Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

194 comments on “Email Hacked? 7 Things You Need to Do NOW”

  1. To back up your contacts list, most email providers have a function to export your address file. They often give you a choice as to which format to export to such as LDIF, VCF of CSV (comma separated values, which can be read by Excel and most other spreadsheet programs).

    Reply
  2. People i know sometimes get their accounts hacked and ask me for advice. I also tell them its a good idea to virus-scan their machine with a secondary antivirus (MalwareBytes Anti-Malware is the one I recommend most times) before changing passwords. Because if there is a keylogger can pick up password changes otherwise.

    Reply
    • Hi, my outlook account is being hacked and the recovery email will be the hacker’s email in less than 30 days, and what worries me is that it’s now less than 20.. I logged on and found out that it would be changed so I clicked, I didn’t request this. They told me to enter what the recovery email is now so I did, and they sent a code there to recover my email. After that, I found out I had no access to that account. If you click cancel the same thing happens. So I went on a website by Microsoft/outlook. They told me to enter another email; I didn’t have another one so I created one. I sent a verification code there but when I logged on to that account there were no messages and I sent the verification code three times. Now I have no way to recover my email, this email is really important and I can’t get another one. Unless I change my Xbox Account Email! And get another Skype. I will try that, sorry for wasting your time. If it doesn’t work I’ll send another reply. Thank you.

      Reply
    • Yea I totally agree 100% as in the past 7-8:years I have had Norton $ McAfee and I use to get ongoing good feedback on a day to day basis informing me threats have been detected and dealt with. Absolutely money well spent

      Reply
  3. My contact list was hacked. I was notified through my yahoo account. The invaded(it came from a different country-with a IP address(can I tract the IP address or can I turn the IP address) in that they used) used a deivce and was able to spam my contacts. I changed my password and I have changed it before. This is the third time it has happend to me. Maybe I should change to a different type of service.

    Reply
  4. The following could be added to 4. Check Related Accounts:
    ” Since PayPal does not require the using of the security code on the back of your credit card, if hackers are able to access your PayPal account they can easily make charges to your credit card. I have had this happen to my PayPal account.”
    That is why I refrain from using PayPal and any other online business which does not go the extra step to protect its customers.

    Reply
    • PayPal does give you extra security whenever I make a purchase with paypal I get a security code sms’d to my mobile that I have to enter to complete the transaction. It also stops anyone being able to hack into your paypal account as you access your account unless you use the code sent to your mobile

      Reply
  5. >> Maybe I should change to a different type of service.

    You probably need a better and longer password.

    I recommend to people they pick 3 things they would never forget, like favorite color, dog’s name, and first child or some other name, etc, then pick a number you’d never forget like last 4 of your SSN, and then mix them up, maybe something like,

    blue5Thor8Sarah20

    If your email service can take this long of a password, you’d be wise to make up some kind of similar rules for yourself that are easy to remember, and then follow it.

    Also, *NEVER* reuse your email password as the password for any other account.

    Make slightly different password rules for your bank and other accounts.

    Reply
    • never using email password for another account, or perhaps for another email account is probably a good idea, but maybe not so much any kind of password with a contextual base. You’d be surprised how easy it is to crack, and even when you’ve got a seemingly secure password. Combination of Alpha-Numberic-Symbol (avoiding quotes) is the best way to go – 16 characters. Sign up for a free email certificate at comodo, so you can send secure email – there are lots of online javascript password generators that are designed for the purpose of defeating keyloggers, so they don’t get to your password from the get-go, copy and paste (cntl + c, cntl + v) passwords in a secure email to yourself and file it away. Hackers wont tell you that they are sitting in your email, so if you don’t lock it down, or simply don’t see activity – this doesn’t mean anything (if you become a target – they’ll simply hack your new password, and wait until you put your new bank password in an email). If passwords are important to you, consider a program designed to store and retrieve passwords, like 1password, and never enter personal and financial information from an email, that’s what customer support is there for, to help you.

      Reply
  6. Great article. I like the detail this article has,it’s very informative. I will be forwarding the Link to many seniors that I try to keep up to date on computer and Internet security.

    Reply
  7. I really, REALLY gotta wonder about all these people who’ve had their free email accounts hacked. Sure, there’s malware, password stealers, but it’s a lot like crossing a busy street. A LOT of the danger is avoided just by basic simple precautions, like looking for a break in traffic. Over the last 20 years, I’ve never had an account hacked, never had personal information compromised, nor ever used any stronger password than the same simple 7-LETTER one wherever I’ve been allowed to use it. I suspect a majority of these hacked accounts have been willingly shared with others. Any secret that’s known by more than one person is no longer a secret.

    Reply
  8. Mike – you are very lucky. I have had strong passwords for years (14 characters) and STILL a hacker managed to hack two of my email accounts — a Microsoft Live (Hotmail) account and an “inbox.com” account. I only found out when the hacker sent spam email — to my small business email account! I did some research and found that the hacker was located in Belgium and was using a smart phone at the time! How could he (or she) have found out my password? I’m not even sure how (or if) he got access through the “forgot my password” link offered. This also happened to my ex-wife’s Yahoo account (she had a much weaker password – only 10 characters. It was the same hacker IP address in Belgium. There are many ways to get your password; yes, it could be as simple as a password reset, but there are insidious programs that send your password to the hacker. In my ex-wife’s case, I found out through Malwarebytes that the computer had been regularly sending out an “outbound IP request” to this same IP address in Belgium. There was a small program capturing passwords on her PC. I finally was able to kill the process with TDSSKILLER, which I believe Leo had mentioned. Leo, keep up the good work — this is the most comprehensive article I’ve seen on email hacking; I hope people will heed your advice. Unfortunately, one can’t always back up email — I was able to use SeaMonkey’s (Firefox platform) email to grab my emails from inbox.com, but Yahoo won’t allow you to download using POP unless you have a paid account.

    Reply
    • So, in #3 above, Leo mentions the hacker possibly having put in his / her email address and / or phone number for purposes of “recovering” the account. Am I the only one who thinks this information should be useful in tracking down the perpetrator? Is there any sort of law enforcement effort, domestic or international, to deal with these pond scum creatures? Is there any value in capturing the hacker’s contact info for this purpose? (Or maybe to hunt them down & ….)

      Reply
      • Actually it’s often just another anonymous account. I suppose, technically, it could be used to track down the scammer somehow if enough resources were applied. However is YOUR email account hack SO important that a cooperation of international law enforcement agencies will go after yoru specific hacker? Maybe, but I would not count on it. Generally they have bigger fish to fry.

        Reply
  9. Seems like most if not all of these people who have had there email account hacked use an online email account. I have never heard of a Thunderbird or Outlook Express account hacked. Maybe these people should switch to Thunderbird, Outlook Express or some other PC based email account. Just a thought!
    Mike 🙂

    Reply
  10. It seems to me if someone can figure out your password is something simple they can also figure out something hard. A person has to have a way of actually seeing your password to figure it out. If I decide my password is going to be I like duck’s I don’t see how a guy in Maine is going to figure that out. He is going to have to have a way to see it and if my password had 20 character’s wouldn’t he still see it?

    Reply
  11. @Mike
    You’re comparing apples and oranges. Thunderbird and OE are email programs which are used to access online email accounts, which can be Hotmail, Yahoo etc. These people who are having problems with their emails being hacked may also be using an email clients such as Thunderbird or Windows Live Mail. It doesn’t really make any difference whether they use an email client or access their email through a web based interface.

