha, it keeps saying re-enter information; thus, I am not getting anywhere, except a viscious circle! I am able to see my contacts, etc. because I have my e-mail via Windows Live Mail, but it won’t let any new mail come in or me send anything out, ugh! I’ve been trying this all week now, please help! Thank You!

    Reply
  22. My e-mail was hacked which totally freaked me out so while I still had access to it I cleared all information from it (contacts, sent mail, etc.) and then closed the account. I also called and changed all of my incoming info (from banks, contacts, etc.) e-mail to my new one. I hope that I have done enough

    Reply
  23. @Gabe,
    The only other thing you need to do is to make sure your new account is locked down tight with a really long password, and all your recovery information is set right, and do all the things Leo recommends to keep the new account safe.

    Reply
  24. Hello,

    When I log in into my gmail account, I am notified that my recovery email may not belong to me anymore and asked for verification.
    I really don’t remember the password nor questions related to it because I was using it long time ago.
    What do I have to do:
    1. to stop this notification ever time i log into gmail
    2. to restore my google docs icone and approch t it because since this happened i can’t approach my shared documents.

    Hope you can help!

    Reply
  25. @Ana,
    If you don’t have access to your old recovery email, then you need to set up a new one, and get it entered and verified as a recovery email. This is really really important because if your account is hacked you have no way to get it back except through your recovery options. Also be sure to enter a recovery phone, and answers to questions that only you know.

    Once you set up a proper recovery email, and verify it, then then warnings will go away.

    Reply
  26. Okay, so this is rather bizarre… someone used my email address to sign up for a website that requires payment (they did not have access to my credit card though). I canceled the account… so can they still use my email to log into their account? Basically, what I’m asking is: after deleting your email account, do accounts from other sites linked to that email still work? Please help :[

    Reply
  27. My email wasn’t hacked but someone (who I do not know) used my email address to sign up for a website (in which an email address was required). Now that I deleted the email address, is the person no longer able to log into their account (that was my aim…)

    Reply
  28. @Kat
    He would still be able to access it, because accounts like that aren’t actually linked to your email account. You email account is simply the login name and in most cases, the recovery address for that account.

    If you still have access to that email account, you should be able use it to recover the password from that website the person has opened up, and change the password, or better yet close that account down.

    Reply
  29. @Leo et al.

    Thank you for this well written and detailed tutorial on how to save what’s savable and prevent future episodes of the same type.

    Thankfully I am not affected by this type of attack in person, but I am helping a friend deal with her (no-backup, no-POP) gmail account having been:

    1). Hacked
    2). Contacts & email messages (10 yrs.) harvested & spammed
    3). Contacts & email messages (10 yrs.) DELETED (very ugly)
    4). Set to have all e.mail forwarded to a hacker controlled secondary account (xyz@ymail.com instead of xyz@gmail.com – so spoofing the old address visually in a way)
    5). Language set to Hebrew

    I have gained access to the account and was able to reset the language and stop the further forwarding of any mail.

    Thanks to this tutorial, to avoid collateral damage, I also checked and changed passwords to connected accounts (Fb, PP, credit cards etc.) which seemed untouched.

    My reason for commenting is to see if Leo or any commenters have any wisdom on what to do about getting any of the “permanently” delete items back in one way or the other (Google or hacker). I.e. all messages were but into the trash which was then emptied by the hacker.

    I have read about a couple of tech journalists being able to get help from google directly to recoup this type of data lost in a similar way. Do mere mortals have a chance at all to have the GOOG to do some retrieval tricks before the data is actually overwritten on all their servers?

    Beyond that I was thinking about anything that might help in sleuthing out the hackers using the xyz@ymail account and gmail’s “recent access” data: Nigeria ([IP address removed]), if this is indeed where they accessed the account from.

    Is it possible for a mere mortal to track the access to the ymail.com address to see if it matches the Nigerial ip address and perhaps pin this down further. Do any of you have friends in low places?

    How about writing to the hackers at the ymail address with some kind of message to get the lost data back. Rough and tough, Interpol threats, humble, begging?

    Let me know what you think or know, and if you have any pertinent ideas please.

    Thanks again to Leo for the completeness of this piece.

    Unless you have friends in high places (and I do not) I know of no way to get anything back in a case like this. It’s why I harp so hard on backing up.

    Locating the hackers is pointless. Unless you are or have engaged law enforcement there’s nothing that you could do to get that information, or do anything with it if you did.

    I also believe that any attempt to contact the hackers is, honestly, just asking for trouble. It’s not like they’re going to return anything because they’re suddenly going to be nice and take pity on you. Besides, they probably didn’t save it, they more likely just deleted it and have nothing to give back to you. It’s more likely that they’ll try to extort more money from you instead.

    Leo
    16-Nov-2012
    Reply
  30. Hi again,

    I was able to get both, all contacts and all emails back!

    The contacts can be retrieved quite easily by using the “Restore Contacts” feature in the “more” dropdown menu on the contacts page itself.

    The emails were restored by Gmail (I guess) in just an hour or two, after I sent them a detailed report using this page:

    http://support.google.com/mail/bin/bin/request.py?&ctx=bugflow_receive31&contact_type=bugs

    I am frankly quite shocked that this aweful sounding story has come to such a quick and positive outcome. Kudos to the Gmail team!

    Now let’s see if the police/authorities can do their part in taking the culprits off the map.

