How can I tell if someone has hacked into my email account?

This blog post will answer the question, “How can I tell if someone has hacked into my email account?” and cover topics like how you see if a breach has occurred as well as what you can do about it.

Are there quick ways to see if an email account may have been breached?

Yes, there are ways to confirm whether your personal email account has been breached without your authorization. It is also possible to mitigate any further damage and risks by taking fast and decisive actions.

The following signs usually exist when a personal email account has been compromised or accessed without the user’s approval:

• There are sent and received items that you do not recognize
• You are receiving alerts and notifications from your Anti-Virus (AV)  
• You have been locked out of your account and your password has changed
• The email account has a positive hit on online tools and platforms
• The email account has been accessed on other devices or IPs

Authentication is key to access and your email account is not likely to be accessible without a password. It may also be possible that you have shared the password with someone at some point or have been targeted by a phishing scam in the past. The best thing is to get rid of any suspicious emails and purge your SPAM folders without clicking on any links.

Sent and received emails

The sheer perseverance that some hackers possess that enable them to try out multiple methods in gaining access, can be mind boggling and even impressive to an extent. Hackers are a resourceful bunch. In an age where information is currency and knowledge is power, most hackers will not hesitate to make attempts to gain access to key email accounts and the potential wealth of information they may contain.

This information contained within an email may include but are not limited to:

• Access to private and confidential correspondence
• Access to other people (your contacts)
• Financial Information
• Attachments you have sent and received
• Passwords or possible ways to access other accounts you may own

With that in mind, when you start receiving emails from your contacts in a way that implies that they are responding to your email, but you have not sent them any, then it is possible someone is sending them on your behalf.

Another indicator is when your contacts start to complain that they are receiving SPAM or strange emails from your email account, especially if they are out of character. If you are not the type to send chain messages that ask for donations, then it would be extremely odd if you start doing so.

The same applies to time: Not a night owl or working the night shift? Then it is unlikely that you will send or receive emails at 3 am.

It is strongly advised that, when you suspect someone is accessing your emails, to have a look at your outbox, Inbox, as well as your SPAM folders for signs of an impersonator.

Alerts from you Anti-Virus

Often, when Hackers have access to your email account, they may try to use it as a platform for them to distribute malware and Possible Unwanted Applications (PUAs) or download it onto your machine to gain even more access.

You are locked out

Usually, hackers like to linger to gather more information or do more damage, but when they realize that their presence may be discovered or is coming to an end, they may opt for a password change.

So, if your passwords start to change without your knowledge and you no longer have access to your own accounts, it may be a strong indicator that you have a breach on your hands

Hits on online tools 

One of the first things an experienced Cyber Security Analyst will do, when receiving a complaint that an email account or client has been compromised, is to look for online indicators that the email accounts or other data of that client was leaked in previous attacks of other databases.

Some quick and free online tools to use are https://www.avast.com/hackcheck and https://haveibeenpwned.com/. Just enter your email address and wait for the results on your screen. 

Access from other places

Another first step in identifying a breach is to check for traffic and access to and from the account from other locations (IP addresses) or devices. In a corporate infrastructure this information can be seen on logs from devices such as the Firewall or a SIEM.

Private users need to rely on the features of our chosen email account service providers, so it is quite important that you familiarize yourself with the security settings and policies when choosing a solution.

 Gmail accounts come with a nifty function that allows you to sign on from other devices. The same feature will also let you know if someone else is trying to access the email account from another location or device.

Additional benefits and features of a Google Account are Security Checkup and Privacy suggestions – features that are worthwhile and will add an additional layer of security.

The following process can be followed to check if an unfamiliar device has signed on to your account:

1. Log into your Google Account on your computer and click ‘Next’
2. Click on the Google App Square
3. On the left, you will find a list or navigation panel, where you can select ‘Security’
4. Go through all these settings and recommendations to ensure that your account has all the relevant and optimal settings enabled.
5. Halfway through the page you will see a section called ‘Your devices’. These will be all the devices currently signed into your Google account. From this section you can also manage the devices, see their IPs, and remove any listed devices that should not access your account. 

Always sign out of a device that you do not have sole access to and never leave your account open or your password saved on that computer. In fact, avoid using shared devices completely. 

What can I do if my email has been hacked?