    Reply
  12. @Krktoday
    It’s not so much a question of someone figuring out your password. Hackers use programs that have different techniques to guess or crack the passwords, such a dictionary attacks, in which case ‘I like duck’s’ would be cracked in milliseconds or brute force where all combinations of characters are tried until they succeed. A long password can take an exponentially longer time to crack. This article on Ask Leo explains how this works. How long should a password be?

    Reply
    • Yes I was hacked the other day and I have no doubt it was from just simply knowing my phone number and I’ve seen those advertisements posted and available where you simply put in someone’s phone number and you will know everything about them I think is the claim they make how can this be legal. Also I sat and watched in amazement my screens on my tablet and cell phone as vericut verification after verification came rolling through where they simply kept changing my passwords once they were in they were in or so it seemed your thoughts ?

      Reply
  13. This is probably the most common question we get asked at shouldichangemypassword.com. People learn they’ve been compromised, and then panic and are not sure what to do. Glad it’s been answered!

    Reply
  14. I have posted the following here before but nobody seems to notice. Beware a Yahoo IDENTICAL sign-in tablet/page which suddenly breaks your Yahoo email connection and presents you with an immediate opportunity to re-login which, in the circumstances without thinking, I did. The offenders were our Canadian ‘friends’ who are the largest sex pill spammers probably on the Net. I checked my login history and found that two Canadian entries adjacent to each other had carried out this operation two days before my Contact List was hijacked with 50% of my friends receiving one spam letter and the other 50% another. I told Yahoo but they made it difficult for me to copy the entry and send it to them. Surely, their computers can recognise this sort of attack especially when the two Canadian entries are surrounded ONLY by Indonesian traffic. I recommend to Yahoo users to use the sign-in feature (which I had ignored until then) which will absolutely prevent this trap I fell into. Luckily no other damage was done to my account but I was embarrassed to say the least.

    Reply
  15. Seems to me that someone can’t count: Someone said “Seven” things you need to do now, and then actually named NINE things!

    …Heh heh heh heh heh!     🙂

    That’s on purpose. Numbers 8 and 9 aren’t really specific steps.

    Leo
    06-Jun-2012
    Reply
  16. Hi Leo
    … Another excellent, comprehensive article. Thank you.
    … I use a 4 character password to login to my iPad and Xoom tablets. I would appreciate your thoughts and recommendations.
    … Al

    If you mean a numeric PIN that you type in to unlock the device – I do too, but I struggle with it. That’s different than an online account, though, and really only protects the device if it’s physically stolen, so I’m kind of OK with it. But those types of on-screen PINs are apparently quite hackable (using, of all things, the smudge patterns on screens). As always longer is better, for sure.

    Leo
    06-Jun-2012
    Reply
  17. Something that may be related to this:
    A friend of mine has had their Yahoo account spam people (including me) on at least two occations, but only when they logged in to the Yahoo chat program. it is as if within seconds of them logging in, the program itself starts sending out e-mails promoting dubious links.
    Could this be a virus that only attaches itself to chat programs? It wouldn’t need to know your password as you have just provided it (though that wouldn’t stop it passing it on for future reference).

    Certainly anything is possible, but more likely using the chat program somehow allowed the password to be hacked or sniffed and a hacker took control quickly.

    Leo
    06-Jun-2012
    Reply
  18. Leo A friend sent me this in responce to a queston I asked. Thought it may be a good add on for this article. Thanks
    ———————————————
    Hackers work like this –
    – Most people dont want to have a password of more than 10 digets because it is a pain in the ass to remember or type when confirming their email addy – so they try to keep their password short.

    – Hackers know this, so usually they only hack passwords with 10 digets or less, because the hacking programs that they use, usually only show up to 10 digets – or 3656 TRILLION possible combinations.
    Plus it takes time to hack someone.

    —————————————————
    One diget could be any of 26 letters or 10 numbers = 36 – [times 36 for each additional diget].

    FOR EXAMPLE
    My computer calculates any program at 18 million digets per second.
    This means that I can calculate the first diget in someone’s password in about 3/100 of a second.
    For each additional password diget, the calculating time is SQUARED.
    [The hacking program must read the entire program over and over for each possible diget.]

    IE: diget one = 3/100 second or .3 seconds [total program run time .03 seconds]
    – diget two = 9/100 second [total program run time .12 seconds]
    – diget three = .81 seconds [total PRT aprox 1 second]
    – diget four = 6.5 seconds [total PRT aprox 7.4 seconds]
    – diget five = 71 seconds [ttl PRT aprox 78 seconds]
    – diget six = 84 minutes [ttl PRT aprox 85 minutes]
    – diget seven = 1.96 hours [ttl PRT aprox 3 hours]
    – diget eight = 3.8 hours [ttl PRT aprox 6.8 hours]
    – diget nine = 14.6 hours [ttl PRT aprox 21 hours]
    – diget ten = 213 hours [ttl PRT aprox 234 hours or 10 days]
    —————————————————

    If you have a password with 12 digets, then the hacker has to spend time ‘manually’ figuring out what the last 2 digets are.
    This could be any of 1296 possible combinations [36×36], and that takes time.

    If you have a 15 diget password, the hacker has to ‘manually’ figure out the last 5 digets, or over 60 MILLION possible combinations.
    – [36x36x36x36x36]
    This takes a long long time – and most hackers wont bother, just to SPAM you and your contacts.

    Sometimes I might use a password that says – ‘your’computor’is’now’infected’ – 25 digets, or 221 BILLION TRILLION possible combinations.
    – Good luck hacking that one.
    Not to mention that the hacker may spend additional time looking for the computer virus.
    LOL 🙂

    Reply
  19. Good advice but came to late for me… My additional advice would be to emphasize the NEVER trust anyone with your password especially a spouse. You never know what they will do if the marriage goes sour and you should never underestimate what they would do. Not only did he get into my email and change the password but he then used yahoo to find out all my linked emails and then unsubscribed me or started spying on my email lists including domestic abuse support groups, and also used my bank account and credit cards to buy himself stuff. So, never trust anyone with any account information, ever.

    Reply
  20. Dear Leo,

    Why cannot I find my post on this forum please?

    As a reminder, it is the one trying to help people not to fall for the false Yahoo login page.

    Rob

    Reply
  21. @Rob,
    Questions go into the question queue, so those don’t show up in the comments. Some of them get posted if they get answered, in fact quite of few of them seem to be making their way into the weekly Answercasts.

    Leo keeps pretty busy… watch this page and it posts exactly where he is in the queue…
    Ask Leo! questions

    Reply
  22. One important comment.
    I keep a hard copy of articles like this in a 3 ring notebook, along with similar important items [like a printout of a Belarc analysis of my current system]. Why? It’s good to have important information related to your system and “how-to” printouts prior to beginning any endeavor to recover any loss. In other words, having the knowledge and a plan without having to access your PC’s system.

    Perhaps Leo could compile a “must haves” or “good things to keep a hard copy of” as an off-line guide to what you need to know. [?]

    Reply
  23. A friend had his email hacked and the only thing they changed was the “reply to” address… adding a dot “.” to the original address! something we nearly overlooked. They had sent out heaps of SOS emails requesting money and all replies when straight to the hacker – so be warned!