    Awesome! You got very lucky. You can ignore my prior response, but I still think it’s important for people to act as if once lost all is gone forever. Not all email providers have the mechanisms that you used, and not all that have them will guarantee their success.

    Leo
    16-Nov-2012
    Reply
  31. My friends ex husband sent me a joke on email. I opened it and now I am afraid he will have access to all my info. Is that true or am I being paranoid? There was no link on the email, it was a joke he forwarded from his brother. Thanks for this site, it is very helpful!

    Reply
  32. @Theresa
    If you didn’t click on a link or run a program from an email, there isn’t any way he’d have access to your information. If this were possible, the simple act of reading emails would be dangerous.

    Reply
  33. thanks for all the info, lucky me my hacker only sends spam….so i have changed passwords, security questions and fw my e mail….i have changed my passwords twice today so far…..just to make it difficult until everything goes back to normal.thanks!!!

    Reply
  34. Leo, I really thank you for this article. I’m a moderator on a fairly busy Internet list and we get phishing links coming through all the time from people who aren’t aware their email has been hacked. Our immediate response is to reject the email and send a link to your article telling them what to do. You’ve been very helpful to a lot of people and if they haven’t thanked you, I’m doing it for them. ;)

    Reply
  35. @Marie
    If your account was hacked, and the password and recovery information wasn’t changed before that email was received, it’s possible that hackers may have gotten a copy of that email.

    Reply
  36. I changed my password and security questions. My contacts are still intact. But I can’t send or receive email. It’s a Yahoo Plus account.

    Does anyone know when my email account will be restored? Is there something I need to do?

    Reply
  37. my yahoo email is hacked i recovered my password using secret answers but still its not opening with new password yahoo says your email or password is invalid please try again using your full yahoo I’D before this 10 days ago i did a comment on this site http://www.crunchmodo.com/
    today my account is not opening is its possible there’s some connection ?

    Reply
  38. Recovering my Hotmail account, tried everything. please help.
    hello,
    I kind of have a similar problem,
    I wanted to get my Hotmail account back
    I tried the “Validate your identity by providing as much information as you can on the Recover your Windows Live account” several times but I couldn’t, so windows suggested that I open a new account.

    I don’t want to open a new account, I need my {removed} because its associated with my Twitter account, and I forgot my twitter account password and I cant reset it without my Hotmail account.

    I don’t remember my alternate email address either; I haven’t used the account for more than a year, that’s why i failed providing the info to recover it. Please help me, the only reason i want to recover my hotmail password is because its associated with my twitter account and many other applications and websites, I don’t want to lose all this.

    Thank you for recommending on opening a new account but that wont solve my problem, please

    Reply
  39. Hi Leo,
    I am wondering if you have information where you can find help.
    If somebody has published false information about you on the net using several free advertising webpages.
    If this case says he is from an other country (international), what is easy to say. like the publisher in in Russia and you life in the States. The police will not touch it, because they say it is a case for Interpol. It is hard work to find out where he publsih and when. Then it needs a lot of time to get those publications removed.
    I went through this work and I like to protect myself for beeing Mobbed again.
    Not only that I look for the best help, not only a page saying you need to talk to a friend and family. NO I would like to become a specialist in helping people as well. If somebody is using the internet to damage your references is a very bad situation and has to be stopped with all possibilities. I hope you can give me some idea. Where I can start to find out if somebody publish something bad, like a messenger alert about your personal name, where i can find organisations to joy and create a helping center to eliminate entries.
    Thank you in advance
    Joe

    Reply
  40. Does yahoo have a 3 strikes and your out rule for entering wrong
    passwords or limit the number of wrong passwords per hour/day.
    If they don’t then yahoo mail accounts are wide open to brute
    force or dictionary attacks.
    Jim

    Reply
  41. Curious about exporting the contact list once you suspect that the email account has been compromised… is this safe to export to an excel file or to a different email account service if one chooses to change? Or does it leave some sort of ‘breadcrumb trail’ to allow the hacker to do more damage?

    Reply
  42. Hi. I do not know if it is a hijack. But, Sometimes i when i
    send emails, in certain periods i get no replies whatsoever.
    And these contacts have often replied to mails before. Even
    those with a long or many – lines message.

    You have probably heard of internet – bullying. Is it
    feasible that some…have made a like a copy of
    my hotmail and intercepts outgoing messages
    just for the hell (sorry) of it or to make me feel
    unease and paranoid. Just a theory.

    Regards
    Carl F

    Reply
  43. Yesterday morning, of around 12 emails received, suddenly all but three disappeared. An automatic response to one sat bewildered in the Outbox. Later, another two disappeared. This morning gave a repeat performance. Malwarebytes found 7 PUPs on my computer, two as files and the rest as registry keys, which have been smartly removed. Can I connect these with the missing emails in that spyware may have been responsible? Why would a hacker take only a sampling of the emails instead of taking them all?

    Reply
  44. I have Verizon Yahoo. On 1/1/14, I was trying to forward some e mails which were on the server. As I was working with them, some were viewable on my Android tablet but not on my computer. Then most of the 40 emails were viewable on my tablet, but were in the Trash folder. Moving them resulted in an empty trash folder and 30 of them disappearing entirely.

    VY has a message up that they are converting their email to SSL. In addition, VY has hit with a major hacking episode on 1/1, via a Java exploit.

