Email accounts are a common target for cybercriminals. If cybercriminals gain access to your email account they can steal your sensitive information, commit fraud or send emails pretending to be you.
Proactively reviewing your email account’s security will help you to prevent its compromise and increase your chances of regaining control if it becomes compromised.
Follow our guide on how to check the security of your email accounts after an incident or suspicious behaviour.
Gmail
If you think your email account has been hacked, change your password as soon as possible. This allows you to disrupt a cybercriminal’s access and regain control of your account. For full instructions, visit Google’s help page: Change or reset your password.
Choose a strong password, such as a passphrase. A passphrase is a string of 4 or more random words like ‘crystal clay onion pretzel’. It should be long, unpredictable, unique and not include personal details. Learn more about passphrases.
Having a recovery email address or phone number helps you get back into your account and helps keep your account secure. Google uses your recovery details to reach you if they detect unusual activity in your account.
In some cases, a cybercriminal might change the recovery details of hacked accounts. They can use this as a way to regain access to your email account even after you’ve changed your password. Check your recovery email and phone number are up to date, and remove any you don’t recognise. For full instructions, visit Google’s help page: Set up a recovery phone number or email address
If you’re having issues with your account, visit Google's help page: How to recover your Google Account or Gmail.
Cybercriminals may still be logged in to your email account after you've regained access. Sign out of all sessions to disrupt their access. For full instructions, visit Google's help page: Sign out of Gmail
Make sure you've already changed your password in Step 1.
Turning on multi-factor authentication (MFA) is one of the best ways to protect your email account.
MFA is when you need 2 or more steps to verify your identity before you can log in. This makes it hard for cybercriminals to gain access to your account if they know your login details.
To learn more about MFA and how to turn on 2-Step Verification for Gmail, refer to Protect yourself: Multi-factor authentication.
If a cybercriminal had access to your account, they may have set up a rule to automatically forward your incoming or outgoing mail. Check the filters and blocked addresses in your email settings and delete any you don't recognise. For full instructions, visit Google's help page: Create rules to filter your emails.
Also check your forwarding and POP/IMAP settings, and disable forwarding.
If you only use a web browser to access your emails, consider disabling POP and IMAP. POP and IMAP are protocols that allow you to read your mail in other email clients. Cybercriminals can use these protocols to bypass some security measures, such as MFA, to access your emails. For full instructions, visit Google's help page: Automatically forward Gmail messages to another account.
You may have opted to use your Google account to log into third-party apps and services. This connection can be convenient but is a common way hackers could gain access to your email account.
Check your third-party connections and remove any you don't recognise or no longer use. Only share your data with third parties that you trust. For full instructions, visit Google’s help page: Manage connections between your Google Account and third-parties.
You can view which devices were used to log in to your account, when they logged in, and their approximate location.
Review your device activity often and sign out of any devices with unusual activity or that you no longer use. Unusual activity may include the location, IP address and the login time.
For full instructions, visit Google’s help pages: See devices with account access and Last account activity.
Once you've secured your email account, check for any potential damage. Go through your Sent, Draft and Bin folders to find any emails you didn't create or delete. This can help you assess what actions a cybercriminal took with your account.
Take note of the recipient, the contents of the email, any attachments, and when the email was sent or deleted. Check if this information lines up with any unusual log in activity.
When you use Chrome and Gmail, standard protection is on by default. It warns you about or blocks dangerous websites, downloads and extensions.
You can turn on Enhanced Safe Browsing for better protection from phishing and malware. When you're signed in, it also helps protect you from potential new dangers across Google apps. This includes warning you if you use a password that's been compromised in a data breach.
For full instructions, visit Google's help page: Manage Enhanced Safe Browsing for your account
Outlook.com, Microsoft 365, Live, Hotmail, and MSN
If you think your email account has been hacked, change your password as soon as possible. This allows you to disrupt a cybercriminal’s access and regain control of your account. For full instructions, visit Microsoft’s support page: Change your password in Outlook.com
Choose a strong password that meets Microsoft’s minimum requirements. It should be long, unpredictable, unique and not include personal details. Consider using a password manager to create and store your passwords. Learn more about password managers.
