General Question

jca's avatar

What are the steps to take if my personal email has been hacked?

Asked by jca (28713 points ) April 9th, 2014

My personal email has been hacked. I am receiving spam on my work email coming from my personal email account.

What do I do to rectify the situation?

I don’t want to log on and give my grandmother’s first name or answer other security questions if someone else has access to my email account.

It’s AOL, in case you’re wondering.

I recently received an email saying that I should change the password, as “unusual activity” has been occurring. I did change the password at that time.

I don’t want to delete the account as I have emails there that I would like to keep and have access to.

What do I do now?

Observing members: 0 Composing members: 0

11 Answers

CWOTUS's avatar

The first thing that you need to do is log into your email account and change the password.

You should always take that as the first action in case you’ve got a very malicious hacker (unusual) who wants to take over your account and keep you out of it. Most spammers only want to “use” the account, but they don’t care if you can, too.

So sign in now and change the password, and use a “secure” password that’s composed of a combination of uppercase, lowercase, numerals and “special characters”, as allowed by the system.

hominid's avatar

You also might want to consider using 2-factor authentication.

Smitha's avatar

Change the password to something strong. Before changing the password, clear the viruses or malware. Notify your friends and family as soon as possible and warn them not to open any mail from you email id. In case you are using the same password for other accounts like Facebook or Twitter better change that too.

hominid's avatar

Also, check your settings (mail forwarding, filters, etc) to make sure nothing has been setup to divert your mail.

LuckyGuy's avatar

Are you sure the email came from AOL? Hover your mouse over the link and verify that it really was AOL. It can be a Phishing attempt. If it is, NOW they have your password. Change it again. ASAP!

I get emails like that every week from people pretending to be Yahoo, Gmail, My bank, etc. I never click on the link ! I forward the email to the appropriate agency and then delete.

jca's avatar

I just went on the AOL account settings and changed password again, today and changed security question. I also did the 2-factor authentication, as per @hominid.

LuckyGuy's avatar

That will help. When you received the “unusual activity” email did you click the link they included? If yes, sadly that was the time you gave them access to your email address list and old emails.
Now your contacts will be receiving invitations to russian porn sites and other scams.
Slime bags.

rexacoracofalipitorius's avatar

Check the full header of the suspicious emails you received. It might not be immediately obvious how to view them; in this case you will have to contact your email provider to find out how to see them.
Some spammers and dumb bots will attempt to ‘spoof’ their email address by supplying a different one in the From: field of the header. A careful reading of the header will reveal a different story. For more information:

http://www.arclab.com/en/amlc/how-to-read-and-analyze-the-email-header-fields-spf-dkim.html

The message routing might well reveal that the spam messages are not coming from your own email after all, and from whence they do come. Once you have that information you can report them to your ISP and to SpamCop.

Even if this is the case, you should still change your password anyway.

Winter_Pariah's avatar

When making a new password – to avoid getting hacked again – try going for a minimum password length of 12 to 14 (I prefer 14) characters if permitted, avoid passwords based on repetition, dictionary words, letter or number sequences, usernames, relative or pet names, past and current romantic links, or biographical information (i.e., ID numbers, ancestors’ names or dates, this all is probably the BIGGEST no-no),and you should try to include numbers and symbols in password if allowed.

And do try to avoid using the same password for multiple sites.

raven860's avatar

That email regarding changing your email…. may be the source of the whole problem. I know gmail recently had a scam email going about asking to do something similar.

http://www.huffingtonpost.com/2014/03/18/gmail-scam-phishing_n_4986510.html

CWOTUS's avatar

I love the idea of 2-factor authentication, @hominid, but I have one huge problem with it. If I travel overseas my phone won’t work there. So if I do set up the 2-factor authentication – and then travel overseas at some point and require another computer to log in (and that’s the most likely place that I might, for example, run up against a broken or stolen or just not-with-me computer and have to sign in from someone else’s) then I could never take the call to complete the authentication.

Otherwise it seems like a great idea.

Answer this question

Login

or

Join

to answer.

This question is in the General Section. Responses must be helpful and on-topic.

Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
or
Knowledge Networking @ Fluther