    So long story short I lost 30 emails. Unfortunately, I had not downloaded them from the server.

    Reply
  45. A facebook account has hacked by anyone and he(Hacker) has changed the password when i want to log in then it shows password is incorrect and then when i click on forget password then facebook send me confirmation code on my mobile no but my mobile has also stolen by anyone and i failed to enter confirmation code how can i login or blocking to facebook account please help !!!!!!

    Reply
  46. Amazing coincidence! I found out this morning my e-mail hacked, and when I went back for the support phone number, I see in my inbox this post!

    Needless to say, I took proper steps, including a thorough scan of the computer. I’ve been having problems with a program that seemed to escalate to the OS, forcing backup recovery (ntdll.dll problems). Now I am noodling this as well.

    Reply
  47. Hi Leo,
    I am shahmir from Pakistan . my friend has lost his Facebook Id that was hacked by someone so I am recovering his Id so the machine want to know his Password of hotmail account. its also not working please help me because someone is using hid Id abusive
    Thanx

    Reply
  48. my gmail account opens in different locations and iam using a nokia modem how do i stop this in
    ubuntu,sometimes server operator changes ip address
    thanks

    Reply
  49. This was a great article. Thanks! I just got hacked on Aug. 21st and I changed my password of course, but nothing else. Tonight I finally figured out how to change my “sending name”, as the hacker had changed it, and within 20 minutes I got an email from Yahoo saying that someone in the Netherlands tried to access my account AGAIN!!! (I live in the US). Thanks to your recommendation I just changed my alternate email. Yahoo also has secondary security that I made sure I had (and changed tonight). It’s just 2 security questions. I wanted to point out that even though the hacker deleted my contacts, I was able to recover most of them from the “deleted contacts” folder on Yahoo. Thank God the hacker forgot to delete the trash. Not sure if anyone besides Yahoo has the deleted contacts folder, but it’s worth a try. I just took all the steps that you recommended above. Thanks again.

    Reply
  50. If you know the email and password as you say you do, then just login normally, and go update your security info. If you’re being prompted for additional verification then you must provide that information to prove that you are the rightful account owner. Forgetting security questions is the fastest way to lose an account forever: A One Step Way to Lose Your Account … Forever

    Reply
  51. Two days ago my partner said that he received an email saying it was from me and came up in my married name. The email contained a photo of me from when I had a photo shoot so he looked at it on his mobile phone email account and replied to it. He had an email flick back saying that it the mail was undeliverable as the account was no longer in use and the email address listed was one which I had with virgin media many years ago when I was living with my ex husband and even before I knew my partner. There are several things that don’t link up:

    1) The blueyonder email account should have been deleted and wonder how it is being operated from?
    2) Why did my name appear in the email to my boyfriend because it would have appeared in my ex-husbands name as it was set up that way
    3) How did the picture of me appear? because that was a long long time after that email account
    4) How did they link it to my current partner?

    Many thanks for your help.

    Marcia

    Reply
  52. When I found that the live mail had been hacked, I reported the problem. But since then there are
    still problems that are unresolved. Wanted to send an e-mail to the Support team but they don’t
    seam to have an address where one can contact them directly. So I sent a written request for
    help. No reply. Have found this process to be very frustrating & stressful. I then changed to a
    new server who in their opinion, have felt that Outlook has poor security and it won’t matter what
    account name I change the live mail to they won’t connect it.

    Reply
  53. Leo,

    I’d do one more thing . . . . if your email service has the capability, activate two-step logon. This feature sends a six digit code to your mobile phone that you must enter EVERY TIME you either (a) log on to email from a new machine, i.e. a Nigerian hacker has your email and password or (b) every time you clear you cookies on your regular machine. This can be a minor pain, but this extra simple step can save a LOT of grief. Ask me how I know.

    Taking backups of your address book on a regular basis — I do it once a month — is not enough. You must test importing the address book to verify the backup and restore process actually works. Lots of folks ignore this step. After all, a backup which cannot be used to restore your account is no backup at all.

    Good luck everyone.

    Reply
  54. Hi

    I’d like to know how I can make sure that my email address does not show at the login screen the moment is type in a the whole address appears below and I do not want that. At work other people have email accounts with yahoo and I do not want them to know that I access my emails from the office in an emergency like when I need to print docs from my email.

    Thanks

    Reply
    • Your bosses at work have the ability to access to every web page you visit on their computers. They can see the contents the contents of every email you view. In fact, if they choose, they can record every keystroke you type. So if you don’t want them to know what you are doing on the web, use your phone.

      Reply
  55. On January 1st this year someone hacked into my email account and set up 2 step verification on it.Since then I have had numerous email conversations with microsoft support and they know that some one hacked my account and changed things.Now the thing that is very hard for me to accept is that they say they have no control of who gets into or uses the account,but surely they as programme writers have the power to change this or does it mean that no one is safe and there programme is virtually worthless.I have lost a lot of important emails and contacts through no fault of my own but they do not appear to be the least bit bothered about it.I have tried to get them to send me contact details of someone so I can take this further but its like banging your head against a wall they just do not appear to want to help.They know my account was hacked so surely they must have the IP address of the hacker and be able to restore my account.

