From communication at work to online registrations, a lot of sensitive data is shared via email. This may include proprietary business information, financial statements, medical records, and details about your personal life. Thus, protecting your email accounts is crucial if you want to keep that sensitive data private. Follow along for tips on how to protect your email and identify the signs it may have been compromised.
How do I know if my email has been hacked?
To properly protect your email, it’s vital to recognize the signs of a hacked account. Here are some of them:
- Password resets: unexpected password reset emails or notifications are often an indication that someone attempted to hijack your email or linked accounts;
- Inability to log in: if your usual password doesn’t work, chances are it has been changed to lock you out;
- Unusual emails in the sent folder: regularly check your sent folder for unfamiliar emails. Your account might have been used to send spam or malicious emails;
- Complaints from contacts: if friends, family, and contacts report receiving weird or spammy emails from your address, it’s highly likely your account is compromised;
- Changes in settings: changes to email settings, such as new forwarding rules, different recovery options, and disabled 2FA (two-factor authentication), are common tactics used by malicious actors to cover their tracks;
- Login alerts: security notifications about logins from locations or devices you don’t recognize are warning signs of an intruder in your inbox;
- Strange IPs: check your email’s activity log for unfamiliar IP addresses and locations. These are red flags suggesting that someone might be accessing your account without permission.
Another way to monitor your email account’s safety is to use data leak monitoring tools like Surfshark Alert. You can add your email addresses and credentials to be monitored and get notified if that information gets exposed online.
Tips on how to protect your email from spammers and hackers
There are practical measures you can take to protect your email. Let’s go over a few:
1. Use a strong original password
This might seem like a no-brainer, but it’s one that many people neglect: a strong, unique password is your first line of defense against malicious threats.
A good password should be hard to guess and tough to crack. Refrain from using clichés like “abc123,” “password,” and “qwerty.” Instead, your password should be a longer mix of uppercase and lowercase letters, numbers, and symbols.
Don’t recycle the same password for multiple accounts, either. While it may be more convenient, it’s unwise. If someone gets hold of your password, they could use it to access all your accounts. This includes your email, which could be used to reset passwords for your other services.
2. Enable two-factor authentication
Most email providers, including Gmail, Yahoo Mail, and Outlook, offer two-step verification to enhance account security. When enabled, you must verify your identity using an additional verification method other than your email address and password during login.
Common 2FA methods include:
- Security codes sent to your phone via calls or text messages;
- Codes generated by authenticator apps like Google Authenticator;
- Verification codes sent to your temporary email address.
Some providers also allow physical security keys, while others support biometric verification. For instance, Apple Mail lets you use Face ID or Touch ID for authentication.
This extra layer of security means that even if someone has your password, they can’t access your account without clearing the second verification step.
3. Regularly run software updates
Make sure that you’re running the latest versions of your operating system and email app. Regular software updates are essential as they patch security flaws that could be exploited. If not addressed, these vulnerabilities could be used to access your private data or hijack your email account.
Software updates also typically introduce new security measures or improvements to existing ones to protect against the latest threats. Plus, they modify or get rid of the older features that might be vulnerable to attacks.
4. Block spam and unauthorized senders
Spam emails aren’t just a nuisance — they can be downright dangerous. They often contain malicious links or attachments that can infect your device with malware, such as viruses, Trojans, or ransomware.
To keep your email account safe, set up a spam filter and swiftly block any suspicious senders to ensure you don’t accidentally interact with harmful content. Most email clients have a “report spam” feature that you can use to inform your email provider about potential spam, protecting yourself and others.
Take it a step further and create dedicated email accounts for spam, or find out how to get a free anonymous email account.
Using your Android device to check emails? Learn how to block spam emails on Android phones.
5. Keep an eye out for phishing attacks
Phishing emails usually impersonate well-known brands and companies to trick you into sharing sensitive information like passwords and bank details. They might even try to get you to transfer money or install malicious software.
Look out for signs of phishing, such as urgent or threatening language, sloppy grammar and spelling (although nowadays scammers are starting to use AI tools to fix that easily), and offers that seem too good to be true. Be sure to examine the sender’s email address, too. Phishers often use domain names that closely resemble those of legitimate companies.
Like spam, you should quickly report and block phishing emails. If in doubt, check your account or verify the sender’s identity by contacting the company directly. Instead of clicking any links in the email, open a new web browser window and go to the service’s official website — it’s better to take a few extra steps than clicking on fake login links by accident and risk exposing your information.