    Reply
  24. I think my hotmail account was hacked. When I try to sign in Windows Live, it says “We believe there is suspicious activity on your account, please enter recovery information” Trouble is, I never updated it! It’s my old cell number & old college e-mail address! Ugh! However, my son can log into his x-box live account, so does this mean I was really hacked? Or has my son changed the password? He says he hasn’t but would it be possible for him to sign in on the c-box if I am locked out of my own inbox? I also tried the recovery where they ask questions about contacts, recent sent e-mails, etc. but I haven’t received a reply, so I tried it again, but when I put in my perhaps hacked e-mail & my new one I set up, then try to type the captcha, it keeps saying re-enter information; thus, I am not getting anywhere, except a viscious circle! I am able to see my contacts, etc. because I have my e-mail via Windows Live Mail, but it won’t let any new mail come in or me send anything out, ugh! I’ve been trying this all week now, please help! Thank You!

    Reply
  25. My e-mail was hacked which totally freaked me out so while I still had access to it I cleared all information from it (contacts, sent mail, etc.) and then closed the account. I also called and changed all of my incoming info (from banks, contacts, etc.) e-mail to my new one. I hope that I have done enough

    Reply
  26. @Gabe,
    The only other thing you need to do is to make sure your new account is locked down tight with a really long password, and all your recovery information is set right, and do all the things Leo recommends to keep the new account safe.

    Reply
  27. i cant access my msn account i think i got hacked and i also play this game and im scared that they would change my password and my secondary account on the game

    Reply
  28. Hello,

    When I log in into my gmail account, I am notified that my recovery email may not belong to me anymore and asked for verification.
    I really don’t remember the password nor questions related to it because I was using it long time ago.
    What do I have to do:
    1. to stop this notification ever time i log into gmail
    2. to restore my google docs icone and approch t it because since this happened i can’t approach my shared documents.

    Hope you can help!

    Reply
  29. @Ana,
    If you don’t have access to your old recovery email, then you need to set up a new one, and get it entered and verified as a recovery email. This is really really important because if your account is hacked you have no way to get it back except through your recovery options. Also be sure to enter a recovery phone, and answers to questions that only you know.

    Once you set up a proper recovery email, and verify it, then then warnings will go away.

    Reply
  30. Okay, so this is rather bizarre… someone used my email address to sign up for a website that requires payment (they did not have access to my credit card though). I canceled the account… so can they still use my email to log into their account? Basically, what I’m asking is: after deleting your email account, do accounts from other sites linked to that email still work? Please help :[

    Reply
  31. My email wasn’t hacked but someone (who I do not know) used my email address to sign up for a website (in which an email address was required). Now that I deleted the email address, is the person no longer able to log into their account (that was my aim…)

    Reply
  32. @Kat
    He would still be able to access it, because accounts like that aren’t actually linked to your email account. You email account is simply the login name and in most cases, the recovery address for that account.

    If you still have access to that email account, you should be able use it to recover the password from that website the person has opened up, and change the password, or better yet close that account down.

    Reply
  33. @Leo et al.

    Thank you for this well written and detailed tutorial on how to save what’s savable and prevent future episodes of the same type.

    Thankfully I am not affected by this type of attack in person, but I am helping a friend deal with her (no-backup, no-POP) gmail account having been:

    1). Hacked
    2). Contacts & email messages (10 yrs.) harvested & spammed
    3). Contacts & email messages (10 yrs.) DELETED (very ugly)
    4). Set to have all e.mail forwarded to a hacker controlled secondary account (xyz@ymail.com instead of xyz@gmail.com – so spoofing the old address visually in a way)
    5). Language set to Hebrew

    I have gained access to the account and was able to reset the language and stop the further forwarding of any mail.

    Thanks to this tutorial, to avoid collateral damage, I also checked and changed passwords to connected accounts (Fb, PP, credit cards etc.) which seemed untouched.

    My reason for commenting is to see if Leo or any commenters have any wisdom on what to do about getting any of the “permanently” delete items back in one way or the other (Google or hacker). I.e. all messages were but into the trash which was then emptied by the hacker.

    I have read about a couple of tech journalists being able to get help from google directly to recoup this type of data lost in a similar way. Do mere mortals have a chance at all to have the GOOG to do some retrieval tricks before the data is actually overwritten on all their servers?

    Beyond that I was thinking about anything that might help in sleuthing out the hackers using the xyz@ymail account and gmail’s “recent access” data: Nigeria ([IP address removed]), if this is indeed where they accessed the account from.

    Is it possible for a mere mortal to track the access to the ymail.com address to see if it matches the Nigerial ip address and perhaps pin this down further. Do any of you have friends in low places?

    How about writing to the hackers at the ymail address with some kind of message to get the lost data back. Rough and tough, Interpol threats, humble, begging?

    Let me know what you think or know, and if you have any pertinent ideas please.

    Thanks again to Leo for the completeness of this piece.

    Unless you have friends in high places (and I do not) I know of no way to get anything back in a case like this. It’s why I harp so hard on backing up.

    Locating the hackers is pointless. Unless you are or have engaged law enforcement there’s nothing that you could do to get that information, or do anything with it if you did.

    I also believe that any attempt to contact the hackers is, honestly, just asking for trouble. It’s not like they’re going to return anything because they’re suddenly going to be nice and take pity on you. Besides, they probably didn’t save it, they more likely just deleted it and have nothing to give back to you. It’s more likely that they’ll try to extort more money from you instead.

    Leo
    16-Nov-2012
    Reply
  34. Hi again,

    I was able to get both, all contacts and all emails back!

    The contacts can be retrieved quite easily by using the “Restore Contacts” feature in the “more” dropdown menu on the contacts page itself.

    The emails were restored by Gmail (I guess) in just an hour or two, after I sent them a detailed report using this page:

    http://support.google.com/mail/bin/bin/request.py?&ctx=bugflow_receive31&contact_type=bugs

    I am frankly quite shocked that this aweful sounding story has come to such a quick and positive outcome. Kudos to the Gmail team!

    Now let’s see if the police/authorities can do their part in taking the culprits off the map.

    Awesome! You got very lucky. You can ignore my prior response, but I still think it’s important for people to act as if once lost all is gone forever. Not all email providers have the mechanisms that you used, and not all that have them will guarantee their success.

    Leo
    16-Nov-2012
    Reply
  35. My friends ex husband sent me a joke on email. I opened it and now I am afraid he will have access to all my info. Is that true or am I being paranoid? There was no link on the email, it was a joke he forwarded from his brother. Thanks for this site, it is very helpful!

    Reply
  36. @Theresa
    If you didn’t click on a link or run a program from an email, there isn’t any way he’d have access to your information. If this were possible, the simple act of reading emails would be dangerous.

    Reply
  37. thanks for all the info, lucky me my hacker only sends spam….so i have changed passwords, security questions and fw my e mail….i have changed my passwords twice today so far…..just to make it difficult until everything goes back to normal.thanks!!!