    Reply
    • It may help to think about the various people involved in this whole scenario. Yes, Microsoft has lots of great programmers who could make changes to the code. But the person you are conversing with in tech support is a tech support person – they probably don’t have the programming skills, and certainly don’t have access to the code that makes the program run. Any good company will not allow their customer service crew to have access to sensitive information. For instance, you’ll (hopefully) find that no tech support person ever has access to your credit card in any system. At the most they will be able to see the last 4 digits and the expiration date. Also there is no reason for the tech support person to lie about what kind of access they may have for recovering your account. Hope that helps.

      Reply
  56. My father got a call from his friends saying that he has forwarded some email to them when he actually hasnt. He even opened his email a/c and saw that no email in his send folder. Is his A/C hacked ? are my dad’s friend been spend a spam mail? Is there any further risk for my father?

    Reply
    • This can be done very easily by anyone who knows your email address and the addresses in his address book. The can easily fake his address in the From: field. Following the instructions in this article can prevent further damage, but now that the hacker has the address book, there’s nothing to prevent them from sending more emails like that.

      Reply
  57. Hi Leo:
    In step #6, you state that users should “download the email via POP3 or IMAP to setting up an automatic forward of all incoming email to a different email account, if your provider supports that.” Is it possible that the hacker has done so already without your knowledge, meaning that even if you change your password, all your emails will still be sent to the hacker? Or, I’ve heard that there is a way to set up an automatic BCC on every email you send; so even if you do change your password, the hacker will continue to receive copies of your emails without your knowledge. I have been recently hacked and immediately changed my password and activated a 2-step verification option when logging on from different devices and locations, but still have the concern that copies of my emails are being sent to the hacker. Is this possible and if so, how do I check/confirm and stop it?
    Many thanks.

    Reply
    • It is possible, but it would be via an option in your email accounts settings and options that you should verify as not having been set.

      Reply
  58. Hi Leo. My email was hacked on the 26/8 some one from South Africa .. Google sent me a email about suspicious activity which I then went to change mynpassword … However I’ve got no mail since?! Nothing since the 26/8 and today is the 11/9 ? How is this possible? I’ve deleted my gmail account a few times and started it up again on my iPhone but I’m still not getting emails thru :-( not sure what else I can do. Any suggestions?

    Reply
  59. I have a question regarding mail sent on myspace. I’ve actually deleted my account on myspace but could someone tell me how I could have mail answering a question from someone who sent me a message “before” the email with the question came? Example, me responding to a message.⬇
    “I’m doing great, how about you?” Date 9-10-2015 time 8:00pm
    Now, this is the mess Im responding to…

    “Hi, how are you doing?” Dated 9-10-2015 time 11:00pm
    It looks like I’ve responded to a question “before I ever received it”.

    Reply
  60. I accidentally stumbled across this site. THANK YOU GOD & for LEO! I had my ALL my email account’s hacked (Unfortunately I had a yahoo account for absolutely nothing. Also unfortunate for me and my husband that it’s someone we know and he used the yahoo account as a platform for all the other account’s. Plus we work at a place that takes cc over the phone and he has my in-laws Unlimited card number though somehow crossing all of our text messages. I don’t get that one though as nobody backs up text’s in the family.), pc and finally our phone’s. I contacted all my contact’s, uninstalled the apps he also used, disconnected the Xbox live account that I NEVER made, contacted Microsoft (that said they could trace since it’s still going on for now legal action on my part. Actually Microsoft was very helpful for free), deleted all contacts, copied all fake url or IP information , backed up everything onto PC then memory stick, and much more. It’s sad that some people in society are weak, sneaky, pathetic and DESPERATE. So, my husband and I learned this time. It’s true, hacker’s have no problem with ruining your privacy and sometimes, life. Most are gamers or ex gamer’s that are LAZY. However not lazy enough to go through all this bullshit for free money. Thank you for this site and being invisible to my hacker. I really wish I could be as low as him and hack into his stuff making him more broke (to our knowledge) than he already is. Then I can’t take legal action. I will definitely be back to keep up dates for my phones, etc.,I will say this, if you are being hacked and want some justice, go to the authorities’, Microsoft, etc., (use a totally different phone or PC though) and let them do what they’re doing. Don’t get me wrong protect your finance’s, just don’t let the hacker(s) know. Yes it’s a very dangerous game and if you don’t have the separate fund’s and support, DO NOT DO IT. Please listen to Leo. No joke. Again thank you for more information . We are eternally grateful.

    Reply
  61. While I can understand the sentiment, email has connected me with more people more closely than anything else so far. And by connected I do mean “in reality”, including friends I now meet with regularly that I would never have encountered otherwise, friends I’ve reconnected with to that same end, as well as family members – particularly overseas – for which email has made continued connection a practical reality. Yes I could have used “old technology” like pen and paper for each, but the pragmatic reality is that I likely would not have. Email made it all easier. Email made it all more likely to happen. Email made all this real connection possible. In reality.

    Reply
    • I could agree more. Thanks to technology, it’s easier than ever to make and keep connections. Email, Facebook, LinkedIn, Skype, etc., etc. enable you to keep in touch with people you’d likely otherwise lose contact with – and make it very easy and cheap to do so. Being able to FaceTime with my sister and her family in New Zealand and seeing photos of my nephews on Facebook is simply awesome. In the olden days when snail mail and expensive international phone calls were the only communication options, we’d have been in contact much less frequently.

      Reply
  62. All my contact lists have a fictitious entry that has my email address from another account. If it gets a message, I find out immediately. That tells me I need to get busy and start with the hard work on the hit account.