6. Protect your real email address with aliases
An alias works just like a forwarding address — emails sent to it are redirected to your main inbox, keeping your primary email address hidden. This means you don’t have to give away your personal email address when signing up for online platforms, discounts, newsletters, and other services.
You can also ditch the alias if it receives too many spam and phishing emails or is compromised. Your main account remains unaffected, and you don’t lose any vital emails.
Surfshark’s alternative email lets you generate alias email addresses that help protect your identity and keep your online activities separate. Since the secondary email address forwards all messages to your primary inbox, it’s easier to filter and isolate them and identify phishing scams or other malicious attempts you might encounter.
7. Use a VPN when checking your email on public Wi-Fi
Public Wi-Fi at malls, airports, and hotels might be convenient, but it’s far from secure. These open networks often don’t have the necessary protection, leaving your personal information, including emails, vulnerable to hackers.
Checking your email while on public Wi-Fi risks exposing both your email contents and login details to cybercriminals. If they gain access and take over your account, they can misuse it to launch attacks, spam, or other malicious activities.
To protect your email, always use a VPN when you’re checking your account on public Wi-Fi. A trusted VPN (Virtual Private Network) like Surfshark enhances your email security by encrypting all the data you send and receive, keeping your email account secure.
What should I do if my email gets hacked?
Use your account recovery option to regain access
First, try going through your email provider’s account recovery steps. They usually involve answering security questions, using a backup email, or receiving a text message to a trusted phone number.
Most major email service providers like Gmail, Outlook, and Yahoo Mail have straightforward recovery systems designed to help legitimate users get their accounts back quickly. However, if you’re having issues with recovery, try contacting your email service’s support team and talking to a technical support representative.
Remove devices from your email account
Once you’re back in your account, immediately review the list of devices that have access. If you see any unfamiliar devices or ones you no longer use, remove them. Hackers often leave their devices connected to maintain access even after you change your password. So, clearing out all authorized devices helps make sure they’re completely locked out.
Change your credentials
Update your password to a strong and unique one that you haven’t used before. If you haven’t already, you should also enable two-factor authentication. This creates an additional security layer that makes it much harder for hackers to regain access, even if they somehow get your new password.
Warn your contacts
Hackers often send spam or phishing messages from hacked accounts. So make sure to let your friends, family, colleagues, and other contacts know that your email was compromised. A quick heads-up helps protect your contacts from falling for scams that appear to come from someone they trust.
Check your settings
Review your email settings carefully, including forwarding rules, signatures, and filters that might have been changed. Hackers sometimes set up email forwarding to secretly receive copies of your future emails or modify your signature to include malicious links.
Closely watch your other online accounts
Monitor your other online services, such as banking, social media, and shopping accounts, for suspicious activity. Consider changing credentials on any accounts that used the same password as your compromised email.
The final word: you should protect your email
Since email is an integral part of our personal and professional lives, it’s important to know how to protect it. Once you can spot the signs of a hack and know how to secure your email, keeping it safe becomes an easy routine.
Kickstart things today by switching to a strong password, enabling 2FA, and using an online alias. In fact, why not get one right away?
FAQ
How do I protect my emails in Gmail?
To protect your emails in Gmail, use a strong password for your account and don’t reuse it for other accounts, enable two-step verification, and regularly update your operating system and the Gmail app to help prevent unauthorized access.
Can I tell if my email has been hacked?
Yes, you can tell if your email has been hacked by looking out for a few key indicators. Common signs include unexpected password resets, inability to access your email account, unfamiliar activities, and unauthorised settings changes.
How do I know if my email is secure?
There’s no way to be 100% certain that your email is secure. However, you can enhance its security by creating a strong password and activating two-step verification. By consistently taking these steps and actively monitoring for signs of hacking, your email is likely to be secure.
Is Gmail more secure than Outlook?
Gmail and Outlook both offer robust security protection with measures like spam filtering, two-step verification, and blocking functionalities. However, Outlook has slightly more advanced security features, such as Advanced Threat Protection, which monitors emails in an isolated environment, and password-protected folders.
What email should I use to protect from leaks?
All email providers are susceptible to data breaches. However, you can use an anonymous email service together with an online alias to prevent personal details from ending up in a data leak.