    Reply
  38. Leo, I really thank you for this article. I’m a moderator on a fairly busy Internet list and we get phishing links coming through all the time from people who aren’t aware their email has been hacked. Our immediate response is to reject the email and send a link to your article telling them what to do. You’ve been very helpful to a lot of people and if they haven’t thanked you, I’m doing it for them. 😉

    Reply
  39. Hi Actually My facebook page Has been Hacked and he Has posted that “this page is sale for 500rupees” and i transfered the amount after that he has switched off his cell pls help me what to do 🙁

    Reply
  40. @Marie
    If your account was hacked, and the password and recovery information wasn’t changed before that email was received, it’s possible that hackers may have gotten a copy of that email.

    Reply
  41. I changed my password and security questions. My contacts are still intact. But I can’t send or receive email. It’s a Yahoo Plus account.

    Does anyone know when my email account will be restored? Is there something I need to do?

    Reply
  42. my yahoo email is hacked i recovered my password using secret answers but still its not opening with new password yahoo says your email or password is invalid please try again using your full yahoo I’D before this 10 days ago i did a comment on this site http://www.crunchmodo.com/
    today my account is not opening is its possible there’s some connection ?

    Reply
  43. I cant go in my email because its spammed by my friend and i forgot my sercurity question and i didnt know i would get blocked from my email and i want to get on my email what should i do????? I want my email back because it has the stuff i need for something.

    Reply
  44. Recovering my Hotmail account, tried everything. please help.
    hello,
    I kind of have a similar problem,
    I wanted to get my Hotmail account back
    I tried the “Validate your identity by providing as much information as you can on the Recover your Windows Live account” several times but I couldn’t, so windows suggested that I open a new account.

    I don’t want to open a new account, I need my {removed} because its associated with my Twitter account, and I forgot my twitter account password and I cant reset it without my Hotmail account.

    I don’t remember my alternate email address either; I haven’t used the account for more than a year, that’s why i failed providing the info to recover it. Please help me, the only reason i want to recover my hotmail password is because its associated with my twitter account and many other applications and websites, I don’t want to lose all this.

    Thank you for recommending on opening a new account but that wont solve my problem, please

    Reply
  45. i am 72 hours in to a violent macbook pro/ iphone hacking by a known perp. i worked with a data recovery company over the phone for 2 days who got me back on FB (but it’s as if by a co-signer, as my e-mail is not primary). my apple id is still blocked at sign in, despite attempts to change it. i meet w/ the genius bar monday, but still feel i will need more restoration. the recovery co. will provide me with generated paperwork that can identify this person. i e-mailed paypal and amazon w/ no response. just fyi- texts were stolen, as well. one question- this person in likely in the U.K. would you go through all the trouble of filing a report and hoping to prosecute?

    Reply
  46. Hi Leo,
    I am wondering if you have information where you can find help.
    If somebody has published false information about you on the net using several free advertising webpages.
    If this case says he is from an other country (international), what is easy to say. like the publisher in in Russia and you life in the States. The police will not touch it, because they say it is a case for Interpol. It is hard work to find out where he publsih and when. Then it needs a lot of time to get those publications removed.
    I went through this work and I like to protect myself for beeing Mobbed again.
    Not only that I look for the best help, not only a page saying you need to talk to a friend and family. NO I would like to become a specialist in helping people as well. If somebody is using the internet to damage your references is a very bad situation and has to be stopped with all possibilities. I hope you can give me some idea. Where I can start to find out if somebody publish something bad, like a messenger alert about your personal name, where i can find organisations to joy and create a helping center to eliminate entries.
    Thank you in advance
    Joe

    Reply
  47. Someone used a hotmail account to buy something with my credit card on Groupon. I contacted the ban. Groupon but there is NO way to contact Hotmail/MS to ask them to shut-down that address.
    I realize they can just make a new one but shouldn’t I have a way to at least let them know?

    Thank you!

    Reply
  48. The system if you actually consider it to be one is clearly out of control. After my mom and myself had our hotmail accounts “hacked” different times respectively and all the crap I went through to recover them I have no interest in an account of any kind anymore. I don’t dig the concept of personally information being ripped off to be no biggie. To each his own I guess. I will be making efforts to post anonymously if that is necessary.

    Reply
  49. Does yahoo have a 3 strikes and your out rule for entering wrong
    passwords or limit the number of wrong passwords per hour/day.
    If they don’t then yahoo mail accounts are wide open to brute
    force or dictionary attacks.
    Jim

    Reply
  50. Curious about exporting the contact list once you suspect that the email account has been compromised… is this safe to export to an excel file or to a different email account service if one chooses to change? Or does it leave some sort of ‘breadcrumb trail’ to allow the hacker to do more damage?

    Reply
  51. Can anyone tell me how can i recognize a deleted mail in my trash that which system it was deleted from? Looking for best and quick answer.

    Reply
  52. Hi. I do not know if it is a hijack. But, Sometimes i when i
    send emails, in certain periods i get no replies whatsoever.
    And these contacts have often replied to mails before. Even
    those with a long or many – lines message.

    You have probably heard of internet – bullying. Is it
    feasible that some…have made a like a copy of
    my hotmail and intercepts outgoing messages
    just for the hell (sorry) of it or to make me feel
    unease and paranoid. Just a theory.

    Regards
    Carl F

    Reply
  53. Yesterday morning, of around 12 emails received, suddenly all but three disappeared. An automatic response to one sat bewildered in the Outbox. Later, another two disappeared. This morning gave a repeat performance. Malwarebytes found 7 PUPs on my computer, two as files and the rest as registry keys, which have been smartly removed. Can I connect these with the missing emails in that spyware may have been responsible? Why would a hacker take only a sampling of the emails instead of taking them all?

    Reply
  54. I have Verizon Yahoo. On 1/1/14, I was trying to forward some e mails which were on the server. As I was working with them, some were viewable on my Android tablet but not on my computer. Then most of the 40 emails were viewable on my tablet, but were in the Trash folder. Moving them resulted in an empty trash folder and 30 of them disappearing entirely.

    VY has a message up that they are converting their email to SSL. In addition, VY has hit with a major hacking episode on 1/1, via a Java exploit.

    So long story short I lost 30 emails. Unfortunately, I had not downloaded them from the server.

    Reply
  55. A facebook account has hacked by anyone and he(Hacker) has changed the password when i want to log in then it shows password is incorrect and then when i click on forget password then facebook send me confirmation code on my mobile no but my mobile has also stolen by anyone and i failed to enter confirmation code how can i login or blocking to facebook account please help !!!!!!

    Reply
  56. Amazing coincidence! I found out this morning my e-mail hacked, and when I went back for the support phone number, I see in my inbox this post!

    Needless to say, I took proper steps, including a thorough scan of the computer. I’ve been having problems with a program that seemed to escalate to the OS, forcing backup recovery (ntdll.dll problems). Now I am noodling this as well.

