Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

How Do I Tell If My Email Has Been Hacked?

//
I’m the moderator of a fairly large moderated email list. Recently, we’ve been getting a large number of phishing messages from people who don’t know that their email has been hacked. I’d like to post a special message to the group telling everyone to check their email accounts, but how do they do that? In other words, if no one has specifically told them their address book has been compromised, they aren’t going to realize that this is their problem and they’re going to do nothing about it. Is there a way to tell? I’m getting very tired of informing them one by one and always including the link to your page on what to do if their email has been hacked.

It can be very difficult to detect that your email has been compromised, particularly if the hacker is being stealthy and you’re not particularly tech savvy.

Most hackers try to leave as few traces as possible.

Become a Patron of Ask Leo! and go ad-free!

Two types of hacks

There are two types of hacks: obvious and not.

The most common scenario is that the hackers change the password and you can’t log in. That’s pretty obvious when it happens. When people can’t log in to their email account, they know something is wrong, and should proceed to my article on what to do next.

When hackers don’t change your password, it’s so you won’t notice they have access. This allows them to continue to send email as you, while you have no idea that anything is wrong.

Check your Sent Mail

One of the first things you can do is look at your Sent Mail folder and see if there are messages there you know you didn’t send. If you find some — particularly messages looking like spam — then you know someone else probably has access to your account.

Unfortunately, hackers often clean up the Sent Mail folder in order to leave no trace of their activities.

You've Been Hacked!Check your logins

Many email services have a tool that shows you the last time (or several times) you accessed this account, and the IP address from which you did so. Most hackers are remote, so if you look at that information, you can often tell your account was hacked because there’s a login from another country.

Sometimes legitimate access may still look suspicious. It’s not uncommon for my email account to be logged into from several different locations, depending on what I’m doing. That’s because I often use different ISPs at different times.1 Different ISPs present different IP addresses and report different locations. Unfortunately, location reporting for IP addresses is also notoriously inaccurate.

But if you see accesses from countries overseas, it’s best to assume your account has been hacked.

Gmail is the only email service I know of that has this level of detailed information. You might check with your own providers to see if they have something similar.

What to do when you know

The most common way people find out their email account has been hacked is exactly what you describe. Somebody receiving email from the hacked account tells them, “Hey, your account is sending out spam; you’ve probably been hacked.”

That’s about as good as it gets.

When this is the case, change your password and do all of the other things you need to do to secure your account.

Video Narration

Footnotes

1: My home ISP, my mobile ISP, my VPN, and even the Ask Leo! server.

26 comments on “How Do I Tell If My Email Has Been Hacked?”

  1. I used to get fairly frequent emails from a Moderately High Level Government Employee saying she was stranded in Europe because her Credit Cards and Passport were stolen and she needed $700 for a plane ticket home. They were very convincingly written and even contained some personal information which applied to me, however,one she made a lot more money than I ever did, and two, she was a big girl and knew how to take care of herself even if you couldn’t see through it.. Surprisingly many people did send money and were very angry with her when they found out it was a scam. This was a valid Government E-mail address.

  2. While my email has never been hacked, many of my clients’ and friends’ email accounts have been. In most cases changing passwords resolves it if done quickly. Not one can tell me how it happened. I would really like to know how this happens and how it can be prevented. Also, I discovered that in some cases where the person has a yahoo and a facebook account, that both may be hacked simultaneously. I believe it is because they are using FB to log into yahoo mail. Thus, both passwords must be changed or it keeps happening.

  3. It seems to me that removing a hacker is really impossible, Iam a 66 year old woman and I had to remove one computer already, but still the

  4. i have a feeling that my passward has been hacked because i couldnt log in.i read that last thursday many passwards have been hacked.i tried to clear my brousers .i tried cookies and cache .But i couldnt. In my brousers when i m going to tools and options they are not coming .I cant jump.So still i m in doubt whether my brousers are defective or really my passward has been hacked.i also took help from yahoo .Regarding hacking i came to know it would be better to change my passward. The thing is that the mobile i used for my account is lost.I gave some fake names for selected questions to open my email.i I dont have alternate email address. If you advise me please,i shall be honoured.

  5. Hi there
    Upon opening up my outlook account I see in the send receive that I am sending out one or two mails.. on checking my sent box there is nothing there? I am worried that my e-mails are somehow being monitored by a previous employer who could be spying me. Is this possible and if so .. how do I prevent access. I use Microsoft Outlook and have two e-mails.. one private and one for business.
    thank you

  6. There are 2 types of compromised email accounts. The first is that of unauthorised access to an account but the second more sinister type of unauthorised access is where the script code of the email system is changed so that it logs the emails of a hacked email account. This is often done by government agencies to spy on people. I’ve seen yahoo email accounts that have been hacked. Deleted emails get moved to the trash folder but the system won’t delete them any further, it secretly stores them, even when they get deleted from the trash folder. This allows the hacker to view all emails even when the user deletes them.

  7. I have been receiving lots of “undeliverable messages”, but there is no track of the allegedly sent messages in my sent folder. In addition, I’ve been receiving messages written in the German language, apparently directed to me. Finally, I’ve received emails from @ wtnet.com and rambler.ru, apparently from somebody in Russia. I’m afraid my account has been hacked. Please Leo give me some advise. Thanks.

    • The emails in German and from Russia sound like normal spam. Those undeliverable messages might be a sign of hacking, but more likely just spammers who know your email address and are using it as a return address. There’s not much you can do about those.

      • Thank you for your prompt response. Do spammers need to know my password to use my email address as return address? Isn’t that a sign that my email address has been hacked?

        • They only need to know your email address to do this and in only extremely rare cases is it a sign of having been hacked. But as Leo suggested, it never hurts to change your password if you have any suspicion that it may have been hacked.

  8. If you know that your account has been compromised is it enough to uninstal the bad software which you know caused it and change your email password? What other steps should I take?

  9. I just got a friend saying that he is getting spam emails from me.
    We looked at the headers and it showed another email adress.
    And now one and a half month has past since then and no other contact has reported getting spam from me.
    He have recived 3 spam messages since it began.
    But it seems to have stopped now.
    Maybe it was facebook connection?
    I have checked facebook and gmail and it did not get hacked even though i have same password to it.
    Should i be concearned because i relay on my email so much and i dont want it to be hacked or should i just treat this as spoof and that it is quite above board?

      • I am just really really curious, how can it be possible that it is more likley that my friend’s account was hacked even though it looked like it came from me? Did they compromise him and then later sended phishing emails looking like it came from me? I really want to understand this phenomenon

        • The fact that it only happened to him and no one else in your address book is evidence indicating a hack is unlikely as hackers would have gone after your whole contacts list and sent a emails to all of them.

    • Finding nothing in the sent folder is weak evidence as it can also occur if the hacker cleared it from the sent box. But again, your situation doesn’t have the earmarks of a hacked account

  10. suddenly emails disappeared-changed password-can enter but no emails coming in or out—–where did they go

    Microsoft windows 10–ugg not user friendly

    Thank you for your help

  11. I can’t get in to my account for Hotmail I don’t know if anyone hack it or blocked my account and I don’t know how to get back in to it

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.