How Do Hackers Get Into Your Inbox?
You might not think of your email account as a prime target for hackers and identity thieves. But just think about how much sensitive information flows through your email account.
We use our emails to log into video streaming, online shopping, and social media. It’s where we receive bank statements and utility bills that include our address, full name, and Social Security number. And if we forget a password or need to reset an online account, where do those messages get sent?
For many of us, our email address acts as our online ID. And cybercriminals know it's a golden ticket to financial information and sensitive data they can use for scams and blackmail.
So how can you defend your inbox and email account from unwanted access?
How Do I Know if My Email Has Been Hacked?
Any sign of strange activity in your inbox could be a sign that your email has been hacked.
Here are the most common ways to tell if your email account is hacked:
- You can’t sign into your email account. Hackers will often lock you out of your account as soon as they get access. If your normal email password isn’t working, there’s a good chance you’ve been hacked.
- There are strange messages in your “Sent” folder. In other cases, a hacker wants to use your email without alerting you that you’ve been hacked. Look for strange emails in your sent folder that you didn’t send.
- You’re getting password reset emails you didn’t ask for. Once a hacker gets access to your inbox they can see which services you use. For example, Facebook email notifications tell them you have a Facebook account. They can then take over your accounts by getting password reset emails sent to your hacked inbox.
- Different IP addresses show up on your log. Many email service providers will keep a log of IP addresses that have accessed your account. This will show you the device, browser type, and physical location of who’s accessing your inbox. For example, in Gmail, look for “details” in the bottom right corner of your inbox.
- Your social media account has weird posts you didn’t make. Scammers use your email to get access to your social media accounts and use them to run scams. One common example is to take over your Facebook, Snapchat, or Twitter and send messages to your friends asking for account details or money.
- Friends and family are getting emails or messages you didn’t send. If you get a friend asking “was this email from you?” that probably means you’ve been hacked. Fraudsters send emails to try and get details or money from your contacts (i.e., “phishing emails”).
- Your device is suddenly slow or acting differently. Hackers commonly install viruses and malware to get access to your inbox. If your device’s performance drops suddenly, you may have been hacked.
- Someone set up automatic forwarding to an address you don’t recognize. Check your preferences to see if a hacker has changed your account settings to forward emails to another address. (Think of this as a digital “change of address” scam).
- Your account information is available on the Dark Web. Due to the number of data breaches in recent years, there’s a good chance your email address and password is already available to hackers on the Dark Web.
Pro tip: Check to see which of your accounts have been compromised with Aura’s Identity Guard Dark Web Scanner.
Your email account is a gateway to other accounts. If you think you’ve been hacked, check for other warning signs of identity theft.
Here’s How Hackers Get Access to Your Email Inbox
- They tricked you into giving them access through phishing attacks
- You forgot to sign out of a public or shared device
- Hackers stole your information over a compromised Wi-Fi network
- Your account information was leaked in a data breach
- They installed malware on your device
- Your password was easy to guess
- You used the same password for multiple accounts
1. You Were Tricked by a Phishing Attack
“Phishing” is when hackers use official-looking or sounding emails, calls, or texts (known as “smishing”) to trick you into giving up your email account details.
Hackers send spam emails claiming to be from a legitimate institution, like a government agency or your bank. These emails and messages copy the same phrasing and logos and use spoofed “From” addresses to look more legitimate.
Phishing scams have two goals.
First, is to get you to scam you online into providing your account details and password. For example, a hacker might send an email pretending to be from Amazon saying someone else is using your account. They’ll include a link to confirm your account details. But when you do, the hacker will get your information.
Second, is to get you to download malware onto your device. Malware gives scammers access to your computer so they can steal sensitive information like your email password.
Always be wary of attachments, links, and QR codes in suspicious emails. If you’re unsure, hover over or click on the “From” name to reveal the true email address. If it’s not a legitimate email or doesn’t match up with who they say they are, delete it and report the scam.
2. You Forgot To Sign Out of a Public or Shared Device
Leaving your accounts logged in on any device that isn’t exclusively yours is a golden opportunity for hackers. For example, if you use a device in the library, at an office, or in a tech store.
Remember, your email account won’t always automatically sign out when you close a browser window. All it takes is a few seconds for a hacker to change your passwords and lock you out of your own account.