    Reply
  57. Hi Leo,
    I am shahmir from Pakistan . my friend has lost his Facebook Id that was hacked by someone so I am recovering his Id so the machine want to know his Password of hotmail account. its also not working please help me because someone is using hid Id abusive
    Thanx

    Reply
  58. uWhen I made my java mobile locked with new password my mobile lost all setting I want my home page google in place of samsung

    Reply
  59. Well my yahoo account has been hack and the back up questions have also been change and all my passwords of my other acccounts such as instigram and ect have also been change is there any option that i have left because i didnt put and alternate email or phone

    Reply
  60. my gmail account opens in different locations and iam using a nokia modem how do i stop this in
    ubuntu,sometimes server operator changes ip address
    thanks

    Reply
  61. This was a great article. Thanks! I just got hacked on Aug. 21st and I changed my password of course, but nothing else. Tonight I finally figured out how to change my “sending name”, as the hacker had changed it, and within 20 minutes I got an email from Yahoo saying that someone in the Netherlands tried to access my account AGAIN!!! (I live in the US). Thanks to your recommendation I just changed my alternate email. Yahoo also has secondary security that I made sure I had (and changed tonight). It’s just 2 security questions. I wanted to point out that even though the hacker deleted my contacts, I was able to recover most of them from the “deleted contacts” folder on Yahoo. Thank God the hacker forgot to delete the trash. Not sure if anyone besides Yahoo has the deleted contacts folder, but it’s worth a try. I just took all the steps that you recommended above. Thanks again.

    Reply
  62. hello

    please help me

    i can’t remember the answer to security question in my yahoo email, but i know the email and password.
    what thing i have to do?
    it’s an important email of mine and i must get through.

    HELP ME.

    thanks

    Reply
    • If you know the email and password as you say you do, then just login normally, and go update your security info. If you’re being prompted for additional verification then you must provide that information to prove that you are the rightful account owner. Forgetting security questions is the fastest way to lose an account forever: A One Step Way to Lose Your Account … Forever

      Reply
  63. I have a friend on facebook whos account was hacked and is unable to change the language back to English. He is has already gone into the settings and tried changing but still showing in foreign language. Thank you so much for your help.

    Reply
  64. Two days ago my partner said that he received an email saying it was from me and came up in my married name. The email contained a photo of me from when I had a photo shoot so he looked at it on his mobile phone email account and replied to it. He had an email flick back saying that it the mail was undeliverable as the account was no longer in use and the email address listed was one which I had with virgin media many years ago when I was living with my ex husband and even before I knew my partner. There are several things that don’t link up:

    1) The blueyonder email account should have been deleted and wonder how it is being operated from?
    2) Why did my name appear in the email to my boyfriend because it would have appeared in my ex-husbands name as it was set up that way
    3) How did the picture of me appear? because that was a long long time after that email account
    4) How did they link it to my current partner?

    Many thanks for your help.

    Marcia

    Reply
    • That article covers the topic pretty thoroughly. If you can’t get the account back using the steps outlined in the article, it might not be retrievable.

      Reply
  65. Kindly help me to get back my Yahoo!.account that was hacked around 11 to 12 October 2014.The hackers change my password and the recovery email,I m ready to identify myself through whatever way u deem it right sir.Sincerely Junaidu Usman

    Reply
  66. When I found that the live mail had been hacked, I reported the problem. But since then there are
    still problems that are unresolved. Wanted to send an e-mail to the Support team but they don’t
    seam to have an address where one can contact them directly. So I sent a written request for
    help. No reply. Have found this process to be very frustrating & stressful. I then changed to a
    new server who in their opinion, have felt that Outlook has poor security and it won’t matter what
    account name I change the live mail to they won’t connect it.

    Reply
  67. Leo,

    I’d do one more thing . . . . if your email service has the capability, activate two-step logon. This feature sends a six digit code to your mobile phone that you must enter EVERY TIME you either (a) log on to email from a new machine, i.e. a Nigerian hacker has your email and password or (b) every time you clear you cookies on your regular machine. This can be a minor pain, but this extra simple step can save a LOT of grief. Ask me how I know.

    Taking backups of your address book on a regular basis — I do it once a month — is not enough. You must test importing the address book to verify the backup and restore process actually works. Lots of folks ignore this step. After all, a backup which cannot be used to restore your account is no backup at all.

    Good luck everyone.

    Reply
  68. Hi

    I’d like to know how I can make sure that my email address does not show at the login screen the moment is type in a the whole address appears below and I do not want that. At work other people have email accounts with yahoo and I do not want them to know that I access my emails from the office in an emergency like when I need to print docs from my email.

    Thanks

    Reply
    • Your bosses at work have the ability to access to every web page you visit on their computers. They can see the contents the contents of every email you view. In fact, if they choose, they can record every keystroke you type. So if you don’t want them to know what you are doing on the web, use your phone.

      Reply
  69. thanks Leo for the insight on hacking and recieving spam messages from my own account,in fact i have discovered that someone tried to hack into my account,thanks again Leo

    Reply
    • All of the possible recovery options are mentioned in step 1 of this article. If none of those work, it’s likely you’ve lost your account permanently.

      Reply
  70. On January 1st this year someone hacked into my email account and set up 2 step verification on it.Since then I have had numerous email conversations with microsoft support and they know that some one hacked my account and changed things.Now the thing that is very hard for me to accept is that they say they have no control of who gets into or uses the account,but surely they as programme writers have the power to change this or does it mean that no one is safe and there programme is virtually worthless.I have lost a lot of important emails and contacts through no fault of my own but they do not appear to be the least bit bothered about it.I have tried to get them to send me contact details of someone so I can take this further but its like banging your head against a wall they just do not appear to want to help.They know my account was hacked so surely they must have the IP address of the hacker and be able to restore my account.

    Reply
    • It may help to think about the various people involved in this whole scenario. Yes, Microsoft has lots of great programmers who could make changes to the code. But the person you are conversing with in tech support is a tech support person – they probably don’t have the programming skills, and certainly don’t have access to the code that makes the program run. Any good company will not allow their customer service crew to have access to sensitive information. For instance, you’ll (hopefully) find that no tech support person ever has access to your credit card in any system. At the most they will be able to see the last 4 digits and the expiration date. Also there is no reason for the tech support person to lie about what kind of access they may have for recovering your account. Hope that helps.

      Reply
  71. My father got a call from his friends saying that he has forwarded some email to them when he actually hasnt. He even opened his email a/c and saw that no email in his send folder. Is his A/C hacked ? are my dad’s friend been spend a spam mail? Is there any further risk for my father?

    Reply
    • This can be done very easily by anyone who knows your email address and the addresses in his address book. The can easily fake his address in the From: field. Following the instructions in this article can prevent further damage, but now that the hacker has the address book, there’s nothing to prevent them from sending more emails like that.

      Reply
  72. Hi Leo:
    In step #6, you state that users should “download the email via POP3 or IMAP to setting up an automatic forward of all incoming email to a different email account, if your provider supports that.” Is it possible that the hacker has done so already without your knowledge, meaning that even if you change your password, all your emails will still be sent to the hacker? Or, I’ve heard that there is a way to set up an automatic BCC on every email you send; so even if you do change your password, the hacker will continue to receive copies of your emails without your knowledge. I have been recently hacked and immediately changed my password and activated a 2-step verification option when logging on from different devices and locations, but still have the concern that copies of my emails are being sent to the hacker. Is this possible and if so, how do I check/confirm and stop it?
    Many thanks.

    Reply
    • It is possible, but it would be via an option in your email accounts settings and options that you should verify as not having been set.

      Reply
  73. Hi Leo. My email was hacked on the 26/8 some one from South Africa .. Google sent me a email about suspicious activity which I then went to change mynpassword … However I’ve got no mail since?! Nothing since the 26/8 and today is the 11/9 ? How is this possible? I’ve deleted my gmail account a few times and started it up again on my iPhone but I’m still not getting emails thru 🙁 not sure what else I can do. Any suggestions?

