What to do if your email account is hacked

6th April 2022

Since the pandemic, cybercrime has been on the rise with over 400,000 reports of fraud and cyber breaches in the UK alone. If your business gets hit with a breach, criminals can access your data and cost you thousands of pounds in damage – including accessing your business emails. Below we have listed what to do if you are hit with a breach and how to respond quickly.

Unfortunately, email hacking happens all too often. If your business is attacked, it’s crucial that you and your staff members know what to do in the situation in order to minimise any damage, recover accounts hacked and prevent it happening in the future. Cybersecurity experts McAfee and O2 Business have shared advice for businesses on the steps you should take. Below are their recommendations on how to stay cyber-safe.

How to spot an email hack

There are usually signs that your email account had been hacked:

  1. You may not be able to access your email account because the hacker has changed your password and personal details on your account.
  2. Your colleagues or contacts may be receiving suspicious looking emails from you.
  3. Your laptop or other devices that you open your emails on may be functioning a lot slower than usual, especially if the hack resulted in malware being placed onto it.
  4. Your email provider may have reported a log-in to your account from an unrecognised user or device.

What to do after your email has been hacked

  1. First things first, change your password. This way the backer can’t access it again or do any further damage.
  2. If you cannot change your password because you cannot access it, this means that the hacker has already changed the password and has locked you out. In this case, contact your email provider directly or use the ‘Forgot password’ option to recover your account.

The process of recovering your account usually relies on providing your email provider with alternative contact information and security questions so it’s always good to know what these are. Providing these incorrectly can mean that your provider locks your account.

  1. Warn your colleagues or employees

Let your staff member or colleagues know of your breach immediately. They may be receiving strange or spam emails from your account, leading them to also be victims of being hacked. Tell them to be vigilant and take the same steps to change their password to limit their risk.

  1. Get in touch with your contacts

When you have been hacked, chances are the contacts in your address book will have been sent malicious emails from the hacker. We have probably all been sent these emails in the past, the dodgy looking emails from people that you know.

If you have been hacked, reach out to your contacts and ensure that they know not to open any weird-looking emails that come from your email address – especially to not open any attachments.

Ideally contact these accounts using an alternative email which you know is secure from any hackers, or even call or text them if you can.

  1. Check any other accounts or systems

We all do it, using the same password across all of your accounts so that they are always easy to remember – but this is also one of the main reasons that people get hacked in the first place.

To prevent this, urge your employees or colleagues to use different emails across different accounts. If they have any other accounts that they use with the same password – get them to change these passwords too!

  1. Scan all devices for viruses and malware

When your email is hacked, this may be the result of existing malware on your device or lead to a virus or malware being placed on it.

To check whether you have a virus or malware on our device, scan any impacted laptops, computers, smartphones, iPads, or anything you have accessed your emails on in the past using your online protection software. Advise your employees or colleagues to do the same!

  1. Review the cybersecurity you have in place

After any cyber or email hack, it’s important that you prevent future attacks. There are several things you can do:

  • Implement multifactor authentication – this could be setting up a mobile number on your account that sends you a one-time passcode when you access your emails.
  • Introduce stronger formats for passwords – use numbers and symbols, don’t use any words or numbers that may be personal to you and ensure that you update your password more regularly.
  • Educate your employees or colleagues about cybersecurity risks and what impact this can have on your business, particularly around emails.
  • Ensure that you have the right level of cyber-protection software in place.


For more information about keeping your business and employees cyber-safe, contact Challenger today!