You should also beware of any shared devices. If you ask to use a friend’s device to check your email, you could be leaving your account compromised. Always sign-out of your account when you’re done using it.
3. Hackers Broke Into Your Wi-Fi Network
You might be surprised to learn that hackers can easily hack your home Wi-Fi network.
Even if you use a password on your account, hackers can gain access through security flaws in your router. Or, they can use a type of cyber attack called a man-in-the-middle attack (MITM) to intercept your connection on public Wi-Fi networks.
In both cases, hackers can see everything you’re doing and steal your login information when you enter it.
A secure VPN can help protect your network from hackers spying on your sensitive information.
4. Your Account Information Was Leaked in a Data Breach
According to the Identity Theft Resource Center (ITRC), 2021 was a record-breaking year for data breaches with billions of account details leaked [*].
That means there’s a good chance that hackers already have access to your email account information. How? Criminals can easily buy leaked credentials on the Dark Web.
If you want to see if your information has been compromised, try Aura’s Identity Guard Dark Web Scanner. We scan the Dark Web to see if you’re at risk for identity theft, account hijacking, spam, credit theft, and more.
5. Hackers Installed Malware on Your Device
Malware is malicious software that can steal your email login, harm your devices, and more.
Cybercriminals have sophisticated methods for getting you to download malware beyond just clicking a link in a spam email. Some emerging cyber threats to beware of include:
- Trojans — This malware comes packaged inside legitimate software and gives hackers backdoor access to your computer. Trojans are commonly used to steal credit card information.
- Drive-by-downloads — Hackers take advantage of apps, operating systems, and software that hasn’t been updated to install malware without your permission.
- Ransomware — This malware prevents you from accessing data until you pay a fee. Or, hackers will threaten to expose sensitive photos and files (like in the famous celebrity hacks).
- Spyware — This type of malware collects information from your computer or even records your keystrokes to capture passwords and login information.
- Pharming — This is when hackers create legitimate-looking websites designed to steal your account information. For example, they might copy your email or social media login page and get you to download malware.
Anytime a hacker installs malware, they have the potential to get access to your email, bank account, and more.
6. Your Email Password Was Easy To Guess
Sometimes hackers don’t need sophisticated methods to hack your email.
Some of the most popular passwords are notoriously easy to guess (like “password” or “123456”). While many people use personal information like birthdays or pet names that can easily be found in your online footprint.
If a hacker wants access to your email account, they can use “brute force” software to rapidly guess your password using what they know about you.
For example, let’s say your password is “bluecar68.” You made this because your car is blue, and you were born in 1968. If a potential hacker knows you, they can brute-force that password with ease.
7. You Used the Same Password for Multiple Accounts
There’s probably a 99% chance that at least one of your old passwords was part of a data breach or is available on the Dark Web. If you reuse passwords across social media and online stores, hackers can try them on your active accounts and get access to your email and more.
Using strong, unique passwords is your first, and sometimes only line of defense against hackers.
5 Disturbing Things Hackers Can Do With Your Email
Once a hacker has access to your email, they can do tons of damage to your identity, credit, and reputation. Here are five alarming ways that hackers take advantage of your hacked email account.
1. Use your email to phish friends and family
Hackers with access to your email also have access to your contact list.
That means everyone you know or have ever emailed could suddenly be the target of a phishing scam or other types of social engineering attack. And because the hacker is using your email, your family, friends, and other contacts are more likely to open them and even click links.
2. Blackmail you with sensitive photos and information
Many of us use our emails as file storage or have sensitive information we wouldn’t want leaked. If a hacker gets access to your email, they can find all these files and use them to extort you for money or access to other accounts.
One example of this was the celebrity hacks that leaked nude photos of female celebrities along with embarrassing emails from major film studios.
3. Gain access to your other accounts (like social media, bank, etc.)
Your email address is part of a very tightly woven web of secure information.
If you use Gmail, Microsoft, or Yahoo, there’s a password manager built into your email provider that hackers can use to find stored passwords.
If you don’t have other cybersecurity measures in place, this now means that a hacker has access to any account with a stored password. For example, your social networking accounts and banking information.
4. Steal your identity and lock you out of your accounts
Access to your email can often be enough for hackers to commit all different types of identity theft. Remember, your email is like your online ID. Scammers can use it to sign you up for almost anything. Or, they can fake your online persona for other reasons.