    Reply
    • If you are able to log on to your Gmail account, in addition to the 7 things described in this article, I would check to see if that account is set up to forward email to another account and change that if applicable.

      Reply
  74. I have a question regarding mail sent on myspace. I’ve actually deleted my account on myspace but could someone tell me how I could have mail answering a question from someone who sent me a message “before” the email with the question came? Example, me responding to a message.⬇
    “I’m doing great, how about you?” Date 9-10-2015 time 8:00pm
    Now, this is the mess Im responding to…

    “Hi, how are you doing?” Dated 9-10-2015 time 11:00pm
    It looks like I’ve responded to a question “before I ever received it”.

    Reply
    • I wouldn’t worry about it. It could be that the other person lives in a different timezone, or has the time set incorrectly on their computer, or simply a glitch in how MySpace handles their messages.

      Reply
  75. I accidentally stumbled across this site. THANK YOU GOD & for LEO! I had my ALL my email account’s hacked (Unfortunately I had a yahoo account for absolutely nothing. Also unfortunate for me and my husband that it’s someone we know and he used the yahoo account as a platform for all the other account’s. Plus we work at a place that takes cc over the phone and he has my in-laws Unlimited card number though somehow crossing all of our text messages. I don’t get that one though as nobody backs up text’s in the family.), pc and finally our phone’s. I contacted all my contact’s, uninstalled the apps he also used, disconnected the Xbox live account that I NEVER made, contacted Microsoft (that said they could trace since it’s still going on for now legal action on my part. Actually Microsoft was very helpful for free), deleted all contacts, copied all fake url or IP information , backed up everything onto PC then memory stick, and much more. It’s sad that some people in society are weak, sneaky, pathetic and DESPERATE. So, my husband and I learned this time. It’s true, hacker’s have no problem with ruining your privacy and sometimes, life. Most are gamers or ex gamer’s that are LAZY. However not lazy enough to go through all this bullshit for free money. Thank you for this site and being invisible to my hacker. I really wish I could be as low as him and hack into his stuff making him more broke (to our knowledge) than he already is. Then I can’t take legal action. I will definitely be back to keep up dates for my phones, etc.,I will say this, if you are being hacked and want some justice, go to the authorities’, Microsoft, etc., (use a totally different phone or PC though) and let them do what they’re doing. Don’t get me wrong protect your finance’s, just don’t let the hacker(s) know. Yes it’s a very dangerous game and if you don’t have the separate fund’s and support, DO NOT DO IT. Please listen to Leo. No joke. Again thank you for more information . We are eternally grateful.

    Reply
  76. Live your life in reality and not so much via electronics. Getting hacked is probably the best thing that ever happened to you. Brings you back to reality.

    Reply
    • While I can understand the sentiment, email has connected me with more people more closely than anything else so far. And by connected I do mean “in reality”, including friends I now meet with regularly that I would never have encountered otherwise, friends I’ve reconnected with to that same end, as well as family members – particularly overseas – for which email has made continued connection a practical reality. Yes I could have used “old technology” like pen and paper for each, but the pragmatic reality is that I likely would not have. Email made it all easier. Email made it all more likely to happen. Email made all this real connection possible. In reality.

      Reply
      • I could agree more. Thanks to technology, it’s easier than ever to make and keep connections. Email, Facebook, LinkedIn, Skype, etc., etc. enable you to keep in touch with people you’d likely otherwise lose contact with – and make it very easy and cheap to do so. Being able to FaceTime with my sister and her family in New Zealand and seeing photos of my nephews on Facebook is simply awesome. In the olden days when snail mail and expensive international phone calls were the only communication options, we’d have been in contact much less frequently.

        Reply
  77. All my contact lists have a fictitious entry that has my email address from another account. If it gets a message, I find out immediately. That tells me I need to get busy and start with the hard work on the hit account.

    Reply
  78. Thanks so much for the kick in the rear regarding hacking of email accounts. I realized how vulnerable I am and how important my email and contacts are so I have now switched to two step verification on Outlook.com. By the way my Outlook.com web pages does not have ads and I do not pay any yearly fee.

    Reply
  79. I notice that the article recommends using long passwords, which is sensible enough. People are generally advised to use increasingly long complicated passwords. This will not help if the password has been found out by some means. So increased length is meant to make it harder to guess passwords by using brute force (i.e. trying permutations until a permutation works). The reason why passwords are having to increase in length is because computers are increasingly faster at processing permutations and techniques are improving the permutational chances. But an 8 (random) character password would be as effective as a 28 character password if login attempts were limited even to 50. For example, the reason why a 4 number credit card pin is regarded as satisfactorily safe is because you only get 3 goes at entering it. So, why are unlimited guesses for email accounts still permitted?

    Reply
    • “So, why are unlimited guesses for email accounts still permitted?” – Most services do have some form of restriction in place: bouncing you to a captcha, progressively extending the time that must elapse between attempts or simply locking you out of the account completely for a specified period of time. Two-step verification provides some additional protection too.

      Reply
    • You’ll also notice that Leo recommends changing passwords on other accounts – that helps if a password has been found by other means. If a password is found on one account, hackers may well try them on other accounts.

      Reply
      • Yeah, and it’s especially important to use a unique password for your email account. If your email address and password are exposed as a result of, say, LinkedIn’s credential database being compromised, it doesn’t represent a risk to most of your other accounts – even if those other accounts share the same password – as the bad guys don’t know where you bank, which credit card company you use, etc., etc.. It does, however, represent a risk your email account as the bad guys have your email address and, if your email password is the same as your LinkedIn password, they’ll potentially be able to sign into the account – which would be a really bad thing as your email account can act as a gateway to your all your other accounts, including your banking and credit card accounts. Additionally, if you use Outlook.com or Gmail and OneDrive or Google Drive for data storage, the bad guys will immediately have access to that data as well as access to one provides access to the other.

        This is why one of the reasons to enable two-step verification on accounts that support it.

        Reply
  80. Easiest way for hackers to get email lists is through mobile apps. Check permissions on some ad ware apps you may have installed on your phone or tablet. Some will have access to your email and contacts. This information can then be used to hijack an email account and send emails from your address to people in your contact list. There is very little you can do once this has happened. People install apps without checking permissions they are giving up on their phone and this is why email hacking is on the rise, its not due to passwords in the majority of cases its someone using your email account to fake emails from.

    Reply
  81. Ok, this morning my sister sent me a email saying I got hacked. But it looked at the email address (that was supposted to be from me ) and it said my email name but the @ was not my email server.
    Was I hacked? Or my sister was hacked??

    Reply
  82. I am sending spam to just one person in my contact list and i have talked to others in my contact list and no one has gotten anything. This person got spam for about 4 months while no other contacts did. I am good friend with this person reciving spam on social media. The year was back then 2013. My friend stoped reciving spam afterwards.
    The actions i did then:
    I checked as you said recent activity in both hotmail and gmail and nothing. I looked in send folder and nothing. My Facebook has never been hacked (because of full register i know) and other social media. You say a typical hack is when your contacts gets spam, in this case it was only a contact. Wouldn’t they send to all in contactlist as you say in this article. Is it more likley to be something else?
    All my friends says i should know for sure when it is a hack because either they get closed accounts or they get respons from MSN friends or other friends or find in sent email. Or because their connected facebook got some posted new things or they started to write to stangers or something. I have read about spoofing but is that even likley who even put their energy to stalk others and then send them email to fool. Or has someone gotten our emails between and somehow connected us…however the teory should i worry???