Thus far we answered the question, “How can I tell if someone has hacked into my email account?”. In the following section, we will briefly outline what you can do when your email account has been hacked.

In addition to the previously mentioned considerations, the following steps should be taken as soon as possible, to stop or minimize the threat:

• Change your passwords and clear your cached data.
• Be a responsible online citizen and let your contacts know your accounts have been compromised and they should be on the lookout for suspicious emails sent from your account and delete them.
• Verify that all the security settings are enabled such as 2FA, email encryption etc. and consider installing and using a password manager.
• Purge your inbox and send emails of possible harmful and compromising items (do not click on any links or respond).
• Update your Operating System (OS), browser and antivirus (AV) to the latest version and run a full scan across all your devices to quarantine and delete possible malware and Potentially Unwanted Applications (PUAs).

If the use of password managing tools are just not an option for you, then consider using the following quick guidelines. These are also applicable regardless of the use of password managing tools.

The below points should be helpful in creating good online habits and are useful in applying good password managing practices:

• Do not recycle, re-use, or duplicate passwords. Use a unique password for each of your accounts.
• Use a combination of letters, numbers, and special characters. This should no longer just consist of the creative spelling of words (commonly known as Leet or “1337”) since hacking tools have adapted and can read words written in Leet. That means that you can no longer use passwords such as “C@r3n” instead of “Caren”, and think you are fooling anyone.
• Create a password that is hard for others to guess or that cannot be extracted somehow with the use of social engineering techniques. This basically means that anniversaries or the use of the names of loved ones are no good or viable options when picking a password.
• Make sure your password recovery options are up-to-date and secure.
• Change your passwords regularly (at least once a month on all your devices and accounts).
• Avoid predictable keyboard patterns such as “QWERTY”. Use patterns instead of human words or Leet e.g.: “2022@wsxXDRty!”.
• Never share your password or keep it stored in plain text where it can be stolen or copied.

Conclusion

Although your email account cannot necessarily be hacked without the proper authentication such as a password, it is important to take quick and decisive action when you realize that a breach has occurred.

You are not just responsible for your own online safety but also responsible for all the data and contacts contained within your accounts and devices. Some people may have taken you into their confidence and you are responsible for keeping sensitive information as safe as possible.

If you share a network with other users, and you are compromised in any way, it is imperative that you isolate your device from the rest of the network until you have taken the necessary steps to purge your device from all possible malware and harmful connections as well as properly secure all your online accounts and services.

In our modern society, where we do almost everything online or with some connection to the internet, being breached is no longer a matter of “if”, but rather a matter of “when”. Therefore, keeping yourself educated on the latest safety trends and possible threats, should become a habit in nature.

Healthy online habits, proper encryption policies, strong authentication and user awareness are key to staying safe when using the internet and online services.

In an age where information is currency and knowledge is power, most hackers will not hesitate to make attempts to gain access to key email accounts and the potential wealth of information they may contain. The best weapon you must protect yourself is to stay aware and informed of the latest security measures available to as a regular email user.

 Please feel free to comment on the contents or ask questions in the section below.

FAQ

1. Why should I use 2FA if I am already using a password for my email account?

Yes, you should use 2FA (Two-Factor Authentication) along with a password. Adding the additional layer of security is no longer an option but a necessity in an evolving threat landscape.

It is strongly advised that a Password Managing program be used instead of thinking up your own passwords, as well as using various methods of authentication to be communicated e.g. Have your PINs sent via text and install a separate authentication tool on your mobile instead of having it installed on your laptop (do not keep all your eggs in one basket).

2.  What is meant by “Cached data”?

Cached data is information stored on your computer or device after you visit a website. Developers use cached data to improve your online experience or to increase the speed at which sites load on your machine.

Relevant information about each website in the cache is stored in a table called a DNS Lookup table, and a simple algorithm works behind the scenes to decide which web pages to cache, and which to ignore.

Hackers can use your cached data in attacks such as “cache poisoning”.

3. What are PUAs (Potentially Unwanted Applications)?

Also commonly referred to as a Potentially Unwanted Program (PUP), a PUA (Potentially Unwanted Application) is software that can pose a security risk and consume your devices resources.

They often come bundled with other legitimate and free software but are a nuisance and can be quite tricky to get rid of. Think of it as those nonsense flyers you use to get with your newspaper.

These types of software can include adware, browser hijackers, and spyware.