Some Signs Your Email Account Has Been Hacked

Finding out that your email account has been hacked is often harder than you might think. Fraudsters are very careful to leave little trace of their actions, sometimes, its nearly impossible to tell.

But here are five sure signs of suspicious activity.

1. Your password has been changed

One of the most obvious signs of your email being hacked is discovering you cannot sign in to your account.

If your email password is rejected as incorrect and you did not change it, it could indicate that it was changed by someone else. If a hacker accesses your account, he is able to change your password to prevent you from logging in and retaking control.

“A fraudster is usually trying to obtain money or something they can convert into money easily,” said John Cannon, fraud and ID director at Noddle.

“Ultimately, having control over an email account enables the fraudster to read any emails you haven’t deleted and cleared from your email bin. That’s why it’s important you don’t share or store sensitive or personal information on your email server.”

Having a secondary email address or extra verification measures in place helps prevent a hacker from locking you out of your own account.

Check with your email provider to make sure the email service is running before assuming that you have been hacked.

2. Unusual inbox activity

Some hackers won’t change your password so you won’t notice that anything’s wrong.

One way to determine if this is the case is to look at your sent mail folder and see if there are messages there that you are confident that you didn’t send. If you find some, then you know a spammer probably has access to your account.

Also watch for password reset emails that you have not instigated. The hacker may have tried to change your password on other sites, using access to your email to perform password resets.

“You should keep track of all the user accounts you maintain on the Internet,” said Paul Fletcher, cyber security evangelist at Alert Logic.

“It’s also a recommended best practice to minimise the amount of personal identifiable information that you add to the profile of each of your accounts. Users should know what information is saved on these profiles, for example credit cards, address, date of birth. Only save the required data and track credit cards, which are saved to online accounts.”

The problem is that hackers will often take the extra step of going into the sent mail folder and remove what they sent from there so that they leave no trace.

3. You are receiving unexpected emails

“A fraudster could also use the details they gather from your email account to try and trick you into handing over further sensitive information,” said John Cannon, fraud and ID director at Noddle.

“Having access to your email account could reveal who you bank with, who your credit card is with and what your user name or account number is.”

If you get an email or phone call claiming to be from your bank which quotes the correct user name/account, it makes it a lot harder to tell if it is genuine or fraud.

4. IP addresses not matching up

Some email services have a tool that shows you the last time (or several times) that you accessed the account and the IP address you used.

That is, Gmail records your IP address every time you log in to your account. So, if a third party gets access to your account then their IP address is also recorded. To see a list of recorded IP addresses, scroll down to the bottom of your Gmail account.

You can click on ‘Details’ to see the IP address of your last five activities. If you find that the IP listed in the logs doesn’t belong to you, then there are chances of unauthorised activity.
5. No signs at all

Or then again, maybe you haven’t noticed anything.

Depending upon the attacker’s motivations, you may never see any warning signs and that’s why it is always a good idea to keep abreast of the news.

Lee Munson, security researcher for Comparitech.com, explains: “If you’ve heard that a website you use has been hacked, at least consider the worst and run your email address through a website such as HaveIBeenPwned.com. Such a service keeps records of millions of compromised email accounts and, if yours is on the list, you’ll be quickly alerted to that fact.”