With the recent rise in phishing attacks, it is important to be aware of the common indicators that suggest your email account is compromised and what to do if it happens. If you believe someone has gained access to your email, you should change the password and run an anti-virus scan on your computer. It is important to not reuse that password for any of your other accounts.
One of the most common indicators of a compromised email is a large amount of emails sent from you, that you did not send. An attacker may use your account to send out spam and phishing emails to all your contacts. If a client, co-worker, or friend tells you that they received a suspicious email from you, you should investigate further. An attacker may have the ability to set up rules on your mailbox that will automatically delete certain emails, such as replies to an email the attacker sent from your account.
If you begin receiving emails for password resets, this is another sign that your email may have been compromised. An attacker is likely to search your email for any banking and online retailer information. They will then go to those websites and request a password reset, which they could use to access those accounts. The attacker may also reset the password on your own email account, preventing you from ever seeing these emails for password reset. If this happens, you should first recover you email account. After that you can begin changing the passwords on your other accounts.
Some email services can also allow you to view the IP addresses and devices/browsers used to log into your account. If you suspect your email account has been compromised, this is a good place to start investigating. If you see any suspicious activity, you should change your password immediately. It’s also a good idea not to use that password on any other accounts as it has already been compromised.
After regaining access to your email, you should check if the attacker set up any forwarding rules on your account. Some rules may forward all incoming mail to another email address that the attacker has control of. You should also check on your account recovery information to make sure the attacker did not make changes that would allow them to get back into the account.
If you weren’t using it before, you should set up two-factor authentication. Two-factor authentication is a second layer of security on the account that will help protect you if an attacker knows your username and password. Often this is seen as a text message or phone call that contains a number you need to type into the computer to verify the account. Many email providers are providing this as a free service.