    Reply
  63. Thanks so much for the kick in the rear regarding hacking of email accounts. I realized how vulnerable I am and how important my email and contacts are so I have now switched to two step verification on Outlook.com. By the way my Outlook.com web pages does not have ads and I do not pay any yearly fee.

    Reply
  64. I notice that the article recommends using long passwords, which is sensible enough. People are generally advised to use increasingly long complicated passwords. This will not help if the password has been found out by some means. So increased length is meant to make it harder to guess passwords by using brute force (i.e. trying permutations until a permutation works). The reason why passwords are having to increase in length is because computers are increasingly faster at processing permutations and techniques are improving the permutational chances. But an 8 (random) character password would be as effective as a 28 character password if login attempts were limited even to 50. For example, the reason why a 4 number credit card pin is regarded as satisfactorily safe is because you only get 3 goes at entering it. So, why are unlimited guesses for email accounts still permitted?

    Reply
    • “So, why are unlimited guesses for email accounts still permitted?” – Most services do have some form of restriction in place: bouncing you to a captcha, progressively extending the time that must elapse between attempts or simply locking you out of the account completely for a specified period of time. Two-step verification provides some additional protection too.

      Reply
    • You’ll also notice that Leo recommends changing passwords on other accounts – that helps if a password has been found by other means. If a password is found on one account, hackers may well try them on other accounts.

      Reply
      • Yeah, and it’s especially important to use a unique password for your email account. If your email address and password are exposed as a result of, say, LinkedIn’s credential database being compromised, it doesn’t represent a risk to most of your other accounts – even if those other accounts share the same password – as the bad guys don’t know where you bank, which credit card company you use, etc., etc.. It does, however, represent a risk your email account as the bad guys have your email address and, if your email password is the same as your LinkedIn password, they’ll potentially be able to sign into the account – which would be a really bad thing as your email account can act as a gateway to your all your other accounts, including your banking and credit card accounts. Additionally, if you use Outlook.com or Gmail and OneDrive or Google Drive for data storage, the bad guys will immediately have access to that data as well as access to one provides access to the other.

        This is why one of the reasons to enable two-step verification on accounts that support it.

        Reply
  65. Easiest way for hackers to get email lists is through mobile apps. Check permissions on some ad ware apps you may have installed on your phone or tablet. Some will have access to your email and contacts. This information can then be used to hijack an email account and send emails from your address to people in your contact list. There is very little you can do once this has happened. People install apps without checking permissions they are giving up on their phone and this is why email hacking is on the rise, its not due to passwords in the majority of cases its someone using your email account to fake emails from.

    Reply
  66. Ok, this morning my sister sent me a email saying I got hacked. But it looked at the email address (that was supposted to be from me ) and it said my email name but the @ was not my email server.
    Was I hacked? Or my sister was hacked??

    Reply
  67. I am sending spam to just one person in my contact list and i have talked to others in my contact list and no one has gotten anything. This person got spam for about 4 months while no other contacts did. I am good friend with this person reciving spam on social media. The year was back then 2013. My friend stoped reciving spam afterwards.
    The actions i did then:
    I checked as you said recent activity in both hotmail and gmail and nothing. I looked in send folder and nothing. My Facebook has never been hacked (because of full register i know) and other social media. You say a typical hack is when your contacts gets spam, in this case it was only a contact. Wouldn’t they send to all in contactlist as you say in this article. Is it more likley to be something else?
    All my friends says i should know for sure when it is a hack because either they get closed accounts or they get respons from MSN friends or other friends or find in sent email. Or because their connected facebook got some posted new things or they started to write to stangers or something. I have read about spoofing but is that even likley who even put their energy to stalk others and then send them email to fool. Or has someone gotten our emails between and somehow connected us…however the teory should i worry???

    Reply
  68. I have a question like above and i would appreciate an answer. If only one person got spam and no others from the contact list. That means probably that they do NOT have access to the adressbook right? Any spammer should be interested in spaming as much people as possible??? I would like to hear your expert opinion pleaseee

    Reply
    • To be clear: there are no rules, and no predicting what spammers will do. So the answer could be just about anything. Like you I’d expect that if they have the entire address book they’ll spam the entire address book … but who knows?

      Reply
  69. I think that there are three things that are left out:

    (1) Use a VPN – always at home on the road in a public WiFi – everywhere. Note: Bitdefender’s firewall, even if it declares that there are “Trusted Applications” stop all VPNs from functioning

    (2) Human beings simply cannot make good passwords – use a password generator. IMHO this is a good password, generated by KDG password generator 4’N=h6cyY;RE7;{,}s

    Keep your passwords on four identical flash drives since flash drives have been known to fail. Make sure to keep them identical.

    (3) If your email has been hacked, after you have notified all of your contacts, close the account and OPEN A NEW ONE
    ————————————————————

    (4) Re-emphasizing two things that you do – BACKUP, BACKUP, BACKUP and ENCRYPT YOUR HARD DRIVES!!!!! Eventually some hackers are going to break Truecrypt so either use Veracrypt or, since Microsoft knows everything you do anyway, you can also use Bitlocker.

    Reply
  70. I have been either hacked or bullied. Most all of My email addresses have been accessed. Also moving through web forums trying to get answers I come across The same name and or names. Is it possible that someone or my ISP is leading me to the right person or persons or is it just a FReak coincidence?

