Your friend told you he received an email that you know you didn't send. You've been hacked. That means someone out there knows your email password and is using it to send spam email or other malicious messages. By following a few steps, you can stop the hacker from further use of your account and protect your email from future hack attempts.
The Signs of a Hacked Account
Typically, you discover that your account has been hacked when a friend alerts you to a suspicious message sent from your account. Hackers use many tools to discover email passwords, including malware on your computer, directly attacking Internet sites that require passwords, and by sending phishing emails.
A hacker who has your account information can log in to your email and snoop for personal information such as bank account records or emails from known providers of goods and services. They can attempt to log in to sites such as PayPal and Amazon using your email and the known password.
Immediate Steps to Protect Your Account
If you have been hacked, immediately run a full virus scan. Update your virus scanner to ensure you have the latest virus definitions, and then disconnect your computer from the Internet before running the full scan. If you don't have virus checking software, download a free anti-virus software such as MalwareBytes or AVG or purchase software from a vendor such as Norton or McAfee. If your computer is running Windows 8.1, it comes pre-loaded with Windows Defender.
Once you are certain that there is no malware present on your system, change your password. This action stops the hacker from using your account. Take the time to reset your password on any website where you used the same password as your email.
After your system is secure and your password is reset, send an email message to your contacts alerting them to the breach. Make sure that you put only your email address in the To field, and use the BCC (Blind Carbon Copy) field for all other recipients.
Use Strong Passwords and Configure Two-Factor Authentication
Just changing your password isn't enough. Use a strong password that combines upper and lowercase letters, numbers and symbols. Do not use common words, your name, your username or personally-identifying information as any part of your password. Change your password every 60 to 90 days.
You can further protect your email password by taking advantage of your email provider's two-factor authentication services. Two-factor authentication validates each device you use to access your account by sending a security code to your mobile device upon first login attempt. A hacker cannot log in to your email with just a password; he needs access to your phone in order to complete the login. Follow your provider's help instructions to configure two-factor authentication.
Use Caution When Reading Your Email
Once your email account is secure, take active steps to prevent future hacks. Don't click on links in emails from unknown senders, or links contained in emails that look suspicious, even if they are from known contacts. Never respond to an email that asks for your password or personal information, even if the email looks legitimate. When in doubt, call the company that appears to be the sender using its official customer service number provided on its website and ask if the email is legitimate. Provide passwords and personal information only on secure, official websites.