Skip to main content

What to do if your email account has been compromised

If the password you used for the compromised email account is the same for any other
accounts or services, please change these immediately.

If you haven't done so already, it may still be possible to recover and regain access to your compromised account if you have previously set up a recovery email address or phone number, however, these may have been altered when the account was compromised. Use a search engine (e.g. Bing, Google) to find out how to recover your email address, and change your password as soon as access has been granted.

If you cannot regain control of the account consider contacting the service provider and requesting it to be closed down completely.

  • Contact any people you feel need to know about this account compromise and any bogus accounts.

  • Use a trusted method to contact them, i.e. email from a trusted account, call or text by phone.

  • Advise them not to response or in any way engage in communication with these bogus accounts, and if they are unsure to contact you by other means.

  • Advise them to mark any emails received from bogus email accounts as spam or junk before deleting. If you are unable to regain control of your legitimate account advise them to do the same with any emails received from it.

If you are unable to regain access and have subscribed to any services using the compromised email account, update the email address or stop the subscription as soon as possible.

If the hacker gets no response or value from the data using compromised/bogus accounts, they will typically fall out of use in due course.

 

Downloadable documents

A Guide to Email Account Compromise Infographic (PDF)