    Reply
  71. This morning I signed into my personal email account and I saw 150 new emails from various email newsletters and websites. I did not sign up for any of these and so I proceeded to label all of these as spam. 2 problems have come up since then:

    1) How did my email get spammed so much? I was thinking it was maybe a spam bot but I how do I confirm?

    2) The bigger issue I’m currently having is this email is not getting any new emails. I’ve tested this by sending an email to the address from another email and have asked a couple friends to email me something but I do not see any new emails. I have check the gmail settings under labels, filters, and POP/IMAP and they all look fine with nothing looking as though it has changed.

    Does anyone have any ideas on what is going on?

    Reply
    • That depends. Some Email Service Providers don’t really close the account when you close it down. Some give you time to change your mind. The best thing you could do is follow the instructions in this article before closing it down as an extra layer of protection.

      Reply
    • Depends on the provider, how you deleted it, what it means to delete an account from that provider and so on. Safe answer is “yes”, but if you don’t use the account any more, it shouldn’t matter.

      Reply
  72. This article is very helpful and I will reread it. However, I would prefer to hire a service to help me. Is there any such service that you could recommend? Also, my email was hacked and I had to abandon it. However, would that have allowed someone to hack into my computer, as well? Is there any way to be certain that one’s computer has not been hacked?

    Sorry –The email address that I gave is the hacked one. I have not yet been able to set up a new one. While I am setting up a new email, I will be locked out. It has happened several times.

    Reply
  73. I’m having problems with @ Mail on my MacBook Pro mid 2012. I keep being asked to enter my password and I have changed it so many uncountable times. It comes back right away as ‘password not recognised’. So I can’t receive any new mail or send any new mail on my hotmail.co.uk account. It’s very frustrating when you spend most of your day trying to fix this problem but cannot. I don’t know how to fix this problem at all. I’m not computer savvy. Please can you help? This has happened uncountable times.

    Reply
  74. -I think I was hacked as I received an email with attachment of a friend email and unfortunately I open the attachment and found out latter on my friend computer was hacked a few days prior
    -I changed all my passwords using another laptop specially at the bank accounts I changed the password there through their computer and also sent as requested by the bank abuse@chase.com no answer from them yet (7 days ago).
    -I scan with Bull Guard, every day / scan with Microsoft security essentials / used netstat ano but every day as I do download and open with start task manager I get a new essential and I undo/delete, / the MRT = not infected , / System.ini = timer.drive = safe??? ………….
    -Thank you kindly for you attention kind reguards LEO

    THANK YOU FOR YOUR PATIENCE Fred R.

    Reply
  75. I have an email account I created when I was 15 or so. That’s 15 yrs ago. I haven’t accessed it for years. And apparently, it doesn’t ask you to verify security questions anymore and goes through these ridiculous account recovery options, where you have to know email addresses you’ve written to, subject lines, previous passwords. I’m 30 now, what I used back then for a password I have no idea. Also, I don’t talk to half or possibly any of the people I did before. And certainly have no idea what I may have listed as a subject line. The issue is, I also have another email account that I can’t get into. Both accounts are crossed linked for recovery, so it will send recovery options for one to the other and visa versa. So I’m stuck. Can someone hack into my email account so I can get access to it? I don’t know what to do. And I can’t find any contact info to talk to a live person from either company. — It’s Yahoo and Hotmail. Someone tell me they know a way to help!

    Reply
    • If it were that easy to hack into an account for recovery, it would be as easy for a hacker to steal the account. And even if we could hack an account, we wouldn’t as there’s no way of knowing the request was legit.

      If the accounts are so out of use, I assume you aren’t receiving important emails at those addresses. Your only option is to start using a different account.

      Reply
  76. Please can someone help. Am so stressed. My husbands email I fear may have been hacked. I have resided my email as the recovery and left my mobile and set two step verification today. Yesterday his LinkedJn Account was hacked and hats beijbdwaltb with however, as I feel his Yahoo is hacked, before sending documents and restoring his account … need to address his own yahoo account first. When signing in to yahoo on an IPad, at the bottom of the page containing his emails … it’s says Hi Stanford (not my husnands name) sign out in blue (normal) privacy/Terms/help as usual. I spent 3 hours in pc shop with a specialist today with the Lap Top who assured me all looked ok before I left. However the volume of mailer daemon failure into the inbox yeysrsay was over 40. Since I returned home have only received 3 emails which is unusual. Please can anyone advise. Hubby works overseas and am so stressed.

    Reply
  77. This email {removed} for all music related agenda and b/4 that I had opened yahoo in 2003 it is now the {email address removed}. Over these past weeks I’ve have had to use my phone to get into my email messages. It’s my son Jean Pickering akas Continental Crooks posing as my Administrator. He needs to be removed off the account. He knows my number. He put himself there I never asked him to. He lives in my home. He claims it was a back-up effect. When I’m on tour I can’t get into my account either He has issues with me and my music company, that I opened to protect my music plus he’s not touring with me anymore. I only have one phone. He has a tablet billed to my account. I can’t change my number either. I don’t have the time to change because I run the company with all the administrative work plus performance. If I have any more problems I will call down judgement on whosoever, whatsoever responsible. Don’t get this twisted- This is not Spam -this is for real.

