Email account hacked? What is to be done?

Have I been hacked?

• Are there suspicious emails on the email account that have nothing to do with you (mails in the outbox folder, suspicious replies to mysterious emails)?
• Do your acquaintances suddenly get e-mails supposedly from you, where they are supposed to log in somewhere or open something?
• Does someone contact you because you allegedly bought goods online on E-Bay or in a webstore and did not pay? ( identity theft )
• Does your email address show up in government-secured hacking databases?
  – Hasso Plattner Institute of the University of Potsdam: Identity Leak Check (in German)
  – Haveibeenpwned.com (English language)

Possible causes

• The most common cause for hacked accounts are phishing mails: A fictitious mail invites you to visit a seemingly official website, where you can enter your e-mail address and password to seemingly confirm, unlock, or something similar.
• In addition, too weak passwords (1234, myname, mypet, mycompany, or similar) are a known problem.
• It is also possible that your computer or mobile device contains a virus or Trojan that could reveal your passwords.

Measures (recommendations)

We will give you some recommendations. These are meant as food for thought to help you take the appropriate action for your own situation.

Immediate action

• First, change the email password immediately. Secure passwordsare at least 12 characters long and have upper and lower case letters, numbers and special characters ($%&.-_).
  If access to the account is no longer possible because the password has been misplaced by the intruder, you must contact the provider/provider who provides and manages the e-mails.

Connection measures

• If the hacked password is also used for other logins, the password should be changed there as well. It is recommended to use different passwords for all logins. To keep track of this, password manager programs help. If this is a bank, please inform the bank.
• If the hacked email address is also used elsewhere for logins – which is the rule – a new password should be stored there as well. Using the usual “forgotten password” feature, the hacker could have already sent the appropriate passwords to the compromised email address. If this is a bank, please inform the bank.
• If you feel that you have other email accounts or web access with passwords that are too weak, this would be a reason to set new, better passwords everywhere.

Evaluation of the e-mails

• If the hacked account is an IMAP account, the mail server could also be affected, which contains synchronized copies of your emails that could have fallen into the hacker’s hands. Therefore, you should search through your emails to see if the hacker is doing so credentials could have intercepted from you or your customers that were mentioned in e-mails. You can use the search function of your mail program for this purpose. If you find that it is your own credentials, e.g. for WordPress logins, team tools, Dropbox, etc., you should change the corresponding passwords and check the system for unusual activity. If you are unsure, inform your provider. If customer credentials are involved, e.g. for the admin area, you should notify the customer so that they can take appropriate action.

Other measures:

• For Windows: Install and run up-to-date virus scanners – and always keep them up to date. Keep the operating system and browser up to date.
• With Apple, always use the latest operating system if possible (Mac and iPhone).
• Occasionally recheck to see if the email address shows up in their hacker databases:
  – Hasso Plattner Institute of the University of Potsdam: Identity Leak Check (click here).
• If financial damage has occurred: possibly involve the police.