Better Business Bureau white torch award for ethics logo
Blog
Security

Compromised Email Account? Here’s What to Do

woman with laptop

An email account can be compromised in a number of different ways. In some cases, your password may be weak and easily guessed or obtained through a public breach. In other cases, you may have clicked on a malicious link in an email, social networking site, or webpage. Or, you may have downloaded an app or file that contained malicious scripts.

In this post, we’ll look at potential warning signs that your email account may have been compromised, what you can do to recover, and steps you can take to help prevent it from happening again.

What to Do if Your Email Account is Compromised

If you think your account has been compromised but you are not sure, it is better to err on the side of caution and follow these steps:

  • Log in to your email account and reset your password using a strong password.
    • Use long passphrases to make passwords easier to remember and more secure.
    • Do not use information about yourself, the city where you were born, your age, or the names of relatives, friends, or pets.
    • Do not use common words such as the name of favorite sports team.
    • If you are unable to log in, contact your email provider to find out how you can regain access.
  • End / sign out of all sessions on all devices. Even after you change your password, if the attacker has an active session, they may be able to continue to send emails from your account.
  • Reset any additional accounts that the attacker may have gained access to. These may include financial institutions, shopping sites, and social media sites. There may be references to these accounts in your email. Remember to use unique passwords for each and every account. If not, if one account gets compromised, they all become compromised.
  • Enable Multi-Factor Authentication (MFA) on your e-mail account. This provides an additional layer of protection to log in to your email account. It requires a code from a text message, phone call, or authenticator app to further verify access. Visit STOP.THINK.CONNECT.ORG to learn how to activate MFA.
  • Review and change your security questions. If your email account was compromised from a device or location not matching your normal usage, it’s possible a malicious individual was able to answer your security questions.
  • Review your mailbox for any rules that you have not previously created. These rules can include message forwarding, deletion, or running unwanted applications.
  • Review outgoing messages and retract any malicious outgoing messages. In most cases, the attacker will not leave traces of any outgoing messages, but this should still be checked.
  • Contact the people in your email address book and let them know that your email was compromised. Remind them to delete any emails from you during the time your account was compromised to prevent them from becoming the next victim.
  • Verify if there is private or personally identifiable information in your e-mail that could be used maliciously.
  • Establish a routine where you change your password periodically. Consider changing your password on at least an annual basis (unless a breach requires it sooner).
  • Scan your computer for viruses and malware. This is especially important if you are experiencing problematic signs like unfamiliar applications loaded on your device, your computer operating slowly, or problems shutting down.

What Can I Do to Prevent an Email Account Compromise?

Good security best practices and safe browsing habits can help prevent your email account from being compromised in the future:

  • Make sure your devices are patched with the latest updates, including antivirus.
  • Set your security software, internet browser, and operating system to update automatically. Or, establish a routine to do this manually on a frequent basis.
  • Use unique strong passwords for account access.
  • Be wary of unexpected emails, especially when they contain links and/or attachments.
  • Verify the sender’s address. If you don’t recognize the address, don’t reply.
  • If an email request from a known contact seems out of place, verify the request by calling the sender on the phone.
  • Think twice before clicking a link. Always hover before clicking to see the address of the web site you are attempting to visit.
  • Never click text links like “Click Here” or “Unsubscribe,” or any other links in suspect emails.
  • Never input a password or your email address on an unknown site, and never provide your passwords to anyone.
  • Be vigilant when reviewing emails, as you may receive an email from a legitimate contact who has been compromised.
  • Don’t access your email account on a public computer or from a device using public Wi-Fi.
Equal Housing LenderMember FDIC

Other Articles You May Be Interested In

Example of spam text message from FedEx
Security

How to Recognize and Report Spam Text Messages

If you have a cell phone, you probably use it dozens of times a day to text people you know. But have you ever gotten a text message from an unknown sender? It could be a scammer trying to steal your personal and financial information. Here’s how to handle and report unwanted text messages.
computer keyboard with a fish hook
Security

New Phishing Scam Targeting Business Owners

In a recent announcement, the Financial Crimes Enforcement Network (FinCEN) released an alert regarding recent fraudulent attempts to solicit information from businesses who may be subject to reporting requirements under FinCen's Corporate Transparency Act (CTA) beginning on January 1, 2024.  Read on for tips to help safeguard your business against such scams.
Image of someone using a laptop and mobile phone
Security

6 Ways to Protect Yourself Against Check Washing

New day, new scam. It's called check washing. Criminals steal checks and use chemicals to change the payee and amount. Adding a couple of zeros can alter a $50 check to $5,000. Victims of check washing often don't realize they've been scammed until they look at their statement or get a notification from the bank that their account is overdrawn.
Beautiful Row Of Houses

Neighborhood Banking Done Right

Community.
Convenience.
Liberty Bank answers to you.

Send Us A Message