Uh-oh. Your email account has been hacked. Here’s how to reclaim it (hopefully):
1. Diagnose and detect. Email-account hijacking often results from stealth installation of computer malware when you click on an infected link or download a problematic program. So your first step, suggests the Federal Trade Commission, is to check by updating (or installing) reputable security software and running a full scan. Protection software should detect and delete (or quarantine) known malware; then restart your computer, cross your fingers and proceed with the following steps. If you haven’t already, set your security software to update automatically — as well as operating systems such as Windows or Mac OS.
2. Change your passwords. If you’re lucky, the hacker merely logged in to your account to send mass messages, under your identity, to those in your address book, without locking you out with a password change. In this case, change your password ASAP, and if you use similar passwords on other accounts — e.g., weakpassword1 for your email, weakpassword2 for Facebook or online banking — change those passwords, too. Make them distinct and unique, rather than doing minor tweaks of the same one.
3. Restore and reclaim. If you’re locked out of your account, meaning your password has been changed, first try using the “Forgot Your Password” link and answering security questions. (It’s useful to have an offline cheat sheet hidden in a drawer, not stored anywhere on your computer.) Follow these guidelines for email accounts on Outlook.com and/or Hotmail, Gmail, AOL and Yahoo!. If you can't regain access or use another provider, contact your Internet service company by phone or from another email account.
4. Spread the word. Inform your contacts, via telephone or another email account, of the hacking and advise them not to open links in any emails they recently received from you. Those links may contain malware and infect their accounts and contacts.
5. Prevent future problems. Some simple steps to reduce future risk include:
* Enable two-factor authentication. In addition to just a password, set your email and other accounts to require a second form of authentication, such as a cellphone number. Follow these instructions for Gmail, Outlook.com and Hotmail. Click here for other websites offering 2FA, including those of banks, investment firms, and cloud and backup storage services.
* If you haven’t already done so, establish a separate email account, such as a free Gmail, Hotmail or Yahoo! account, to use solely for online purchases, online banking, etc.
* Make a copy of your email address book contacts (filed in a safe place) for easy notification should future hacking occur.
* If your email is hacked, change your security questions. As with passwords, it’s wise to select different questions (and answers) for different websites. Even if financial accounts don’t appear to be compromised — for instance, you can log in without problems — notify banks and credit card companies of the email hacking.
For information about other scams, sign up for the Fraud Watch Network . You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and gain access to a network of experts, law enforcement and people in your community who will keep you up to date on the latest scams in your area.
Also of Interest
- Free Government Money Scam: What You Need to Know
- Social Security Changes in 2015
- Get Involved: Learn How You Can Give Back
- Join AARP: savings, resources and news for your well-being
See the AARP home page for deals, savings tips, trivia and more.