It can be very difficult to detect that your email has been compromised, particularly if the hacker is being stealthy and you’re not particularly tech savvy.
Most hackers try to leave as few traces as possible.
Become a Patron of Ask Leo! and go ad-free!
Two types of hacks
There are two types of hacks: obvious and not.
The most common scenario is that the hackers change the password and you can’t log in. That’s pretty obvious when it happens. When people can’t log in to their email account, they know something is wrong, and should proceed to my article on what to do next.
When hackers don’t change your password, it’s so you won’t notice they have access. This allows them to continue to send email as you, while you have no idea that anything is wrong.
Check your Sent Mail
One of the first things you can do is look at your Sent Mail folder and see if there are messages there you know you didn’t send. If you find some — particularly messages looking like spam — then you know someone else probably has access to your account.
Unfortunately, hackers often clean up the Sent Mail folder in order to leave no trace of their activities.
Check your logins
Many email services have a tool that shows you the last time (or several times) you accessed this account, and the IP address from which you did so. Most hackers are remote, so if you look at that information, you can often tell your account was hacked because there’s a login from another country.
Sometimes legitimate access may still look suspicious. It’s not uncommon for my email account to be logged into from several different locations, depending on what I’m doing. That’s because I often use different ISPs at different times.1 Different ISPs present different IP addresses and report different locations. Unfortunately, location reporting for IP addresses is also notoriously inaccurate.
But if you see accesses from countries overseas, it’s best to assume your account has been hacked.
Gmail is the only email service I know of that has this level of detailed information. You might check with your own providers to see if they have something similar.
What to do when you know
The most common way people find out their email account has been hacked is exactly what you describe. Somebody receiving email from the hacked account tells them, “Hey, your account is sending out spam; you’ve probably been hacked.”
That’s about as good as it gets.
When this is the case, change your password and do all of the other things you need to do to secure your account.
If you found this article helpful, I'm sure you'll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I'll see you there soon,