It can be very difficult to detect that your email has been compromised, particularly if the hacker is being stealthy and you’re not particularly tech savvy.
Most hackers try to leave as few traces as possible.
Become a Patron of Ask Leo! and go ad-free!
Two types of hacks
There are two types of hacks: obvious and not.
The most common scenario is that the hackers change the password and you can’t log in. That’s pretty obvious when it happens. When people can’t log in to their email account, they know something is wrong, and should proceed to my article on what to do next.
When hackers don’t change your password, it’s so you won’t notice they have access. This allows them to continue to send email as you, while you have no idea that anything is wrong.
Check your Sent Mail
One of the first things you can do is look at your Sent Mail folder and see if there are messages there you know you didn’t send. If you find some — particularly messages looking like spam — then you know someone else probably has access to your account.
Unfortunately, hackers often clean up the Sent Mail folder in order to leave no trace of their activities.
Check your logins
Many email services have a tool that shows you the last time (or several times) you accessed this account, and the IP address from which you did so. Most hackers are remote, so if you look at that information, you can often tell your account was hacked because there’s a login from another country.
Sometimes legitimate access may still look suspicious. It’s not uncommon for my email account to be logged into from several different locations, depending on what I’m doing. That’s because I often use different ISPs at different times.1 Different ISPs present different IP addresses and report different locations. Unfortunately, location reporting for IP addresses is also notoriously inaccurate.
But if you see accesses from countries overseas, it’s best to assume your account has been hacked.
Gmail is the only email service I know of that has this level of detailed information. You might check with your own providers to see if they have something similar.
What to do when you know
The most common way people find out their email account has been hacked is exactly what you describe. Somebody receiving email from the hacked account tells them, “Hey, your account is sending out spam; you’ve probably been hacked.”
That’s about as good as it gets.
When this is the case, change your password and do all of the other things you need to do to secure your account.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Download (right-click, Save-As) (Duration: 3:41 — 3.4MB)
27 comments on “How Do I Tell If My Email Has Been Hacked?”
I used to get fairly frequent emails from a Moderately High Level Government Employee saying she was stranded in Europe because her Credit Cards and Passport were stolen and she needed $700 for a plane ticket home. They were very convincingly written and even contained some personal information which applied to me, however,one she made a lot more money than I ever did, and two, she was a big girl and knew how to take care of herself even if you couldn’t see through it.. Surprisingly many people did send money and were very angry with her when they found out it was a scam. This was a valid Government E-mail address.
While my email has never been hacked, many of my clients’ and friends’ email accounts have been. In most cases changing passwords resolves it if done quickly. Not one can tell me how it happened. I would really like to know how this happens and how it can be prevented. Also, I discovered that in some cases where the person has a yahoo and a facebook account, that both may be hacked simultaneously. I believe it is because they are using FB to log into yahoo mail. Thus, both passwords must be changed or it keeps happening.
It seems to me that removing a hacker is really impossible, Iam a 66 year old woman and I had to remove one computer already, but still the
i have a feeling that my passward has been hacked because i couldnt log in.i read that last thursday many passwards have been hacked.i tried to clear my brousers .i tried cookies and cache .But i couldnt. In my brousers when i m going to tools and options they are not coming .I cant jump.So still i m in doubt whether my brousers are defective or really my passward has been hacked.i also took help from yahoo .Regarding hacking i came to know it would be better to change my passward. The thing is that the mobile i used for my account is lost.I gave some fake names for selected questions to open my email.i I dont have alternate email address. If you advise me please,i shall be honoured.
Upon opening up my outlook account I see in the send receive that I am sending out one or two mails.. on checking my sent box there is nothing there? I am worried that my e-mails are somehow being monitored by a previous employer who could be spying me. Is this possible and if so .. how do I prevent access. I use Microsoft Outlook and have two e-mails.. one private and one for business.
There are 2 types of compromised email accounts. The first is that of unauthorised access to an account but the second more sinister type of unauthorised access is where the script code of the email system is changed so that it logs the emails of a hacked email account. This is often done by government agencies to spy on people. I’ve seen yahoo email accounts that have been hacked. Deleted emails get moved to the trash folder but the system won’t delete them any further, it secretly stores them, even when they get deleted from the trash folder. This allows the hacker to view all emails even when the user deletes them.
I have been receiving lots of “undeliverable messages”, but there is no track of the allegedly sent messages in my sent folder. In addition, I’ve been receiving messages written in the German language, apparently directed to me. Finally, I’ve received emails from @ wtnet.com and rambler.ru, apparently from somebody in Russia. I’m afraid my account has been hacked. Please Leo give me some advise. Thanks.
The emails in German and from Russia sound like normal spam. Those undeliverable messages might be a sign of hacking, but more likely just spammers who know your email address and are using it as a return address. There’s not much you can do about those.
Offhand this sounds like ordinary spam. If you’re concerned, change your password, at least.
Thank you for your prompt response. Do spammers need to know my password to use my email address as return address? Isn’t that a sign that my email address has been hacked?
They only need to know your email address to do this and in only extremely rare cases is it a sign of having been hacked. But as Leo suggested, it never hurts to change your password if you have any suspicion that it may have been hacked.
Nope. Not at all. It’s very easy to “spoof” the From: address.
If you know that your account has been compromised is it enough to uninstal the bad software which you know caused it and change your email password? What other steps should I take?
This article discusses the steps to take when your email account is compromised.
I just got a friend saying that he is getting spam emails from me.
We looked at the headers and it showed another email adress.
And now one and a half month has past since then and no other contact has reported getting spam from me.
He have recived 3 spam messages since it began.
But it seems to have stopped now.
Maybe it was facebook connection?
I have checked facebook and gmail and it did not get hacked even though i have same password to it.
Should i be concearned because i relay on my email so much and i dont want it to be hacked or should i just treat this as spoof and that it is quite above board?
This really means nothing. It’s called email phishing and is more an indication that your friend’s account was compromised than yours. Bottom line, the email was not really from you. They just put your name on it. Some how they knew that he would be likely to open an email from you. You may find this article helpful: https://askleo.com/phishing_how_to_know_it_when_you_see_it/
So, my account was not a hack you mean?
Read Connie’s comment again. It answers your question.
I am just really really curious, how can it be possible that it is more likley that my friend’s account was hacked even though it looked like it came from me? Did they compromise him and then later sended phishing emails looking like it came from me? I really want to understand this phenomenon
The fact that it only happened to him and no one else in your address book is evidence indicating a hack is unlikely as hackers would have gone after your whole contacts list and sent a emails to all of them.
and nothing in my send folder*
Finding nothing in the sent folder is weak evidence as it can also occur if the hacker cleared it from the sent box. But again, your situation doesn’t have the earmarks of a hacked account
suddenly emails disappeared-changed password-can enter but no emails coming in or out—–where did they go
Microsoft windows 10–ugg not user friendly
Thank you for your help
No way to know. To start I’d have to know what email program you use, and what email provider you’re having problems with, and what you mean exactly by “no emails coming in or out”. Can’t send? Do you get an error, and if so, what? Any error messages at all? https://askleo.com/information-provide-asking-help/
I can’t get in to my account for Hotmail I don’t know if anyone hack it or blocked my account and I don’t know how to get back in to it
We cannot recover hacked accounts, lost or forgotten passwords. Please see this article for more information on your options:
Another sign of a hacked account is that people on your contacts list are receiving spam which is spoofed as coming from you. That is a likely indication that your account was hacked and your contacts list was compromised.