Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

How Do I Tell If My Email has Been Hacked?

//
I’m the moderator of a fairly large moderated email list. Recently, we’ve been getting a large number of phishing messages from people who don’t know that their email has been hacked. I’d like to post a special message to the group telling everyone to check their email accounts, but how do they do that? In other words, if no one has specifically told them their address book has been compromised, they aren’t going to realize that this is their problem and they’re going to do nothing about it. Is there a way to tell? I’m getting very tired of informing them one by one and always including the link to your page on what to do if their email has been hacked.

Knowing that your email has been hacked can be very difficult to detect, particularly if you are not moderately tech savvy.

Hackers often go through extra steps to leave as few traces as possible. Sometimes, they may leave some, but it’s not that common. In fact, it’s very difficult, sometimes almost impossible to tell.

Let’s look at a couple of things that could help.

Become a Patron of Ask Leo! and go ad-free!

Signs of a hacked account

The most common scenario for an email account being hacked is that the hackers actually change the password and you can’t login. Clearly, that’s not the scenario that you’re seeing here. When people can’t login to their email account, they know something is wrong.

When hackers don’t, change your password they do so so you won’t notice that anything’s wrong. They can continue to send email as you and you have no idea that anything is wrong.

One way to determine if this is the case is to look at your sent mail folder and see if there are messages there that you know you didn’t send. If you find some – particularly message that look like spam1 – then you know a spammer probably has access to your account.

The problem is that hackers will often take the extra step of going into the sent mail folder and remove what they sent from there so that they leave no trace.

Hacked!Check your logins

Most email services have a tool that shows you the last time (or several times) that you accessed this account and the IP address from where you did so. Many hackers are overseas, so if you look at that information, you can sometimes tell if your account was hacked because there’s a login from another country.

Now I do have to warn you that sometimes legitimate access may still look kind of suspicious within your own country. In the United States, it’s not uncommon for my email account to be logged into from my location, another location elsewhere in the country, a third location elsewhere in the country depending on what I’m doing. That’s because I’m often using a different ISP at different times. Different ISPs will look like different IP addresses and they may report different locations. Unfortunately location reporting for IP addresses is notoriously inaccurate.

But if you see accesses from countries overseas, its best to assume your account has been hacked.

Gmail is the only email service that I know of that actually has this level of detailed information. You might check with your own providers to see if they have something similar.

What to do when you know

Unfortunately, the most common way that people find out that their email account has been hacked is the result of exactly what you are doing. Somebody who is receiving email from the hacked account tells them, “Hey, your account is sending out spam; you’ve probably been hacked.”

That’s about as good as it gets.

When this is the case, change your password. Do all of the other things that you need to do to secure your account.

Footnotes & references

1: Most commonly a short subject line like “Hello”, and a body that contains only a single link.

26 comments on “How Do I Tell If My Email has Been Hacked?”

  1. I used to get fairly frequent emails from a Moderately High Level Government Employee saying she was stranded in Europe because her Credit Cards and Passport were stolen and she needed $700 for a plane ticket home. They were very convincingly written and even contained some personal information which applied to me, however,one she made a lot more money than I ever did, and two, she was a big girl and knew how to take care of herself even if you couldn’t see through it.. Surprisingly many people did send money and were very angry with her when they found out it was a scam. This was a valid Government E-mail address.

  2. While my email has never been hacked, many of my clients’ and friends’ email accounts have been. In most cases changing passwords resolves it if done quickly. Not one can tell me how it happened. I would really like to know how this happens and how it can be prevented. Also, I discovered that in some cases where the person has a yahoo and a facebook account, that both may be hacked simultaneously. I believe it is because they are using FB to log into yahoo mail. Thus, both passwords must be changed or it keeps happening.

  3. It seems to me that removing a hacker is really impossible, Iam a 66 year old woman and I had to remove one computer already, but still the

  4. i have a feeling that my passward has been hacked because i couldnt log in.i read that last thursday many passwards have been hacked.i tried to clear my brousers .i tried cookies and cache .But i couldnt. In my brousers when i m going to tools and options they are not coming .I cant jump.So still i m in doubt whether my brousers are defective or really my passward has been hacked.i also took help from yahoo .Regarding hacking i came to know it would be better to change my passward. The thing is that the mobile i used for my account is lost.I gave some fake names for selected questions to open my email.i I dont have alternate email address. If you advise me please,i shall be honoured.

  5. Hi there
    Upon opening up my outlook account I see in the send receive that I am sending out one or two mails.. on checking my sent box there is nothing there? I am worried that my e-mails are somehow being monitored by a previous employer who could be spying me. Is this possible and if so .. how do I prevent access. I use Microsoft Outlook and have two e-mails.. one private and one for business.
    thank you

  6. There are 2 types of compromised email accounts. The first is that of unauthorised access to an account but the second more sinister type of unauthorised access is where the script code of the email system is changed so that it logs the emails of a hacked email account. This is often done by government agencies to spy on people. I’ve seen yahoo email accounts that have been hacked. Deleted emails get moved to the trash folder but the system won’t delete them any further, it secretly stores them, even when they get deleted from the trash folder. This allows the hacker to view all emails even when the user deletes them.

  7. I have been receiving lots of “undeliverable messages”, but there is no track of the allegedly sent messages in my sent folder. In addition, I’ve been receiving messages written in the German language, apparently directed to me. Finally, I’ve received emails from @ wtnet.com and rambler.ru, apparently from somebody in Russia. I’m afraid my account has been hacked. Please Leo give me some advise. Thanks.

    • The emails in German and from Russia sound like normal spam. Those undeliverable messages might be a sign of hacking, but more likely just spammers who know your email address and are using it as a return address. There’s not much you can do about those.

      • Thank you for your prompt response. Do spammers need to know my password to use my email address as return address? Isn’t that a sign that my email address has been hacked?

        • They only need to know your email address to do this and in only extremely rare cases is it a sign of having been hacked. But as Leo suggested, it never hurts to change your password if you have any suspicion that it may have been hacked.

  8. If you know that your account has been compromised is it enough to uninstal the bad software which you know caused it and change your email password? What other steps should I take?

  9. I just got a friend saying that he is getting spam emails from me.
    We looked at the headers and it showed another email adress.
    And now one and a half month has past since then and no other contact has reported getting spam from me.
    He have recived 3 spam messages since it began.
    But it seems to have stopped now.
    Maybe it was facebook connection?
    I have checked facebook and gmail and it did not get hacked even though i have same password to it.
    Should i be concearned because i relay on my email so much and i dont want it to be hacked or should i just treat this as spoof and that it is quite above board?

      • I am just really really curious, how can it be possible that it is more likley that my friend’s account was hacked even though it looked like it came from me? Did they compromise him and then later sended phishing emails looking like it came from me? I really want to understand this phenomenon

        • The fact that it only happened to him and no one else in your address book is evidence indicating a hack is unlikely as hackers would have gone after your whole contacts list and sent a emails to all of them.

    • Finding nothing in the sent folder is weak evidence as it can also occur if the hacker cleared it from the sent box. But again, your situation doesn’t have the earmarks of a hacked account

  10. suddenly emails disappeared-changed password-can enter but no emails coming in or out—–where did they go

    Microsoft windows 10–ugg not user friendly

    Thank you for your help

  11. I can’t get in to my account for Hotmail I don’t know if anyone hack it or blocked my account and I don’t know how to get back in to it

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.