    Reply
  78. Can you please help! I have email addresses approx. 25to 30 that I can not get out of my contact lists. They are on all my yahoo accounts and my Gmail accounts. I am so frustrated with it all. It even affected my phone and had to take all my email accounts off of my phones. They all start with Adel and when I try to delete them even permanently delete them they are back by the next day. It has affected emails and passwords. Example: {email address removed}

    Reply
  79. Mark,
    I’d go one step further.

    – Have one email account for REALLY IMPORTANT communications eg anything from your banks, insurance company, pension fund, health fund, Tax Office, internet service provider, doctor, Utilities, etc Anything that is primarily about money or really sensitive data, and for which you don’t want to have to change the email address in the future.

    – Have another email account for IMPORTANT STUFF that you don’t mind changing eg Paypal, eBay, WineClub etc ie important because money is involved, but not so important that your life could be seriously disrupted if you had to scrub the lot, and start again

    – Have one email account for NON-CRITICAL communications eg AskLeo, other mailing list stuff, friends, Photobucket, Groovy Gadgets, OldAussieFordDrivers etc

    – Have one throwaway account for dating sites and other high risk communications.

    And make sure you are rigorous about using the “correct” account

    Reply
  80. I hate to be a retrograde but this excellent article shows why, long ago, I decided to pay by check and snail mail. The down side of having all of your financial matters on the web is almost infinite, the “Pearl Harbor” scenario which I, a retired engineer, have discussed with IT consultants to NSA and Los Alamos. One fine day, an technically uneducated person (like moi) may wake up to discover that their entire life’s savings were transferred to Nigeria last night. (with my apologies to the fine people on the Nigerian web.) Your money will be GONE.

    Some thoughts:
    Never write the full alphanumeric account number on any check; write XXXX-XXXX-XXXX-098,
    Install hard and soft fire walls,
    Use 16 alphanumeric pass words and change them regularly via the cut and paste technique. Or key loggers may give your secret away as you type,
    Do not use cheap locks where your computer sits,
    Do not lose your mobile devise,
    Use multi level security common to most investment houses,
    Back up, back up, then back up, daily.
    Divest, divest, then divest. Never put all of your eggs in one electronic basket. And put limits on electronic withdrawals. Use a stamp and forgo the speed.
    Go to church and pray; it is an evil world.

    Reply
  81. I by accident clicked on one of those phishing emails and now I cannot get into my Instagram account because they took my email from my account and linked it with a new username. I messaged Instagram a million times and the one response I got is not very helpful because the reset password email they are sending me is for the new account set up with my password.
    How do I unlink my email from this new Instagram page and get it back to my real page??

    Reply
  82. Leo:
    I accept that my email address has been hacked or leaked. I get it. But what I do not understand is how these data aggregators obtained my email passwords in the first place. Can you shed any light on how my email passwords got into these data bases in the first place?

    Reply
    • The most common is that hacker hack companies to obtain databases of account IDs and passwords. Sometimes the passwords are stored incorrectly and can be determined, or simply read, by the hacker.

      Reply
  83. I have been unable to get into my RoboForm password keeper, support is not sympathetic and sends me email’s with info of how to get in. Problem is I can’t get in cause I need the pw to get in.
    One day I got in, and the next I could not get in. I have been trying for days. If I call Toshiba support they always add something or take something off. I clearly ask them to not delete or add stuff w/o my knowledge. Can u offer a suggestion, also when I try to set up another password keeper they say that the email is being used, and so on. I truly want to throw all my gadgets out the window

    Reply
  84. Is it enough to thwart an existing hacker to change my email service (my university) password or do I need to get rid of my present email service and find another one, more secure, and which one would that be? If he’s already found some contacts’ addresses and sent bogus emails to them, can he still do that after I changed my password? (I’ve done that and closed my Facebook account).

    Appreciate your help. Really feeling very exposed to this, um, person.

    Reply
    • Well, the article you’re commenting on outlines the steps you need to take. Typically once you’ve secured your account there is little resaon to close it or get a new one. Important: spammers can still send email that looks like it came from you, even though it did not. You’ll find several articles on “From Spoofing” by searching here.

      Reply
    • And don’t forget, as the article advises in step 3, check the recovery email addresses and phone number for that account and make sure they are yours. If you don’t do that, the hackers can get back in.

      Reply
  85. I received an email sent to my work email account that has a PDF attachment with a password and appears to contain the PDF’s from my personal OneDrive account. The only contents in the body of the message is an old password that I had used on a personal account.

    Since the attached PDF contains files from my OneDrive account, what steps beyond changing my password, verifying my 2FA settings and recovery information, should I be taking?

    Also, since I use my personal PC’s to work from home quite often, do I need to be concerned with one of my systems being hacked and used as a backdoor to my office PC and files?

    Reply
  86. How do I stop cycle of having your passwords changed. I have 7 google and 3 yahoo emails plus as many Facebook pages and several apple ids. My cell phone was stolen a month ago and I am still being harassed. By thief. I can’t figure out how but he knows when I change a password bc it’s changed within hours. It’s a nightmare bc phone had 98 passwords stored. I feel like I will be broke from deductibles and in nit Hyde and rheum laughing about it. Detectives has not even called or attempted to visit to question him. Please help me stop the cycle

    Reply
    • Check with your mobile provider to make sure your phone number is ported to a new phone, and see if they can disable and/or remote wipe the stolen one. For EVERY account that was accessed on that phone, change passwords an otherwise increase account security as best you can.

