An email hacker can gain unauthorized access your email account in several ways. Phishing, using your cookies and guessing are all ways to gain access to your email messages. If you think that you have an email hacker, you should first take precautions against future unauthorized access. After that, you can find out who has been using your email account through their Internet protocol (IP) address.
Recognize the signs of unauthorized access on your email account. An obvious indicator is when email messages appear as having been read even though you haven't read them. Also, if you check the "Sent Mail" and "Deleted Mail" folders, you may notice messages that have been emailed or deleted without your permission. Another sign is if the secondary email account has been changed.
Check the "Sent Mail" folder for forwards from your email account. The email address that receives the forwards is likely to be owned by your email hacker. The same is true if the secondary email account has been changed. The owner is probably the person who has unauthorized access to your email account.
Check the IP addresses of the activity on your email account. If you are using Google's Gmail service, this is as simple as logging in and scrolling to the bottom of the page. There it will indicate the time and the IP address of the last activity on your email account. If you click on the activity monitor, you can find even more information about the person who accessed your email account. (If you have another email provider, you will have to contact their support for this information.) The IP address indicates the location and identity of the person who has logged into your account.