How do I tell if my email has been hacked?

It can be surprisingly hard to tell if an email account has been hacked, especially when the hackers are covering their tracks. I'll show you a few possible signs.

//
I’m the moderator of a fairly large moderated email list. Recently, we’ve been getting a large number of phishing messages from people who don’t know that their email has been hacked. I’d like to post a special message to the group telling everyone to check their email accounts, but how do they do that? In other words, if no one has specifically told them their address book has been compromised, they aren’t going to realize that this is their problem and they’re going to do nothing about it. Is there a way to tell? I’m getting very tired of informing them one by one and always including the link to your page on what to do if their email has been hacked.

Knowing that your email has been hacked can be very difficult to detect, particularly if you are not moderately tech savvy.

Hackers often go through extra steps to leave as few traces as possible. Sometimes, they may leave some, but it’s not that common. In fact, it’s very difficult, sometimes almost impossible to tell.

Let’s look at a couple of things that could help.

Signs of a hacked account

The most common scenario for an email account being hacked is that the hackers actually change the password and you can’t login. Clearly, that’s not the scenario that you’re seeing here. When people can’t login to their email account, they know something is wrong.

When hackers don’t, change your password they do so so you won’t notice that anything’s wrong. They can continue to send email as you and you have no idea that anything is wrong.

One way to determine if this is the case is to look at your sent mail folder and see if there are messages there that you know you didn’t send. If you find some – particularly message that look like spam1 – then you know a spammer probably has access to your account.

The problem is that hackers will often take the extra step of going into the sent mail folder and remove what they sent from there so that they leave no trace.

Hacked!Check your logins

Most email services have a tool that shows you the last time (or several times) that you accessed this account and the IP address from where you did so. Many hackers are overseas, so if you look at that information, you can sometimes tell if your account was hacked because there’s a login from another country.

Now I do have to warn you that sometimes legitimate access may still look kind of suspicious within your own country. In the United States, it’s not uncommon for my email account to be logged into from my location, another location elsewhere in the country, a third location elsewhere in the country depending on what I’m doing. That’s because I’m often using a different ISP at different times. Different ISPs will look like different IP addresses and they may report different locations. Unfortunately location reporting for IP addresses is notoriously inaccurate.

But if you see accesses from countries overseas, its best to assume your account has been hacked.

Gmail is the only email service that I know of that actually has this level of detailed information. You might check with your own providers to see if they have something similar.

What to do when you know

Unfortunately, the most common way that people find out that their email account has been hacked is the result of exactly what you are doing. Somebody who is receiving email from the hacked account tells them, “Hey, your account is sending out spam; you’ve probably been hacked.”

That’s about as good as it gets.

When this is the case, change your password. Do all of the other things that you need to do to secure your account.

Footnotes and references

1: Most commonly a short subject line like “Hello”, and a body that contains only a single link.

There are 3 comments:

  1. Larry McClelland Reply

    I used to get fairly frequent emails from a Moderately High Level Government Employee saying she was stranded in Europe because her Credit Cards and Passport were stolen and she needed $700 for a plane ticket home. They were very convincingly written and even contained some personal information which applied to me, however,one she made a lot more money than I ever did, and two, she was a big girl and knew how to take care of herself even if you couldn’t see through it.. Surprisingly many people did send money and were very angry with her when they found out it was a scam. This was a valid Government E-mail address.

  2. Sandy Coulter Reply

    While my email has never been hacked, many of my clients’ and friends’ email accounts have been. In most cases changing passwords resolves it if done quickly. Not one can tell me how it happened. I would really like to know how this happens and how it can be prevented. Also, I discovered that in some cases where the person has a yahoo and a facebook account, that both may be hacked simultaneously. I believe it is because they are using FB to log into yahoo mail. Thus, both passwords must be changed or it keeps happening.

  3. mary ellen zabriskie Reply

    It seems to me that removing a hacker is really impossible, Iam a 66 year old woman and I had to remove one computer already, but still the

Leave a reply:

Before commenting please:

  • Read the article. Seriously. You'd be shocked at how many people make comments that prove they didn't.
  • Comment only on the article. If you have a new, unrelated question start with the search box at the top of the page.
  • Don't post personal information. Email addresses, phone numbers and such will be removed.

VERY IMPORTANT: because of a rise an comment spam that's making it through our filters any comments that do not add to the discussion - typically off topic or content-free comments - run a very high risk of being flagged as spam and removed.

If you have a new question unrelated to the article above, ask it on the Ask Leo! ask-a-question page.