    Reply
  83. I have a question like above and i would appreciate an answer. If only one person got spam and no others from the contact list. That means probably that they do NOT have access to the adressbook right? Any spammer should be interested in spaming as much people as possible??? I would like to hear your expert opinion pleaseee

    Reply
    • To be clear: there are no rules, and no predicting what spammers will do. So the answer could be just about anything. Like you I’d expect that if they have the entire address book they’ll spam the entire address book … but who knows?

      Reply
  84. I think that there are three things that are left out:

    (1) Use a VPN – always at home on the road in a public WiFi – everywhere. Note: Bitdefender’s firewall, even if it declares that there are “Trusted Applications” stop all VPNs from functioning

    (2) Human beings simply cannot make good passwords – use a password generator. IMHO this is a good password, generated by KDG password generator 4’N=h6cyY;RE7;{,}s

    Keep your passwords on four identical flash drives since flash drives have been known to fail. Make sure to keep them identical.

    (3) If your email has been hacked, after you have notified all of your contacts, close the account and OPEN A NEW ONE
    ————————————————————

    (4) Re-emphasizing two things that you do – BACKUP, BACKUP, BACKUP and ENCRYPT YOUR HARD DRIVES!!!!! Eventually some hackers are going to break Truecrypt so either use Veracrypt or, since Microsoft knows everything you do anyway, you can also use Bitlocker.

    Reply
  85. It’s a good article sirs,so I’m confusing how to avoid the marked “your account may be affected by security issues”and my email was blocked it’s it’s same by hackers?
    Note : I have been used 2 (two) past words,One for Medias and 1(one) for Yahoo from Philiphines.
    Thank you,

    Krishna

    Reply
  86. I have been either hacked or bullied. Most all of My email addresses have been accessed. Also moving through web forums trying to get answers I come across The same name and or names. Is it possible that someone or my ISP is leading me to the right person or persons or is it just a FReak coincidence?

    Reply
  87. Amazing artible about unknown location. I’m currently planning new travel (to Turkey this time) and your information will be very helpful. Cheers.

    Reply
  88. This morning I signed into my personal email account and I saw 150 new emails from various email newsletters and websites. I did not sign up for any of these and so I proceeded to label all of these as spam. 2 problems have come up since then:

    1) How did my email get spammed so much? I was thinking it was maybe a spam bot but I how do I confirm?

    2) The bigger issue I’m currently having is this email is not getting any new emails. I’ve tested this by sending an email to the address from another email and have asked a couple friends to email me something but I do not see any new emails. I have check the gmail settings under labels, filters, and POP/IMAP and they all look fine with nothing looking as though it has changed.

    Does anyone have any ideas on what is going on?

    Reply
    • Any account can be hacked. The best way to protect your account is to use a long (14 or more characters, not a recognizable sentence) unguessable password.

      Reply
    • That depends. Some Email Service Providers don’t really close the account when you close it down. Some give you time to change your mind. The best thing you could do is follow the instructions in this article before closing it down as an extra layer of protection.

      Reply
    • Depends on the provider, how you deleted it, what it means to delete an account from that provider and so on. Safe answer is “yes”, but if you don’t use the account any more, it shouldn’t matter.

      Reply
  89. It was an @me account, my icloud email address, well fingers crossed it will be closed and can’t be detected.
    Thanks for your help.

    Reply
  90. This article is very helpful and I will reread it. However, I would prefer to hire a service to help me. Is there any such service that you could recommend? Also, my email was hacked and I had to abandon it. However, would that have allowed someone to hack into my computer, as well? Is there any way to be certain that one’s computer has not been hacked?

    Sorry –The email address that I gave is the hacked one. I have not yet been able to set up a new one. While I am setting up a new email, I will be locked out. It has happened several times.

    Reply
  91. For Leo:
    How can i stop some relatives close to me from getting into my emails without a password? i want my emails safe and secure so that nobody can read them except me. Please help. thank you very much.

    Lakesha

    Reply
  92. I’m having problems with @ Mail on my MacBook Pro mid 2012. I keep being asked to enter my password and I have changed it so many uncountable times. It comes back right away as ‘password not recognised’. So I can’t receive any new mail or send any new mail on my hotmail.co.uk account. It’s very frustrating when you spend most of your day trying to fix this problem but cannot. I don’t know how to fix this problem at all. I’m not computer savvy. Please can you help? This has happened uncountable times.

    Reply
  93. I need into my old account but someone changed the password. I tried to recover it but it is linked to another account that i dont know the pass word to. I tried to recover that one but it was linked to the first email. And it wont let me recover it any other way. can you help me? BTW the email i put down is a new one that was not used in any of this and can be used to contact me.

    Reply
  94. I am on hotmail.com and I have a JUNK MAIL inside my FOLDER.How did that get there.I didn’t know my emails were going there.How do I get rid of that JUNK MAIL?

    Reply
  95. I’ve tried everything y’all have told me to do and still can not get my email back my email and Facebook was both hacked now I can get my email on it so if I can’t get it tell me how to delete it so I can use the new one I made even though I would like to get the old one back will even send a copy of my licences to prove I’m who I say I am

    Reply
  96. -I think I was hacked as I received an email with attachment of a friend email and unfortunately I open the attachment and found out latter on my friend computer was hacked a few days prior
    -I changed all my passwords using another laptop specially at the bank accounts I changed the password there through their computer and also sent as requested by the bank abuse@chase.com no answer from them yet (7 days ago).
    -I scan with Bull Guard, every day / scan with Microsoft security essentials / used netstat ano but every day as I do download and open with start task manager I get a new essential and I undo/delete, / the MRT = not infected , / System.ini = timer.drive = safe??? ………….
    -Thank you kindly for you attention kind reguards LEO

    THANK YOU FOR YOUR PATIENCE Fred R.

    Reply
  97. I have an email account I created when I was 15 or so. That’s 15 yrs ago. I haven’t accessed it for years. And apparently, it doesn’t ask you to verify security questions anymore and goes through these ridiculous account recovery options, where you have to know email addresses you’ve written to, subject lines, previous passwords. I’m 30 now, what I used back then for a password I have no idea. Also, I don’t talk to half or possibly any of the people I did before. And certainly have no idea what I may have listed as a subject line. The issue is, I also have another email account that I can’t get into. Both accounts are crossed linked for recovery, so it will send recovery options for one to the other and visa versa. So I’m stuck. Can someone hack into my email account so I can get access to it? I don’t know what to do. And I can’t find any contact info to talk to a live person from either company. — It’s Yahoo and Hotmail. Someone tell me they know a way to help!

    Reply
    • If it were that easy to hack into an account for recovery, it would be as easy for a hacker to steal the account. And even if we could hack an account, we wouldn’t as there’s no way of knowing the request was legit.

      If the accounts are so out of use, I assume you aren’t receiving important emails at those addresses. Your only option is to start using a different account.

      Reply
    • Leo: POF is a dating website. The risk would be if that person is untrustworthy, for example, a spammer. It’s generally a good practice to open a separate freemail account to communicate with people or organizations you are not sure of.

      Reply
      • Mark,
        I’d go one step further.