      Reply
  87. I logged into my Yahoo Mail account several years ago and got the alert it was compromised. One of my contacts told me previously my account sent him a message begging for money. After being directed to another page, I had to change my password and make it stronger. This was a close call because I could have easily lost my account. I have finally secured it.

    Fast forward to today, I already have a mobile number added to my account in the event of a potential hacking attempt.

    Reply
  88. For those who want peace of mind for their Gmail account I suggest buying two Yubikey’s (just the standard ones which require a USB port to work, which is $40 tops for two) as this way even if someone gets a hold of your username/password they still can’t get access to your Gmail account (this is the more secure form of two-factor authentication available as other forums are not fool proof unlike this which has not been bypassed yet and it’s been around for many years now). the reason I suggest (as far as I am concerned it’s required) buying two Yubikey’s is you use one of the two in general and keep one in a secure location so this way if you happen to lose your Yubikey you can always use the other to login to your account and remove the lost/stolen Yubikey and then you could simply buy another one and register it to your Gmail account so then you have two registered keys once again. this is solid advice because if some shady person gets a hold of your email account they can potentially use it to reset passwords etc for a lot of other accounts you got and can create a huge pain in the butt for you. so basically… transfer all of your important stuff you do online to a Gmail account secured by Yubikey and no one will be able to take over your account as it can’t be Phished etc. NOTE: those who register the two basic/cheapest Yubikey’s to their account you MUST have a device with a standard USB port on it to login to Gmail otherwise you cannot login (normally you just type in your username/password on Gmail but with YubiKey enabled you type in your username/password and then insert the Yubikey and tap the device with your finger and it will log you in). besides I suggest avoiding smart phones for anything important online as if one has too much stuff solely in their smart phone that’s just a security disaster waiting to happen as if someone steals it, your screwed. it’s best to use a proper desktop computer for doing important stuff online and always keep backups and one should be using a password manager as this way you get a unique password for ALL accounts you have online so if one account became compromised you ain’t got to worry about it being used against the other accounts since they will have different passwords on them. just make sure to make at least one backup copy of your password managers database and store it in a secure location. so this way if your computer’s hard drive dies, you can use the backup copy to restore the password managers database and your good to go again.

    but those who are still using Yahoo email, I suggest moving anything important off of that to Gmail as it’s more secure as Yahoo has proven they can’t be trusted given the hacks in the past. Yahoo email can be okay as a backup account without anything important tied to it though but for anything important a person does online, Gmail is definitely more secure, especially once you set up the Yubikey’s with it.

    Reply
  89. Hi

    I have some questions, hoping you will be able to shed some lights.

    My employer is in education business, they use G suite account. I sometimes noticed the bottom right corner next to Details shows “being used in one other location” highlighted in “yellow; and “bold” . However, at that time, I did not login my school email account from other device, mobile or anything. After a while, it was unhighlighted but leaving the words “open in 1 other location”. The next day, I discovered the words of “open in 1 other location ” was not even there, so there was nothing next to “Details”. Tonight, I opened my account again, the “open in 1 other location” but not highlighted is still here.

    I am suspecting my account can be accessed by my employer without my notice as the G suite administrator at school could do it.

    Also, previously I noticed there was another IP address accessed my school email account several times, with similar IP address serial numbers, but only the last part of the no which was different, I suspected it was generated from a Central place. I went about on the internet to try to locate the IP address, but could not find anything as it says the IP address is wrong.

    What is more scary was, I discovered that my personal hotmail email account was also hacked by a similar serial no. I wonder if the IT department from our school could help do such an evil things.

    My friend told me to go to the Police as they might have high technology to trace the IP address.

    I do not want to get paranoid over this, but I really want to know the truth.

    Please kindly reply.

    Thanks
    Ms Cheung

    Reply
  90. Good evening, I am hoping you can point me in the right direction please.
    Bought a product online which asked me to login to my (new) account to download my purchase.
    The login autofilled when I clicked onto it but although my email address was correct,right beside it there was an unknown name and web address which was presented without the @ symbol.
    Should I be worried?
    Appreciate your help / advice.

    Reply
  91. I just got an email from someone who claimed to be sending a photo from a mutual friend who has recently had a stroke. When I clicked on the link (stupid, I know), I got a “this site cannot be reached” message. Pretty sure the message was fake. But since I tried to open it, I’m wondering if that leaves me vulnerable in some way?

    Reply
  92. You may want to comment on the difference between hacking your email account and spoofing your email account. Many people think their email has been hacked when in fact there is someone spoofing.

    Reply
    • Good idea, but you could have explained it yourself :-)
      But seriously, spoofing is when a spammer or scammer sends out email using your email address. All they need to know is your name and email address and use it as a return address and voila, it’s been spoofed. No hacking skills are required. It’s similar to creating a fake social media account. All they need is your name and a few photos of you and voila, it’s been spoofed.

      Reply
  93. So, Leo, you’ve used the term “hacked” many times over the years in your fine articles. Please define “hacked”. Thanks.

    Reply
  94. No one listens . If my email has been hacked (password and contact phone has been changed)
    HOW am I to sign in to change them. Hello !!!!! They have been changed (can’t sign in to change)

    Reply
    • We do listen. It’s just that the answer isn’t what you want to hear: you must follow the account recovery steps offered by the provider carefully and completely. If those don’t work, then you can’t sign in. Your account is lost.

      Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.