This is even worse if your inbox contains emails about tax information or government benefits that include your Social Security number. (Be especially careful with your SSN as it's not always possible to change your Social Security number – even after identity theft.)
5. Gain access to your business email and scam your work
In a worst case scenario, a hacker gets access to both your personal and business email. If this happens, they can get access to your corporate network and destroy your professional image.
Has Someone Hacked Your Email Account? Do This ASAP
- Regain access to your account. If you can still access your email account, change your passwords immediately to kick the hacker out. If you’re locked out, you’ll need to work with your email provider to recover your hacked account. Here’s how to recover a hacked Gmail, Yahoo, and Microsoft account.
- Scan your device for malware and viruses. There’s no point in changing passwords or setting up security software if hackers still have access to your account. First, use Antivirus software to remove any lingering malware or spyware.
- Change all your passwords and set up a password manager. Next, change your email password and the password for any other affected accounts. Use strong and unique passwords that include upper- and lowercase letters, symbols, and numbers. Avoid personal information like birthdays and pet names. To help keep track of your new passwords, consider a password manager.
- Switch up your email security questions. Change your security questions to something that you can’t find online. Get obscure. Hackers can find all sorts of information about you in your online footprint.
- Enable two- or multi-factor authentication (but not SMS). Add two-factor authentication to your email along with a secure recovery email address. If possible, skip SMS for your authentication codes. Instead, use an authenticator app like Google or Okta as it’s much more secure.
- Tell your friends and contacts you’ve been hacked. Alert everyone you know that you’ve been hacked and to beware of suspicious emails. This can feel awkward, but it helps protect people you know from further hacks.
- Start using a VPN with malware protection. Update your network and device security to block malware and warn you of potential phishing sites.
- Update your devices and operating system. Hackers use vulnerabilities in outdated software to get access to your device. Don’t ignore updates.
- Wait before you start shopping online. An email hack can sometimes mean scammers have access to your device. Wait until you’re malware-free before entering your credit card information on any online shopping site.
- Set up credit monitoring. This will alert you of any suspicious activity on your credit report or bank account so you know if hackers have access to them.
- Report the identity theft and fraud. Email hacking and identity theft are crimes. If you’ve been a victim, report the theft to the FTC at IdentityTheft.gov and file a police report.
How To Protect Your Inbox From Hackers and Scammers
The best way to protect your email inbox is to be mindful of phishing scams and who has access to your account. To keep yourself safe, follow these best practices:
- Be cautious of any link or attachments (even from friends). They can include links to malware or phishing sites.
- Reduce the amount you share online. The less you share, the harder it is for hackers to guess your passwords or security questions.
- Use an identity theft monitoring service to alert you of vulnerable accounts. Your accounts may have been compromised in a data breach. Use a monitoring service to help you know which ones are vulnerable and need your attention.
- Force sign-out of any unfamiliar accounts. Many services you use let you see active account logins worldwide — for example, your phone and laptop. If you see anything you don’t recognize, force all accounts to log out.
- Password protect your devices (use biometrics if possible). Fingerprint and facial recognition can stop hackers from getting access to your email account if your device is stolen. However, there's still the possibility of fingerprint identity theft. Make sure you combine biometrics and a password for the best protection.
- Don’t ignore updates. Companies include security updates with new versions of their software.
- Use strong passwords and a password manager. The harder your password is to hack, the more secure your account. Use a password manager so you don’t have to remember your unique passwords.
The Bottom Line: Keep Hackers Out of Your Inbox
Hackers know the value of your email account. Once they’re in, they can use it to gain access to your bank account, social media profiles, and other sensitive online accounts.
Don’t ignore the signs of a hacked inbox. If anything looks suspicious or you suddenly can’t log in, act fast! The longer hackers have access to your account, the easier it is for them to steal your identity.
And if you have no idea what to do if your identity is stolen, consider signing up for Aura.
Aura protects you and your family from all aspects of identity theft from hacked emails. With Aura, you get military-grade network and device protection. You also get top-rated credit and identity monitoring to keep your most important accounts safe.
And if the worst happens, you’re covered by a $1 million insurance policy for eligible damages resulting from identity theft.