        – Have one email account for REALLY IMPORTANT communications eg anything from your banks, insurance company, pension fund, health fund, Tax Office, internet service provider, doctor, Utilities, etc Anything that is primarily about money or really sensitive data, and for which you don’t want to have to change the email address in the future.

        – Have another email account for IMPORTANT STUFF that you don’t mind changing eg Paypal, eBay, WineClub etc ie important because money is involved, but not so important that your life could be seriously disrupted if you had to scrub the lot, and start again

        – Have one email account for NON-CRITICAL communications eg AskLeo, other mailing list stuff, friends, Photobucket, Groovy Gadgets, OldAussieFordDrivers etc

        – Have one throwaway account for dating sites and other high risk communications.

        And make sure you are rigorous about using the “correct” account

        Reply
  98. Please can someone help. Am so stressed. My husbands email I fear may have been hacked. I have resided my email as the recovery and left my mobile and set two step verification today. Yesterday his LinkedJn Account was hacked and hats beijbdwaltb with however, as I feel his Yahoo is hacked, before sending documents and restoring his account … need to address his own yahoo account first. When signing in to yahoo on an IPad, at the bottom of the page containing his emails … it’s says Hi Stanford (not my husnands name) sign out in blue (normal) privacy/Terms/help as usual. I spent 3 hours in pc shop with a specialist today with the Lap Top who assured me all looked ok before I left. However the volume of mailer daemon failure into the inbox yeysrsay was over 40. Since I returned home have only received 3 emails which is unusual. Please can anyone advise. Hubby works overseas and am so stressed.

    Reply
  99. This email {removed} for all music related agenda and b/4 that I had opened yahoo in 2003 it is now the {email address removed}. Over these past weeks I’ve have had to use my phone to get into my email messages. It’s my son Jean Pickering akas Continental Crooks posing as my Administrator. He needs to be removed off the account. He knows my number. He put himself there I never asked him to. He lives in my home. He claims it was a back-up effect. When I’m on tour I can’t get into my account either He has issues with me and my music company, that I opened to protect my music plus he’s not touring with me anymore. I only have one phone. He has a tablet billed to my account. I can’t change my number either. I don’t have the time to change because I run the company with all the administrative work plus performance. If I have any more problems I will call down judgement on whosoever, whatsoever responsible. Don’t get this twisted- This is not Spam -this is for real.

    Reply
  100. Can you please help! I have email addresses approx. 25to 30 that I can not get out of my contact lists. They are on all my yahoo accounts and my Gmail accounts. I am so frustrated with it all. It even affected my phone and had to take all my email accounts off of my phones. They all start with Adel and when I try to delete them even permanently delete them they are back by the next day. It has affected emails and passwords. Example: {email address removed}

    Reply
  101. I hate to be a retrograde but this excellent article shows why, long ago, I decided to pay by check and snail mail. The down side of having all of your financial matters on the web is almost infinite, the “Pearl Harbor” scenario which I, a retired engineer, have discussed with IT consultants to NSA and Los Alamos. One fine day, an technically uneducated person (like moi) may wake up to discover that their entire life’s savings were transferred to Nigeria last night. (with my apologies to the fine people on the Nigerian web.) Your money will be GONE.

    Some thoughts:
    Never write the full alphanumeric account number on any check; write XXXX-XXXX-XXXX-098,
    Install hard and soft fire walls,
    Use 16 alphanumeric pass words and change them regularly via the cut and paste technique. Or key loggers may give your secret away as you type,
    Do not use cheap locks where your computer sits,
    Do not lose your mobile devise,
    Use multi level security common to most investment houses,
    Back up, back up, then back up, daily.
    Divest, divest, then divest. Never put all of your eggs in one electronic basket. And put limits on electronic withdrawals. Use a stamp and forgo the speed.
    Go to church and pray; it is an evil world.

    Reply
  102. I by accident clicked on one of those phishing emails and now I cannot get into my Instagram account because they took my email from my account and linked it with a new username. I messaged Instagram a million times and the one response I got is not very helpful because the reset password email they are sending me is for the new account set up with my password.
    How do I unlink my email from this new Instagram page and get it back to my real page??

    Reply
  103. Leo:
    I accept that my email address has been hacked or leaked. I get it. But what I do not understand is how these data aggregators obtained my email passwords in the first place. Can you shed any light on how my email passwords got into these data bases in the first place?

    Reply
    • The most common is that hacker hack companies to obtain databases of account IDs and passwords. Sometimes the passwords are stored incorrectly and can be determined, or simply read, by the hacker.

      Reply
  104. I have been unable to get into my RoboForm password keeper, support is not sympathetic and sends me email’s with info of how to get in. Problem is I can’t get in cause I need the pw to get in.
    One day I got in, and the next I could not get in. I have been trying for days. If I call Toshiba support they always add something or take something off. I clearly ask them to not delete or add stuff w/o my knowledge. Can u offer a suggestion, also when I try to set up another password keeper they say that the email is being used, and so on. I truly want to throw all my gadgets out the window

    Reply
  105. Is it enough to thwart an existing hacker to change my email service (my university) password or do I need to get rid of my present email service and find another one, more secure, and which one would that be? If he’s already found some contacts’ addresses and sent bogus emails to them, can he still do that after I changed my password? (I’ve done that and closed my Facebook account).

    Appreciate your help. Really feeling very exposed to this, um, person.

    Reply
    • Well, the article you’re commenting on outlines the steps you need to take. Typically once you’ve secured your account there is little resaon to close it or get a new one. Important: spammers can still send email that looks like it came from you, even though it did not. You’ll find several articles on “From Spoofing” by searching here.

      Reply
    • And don’t forget, as the article advises in step 3, check the recovery email addresses and phone number for that account and make sure they are yours. If you don’t do that, the hackers can get back in.

      Reply
  106. I received an email sent to my work email account that has a PDF attachment with a password and appears to contain the PDF’s from my personal OneDrive account. The only contents in the body of the message is an old password that I had used on a personal account.

    Since the attached PDF contains files from my OneDrive account, what steps beyond changing my password, verifying my 2FA settings and recovery information, should I be taking?

    Also, since I use my personal PC’s to work from home quite often, do I need to be concerned with one of my systems being hacked and used as a backdoor to my office PC and files?

    Reply
  107. How do I stop cycle of having your passwords changed. I have 7 google and 3 yahoo emails plus as many Facebook pages and several apple ids. My cell phone was stolen a month ago and I am still being harassed. By thief. I can’t figure out how but he knows when I change a password bc it’s changed within hours. It’s a nightmare bc phone had 98 passwords stored. I feel like I will be broke from deductibles and in nit Hyde and rheum laughing about it. Detectives has not even called or attempted to visit to question him. Please help me stop the cycle

    Reply
    • Check with your mobile provider to make sure your phone number is ported to a new phone, and see if they can disable and/or remote wipe the stolen one. For EVERY account that was accessed on that phone, change passwords an otherwise increase account security as best you can.

      Reply
  108. I logged into my Yahoo Mail account several years ago and got the alert it was compromised. One of my contacts told me previously my account sent him a message begging for money. After being directed to another page, I had to change my password and make it stronger. This was a close call because I could have easily lost my account. I have finally secured it.

    Fast forward to today, I already have a mobile number added to my account in the event of a potential hacking attempt.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.