Having a recovery email address or phone number helps you get back into your account and helps keep your account secure. Microsoft uses your recovery details to reach you if they detect unusual activity in your account. Learn more on Microsoft’s website: What happens if there's an unusual sign-in to your account
In some cases, a cybercriminal might change the recovery details of hacked accounts. They can use this as a way to regain access to your email account even after you’ve changed your password. Check your recovery email and phone number are up to date, and remove any you don’t recognise. For full instructions, visit Microsoft’s support page: Set up an email address as your verification method - Microsoft Support
If you’re having issues with your account, visit Microsoft’s support page: Help with the Microsoft account recovery form
Cybercriminals may still be logged in to your email account after you've regained access. Sign out of all sessions to disrupt their access. For full instructions, visit Microsoft’s support page: How to sign out of your Microsoft account everywhere
Make sure you've already changed your password in Step 1.
Turning on multi-factor authentication (MFA) is one of the best ways to protect your email account.
MFA is when you need 2 or more steps to verify your identity before you can log in. This makes it hard for cybercriminals to gain access to your account if they know your login details.
To learn more about MFA and how to turn on 2-step verification for Microsoft, refer to Protect yourself: Multi-factor authentication.
If a cybercriminal had access to your account, they may have set up a rule to automatically forward your incoming or outgoing mail. Check the rules in your email settings and delete any you don't recognise. For full instructions, visit Microsoft’s support page: Manage email messages by using rules in Outlook
Also check your forwarding rules and make sure you recognise any email address listed. Otherwise uncheck enable forwarding. For full instructions, visit Microsoft’s support page: Turn on or off automatic forwarding in Outlook.com
If you only use a web browser to access your emails, consider leaving POP and IMAP disabled. POP and IMAP are protocols that allow you to read your mail in other email clients. Cybercriminals can use these protocols to bypass some security measures, such as MFA, to access your emails. For full instructions, visit Microsoft’s support page: POP, IMAP, and SMTP settings for Outlook.com
You may have opted to use your Microsoft account to log into third-party apps and services. This connection can be convenient but is a common way hackers could gain access to your email account.
Check your third-party connections and remove any you don't recognise or no longer use. Only share your data with third parties that you trust. For full instructions, visit Microsoft’s support page: Edit or revoke application permissions in the My Apps portal
For Microsoft 365 subscriptions, visit Microsoft’s support page: Manage third-party app subscriptions in the Microsoft 365 admin center
You can view which devices were used to log in to your account, when they logged in, and their approximate location.
Review your device activity often and sign out of any devices with unusual activity or that you no longer use. Unusual activity may include the location, IP address and the login time.
For full instructions, visit Microsoft’s support page: Check the recent sign-in activity for your Microsoft account
Once you've secured your email account, check for any potential damage. Go through your Sent, Draft and Bin folders to find any emails you didn't create or delete. This can help you assess what actions a cybercriminal took with your account.
Take note of the recipient, the contents of the email, any attachments, and when the email was sent or deleted. Check if this information lines up with any unusual log in activity.
Security Tips
Have you ever saved your passwords using your web browser? If you were signed into a Chrome web browser and saved your username and password then those credentials can be accessed from your Google account.
If a cybercriminal has accessed your account, they may have also accessed your saved passwords. We recommend changing any saved account passwords that are stored on your Google account.
If you used the same password for your email account and any other accounts, these may be no longer secure. You should complete the following steps to help keep your other accounts secure:
- Change the password on accounts that shared the same password.
- Enable multi-factor authentication where possible on these accounts.
- Change the passwords to unique strong passphrases if multi-factor authentication isn’t available.
If you have multiple accounts with different passwords or passphrases, a password manager can help control them for you. A password manager is an application or program that stores passwords or passphrases for all of your accounts. With a password manager, you only need to remember one master password.
You can also use a password manager to create secure, long and randomly generated passwords. The longer and more random, the better. Make sure to generate a different password for every account.
Learn more about password managers.