What to do if your email has been hacked, according to a tech expert

If you suspect a hacker has accessed your email inbox, you need to act immediately and change your password as soon as possible.

With access to your emails, a hacker could potentially take over your other online accounts by resetting passwords and tricking your contacts into sending money or sharing sensitive information.

Below, we explain how to recover your Gmail, Outlook or Apple Mail inbox. Note that, even if you're not currently dealing with a security threat, it's still worth reading through our walkthrough to make sure you're prepared.

Get tech confident

Solve your tech issues and get expert buying advice by chatting to our support team as often as you need. From only £4.99 a month.

Join Which? Tech Support

Cancel anytime.

Already a Tech Support member? For more help and 1-2-1 technical advice, including buying advice, go to our Tech Support online booking tool.

How do I get my email account back?

'I've just received some phone calls from my friends and family notifying me that they have received an email from my Gmail account asking for a gift card.

'It looks like my email address has been hacked – what can I do?'

Which? Tech Support member

How to recover your inbox

1. Recover the account and change the password

Assuming you can still access your account, it’s best to change your password immediately to a strong, unique one that hasn’t been used elsewhere.

• In Gmail: Select your user icon (top right-hand corner), then Manage your Google Account. Choose Security > Password.
• In Outlook: Select your user icon (top right-hand corner), then My Microsoft account. Go to Security and choose Change password.
• For Apple accounts on Mac: Select the Apple menu and choose System Settings. Click your Apple ID and select Sign-In & Security > Change Password.

If the hacker has changed your password, then you need to go through the account recovery process. This involves choosing the Forgot password option when attempting to access your account, then verifying your identity using a phone or alternative email address. Some services (including Gmail) will also offer the opportunity to push a notification to a linked mobile phone.

Once your identity has been verified, you can set a new password.

2. Log out of all other devices

Not all email services offer this feature, but popular providers such as Google, Microsoft and Apple do.

In your account’s security settings, you’ll find an option to view devices currently logged into your account. If you don’t recognise a device or location, you can select it and sign it out.

• In Gmail: Select your user icon (top right-hand corner), then Manage your Google Account. Choose Security < Manage all devices and select the problematic device. Click Sign out.
• In Outlook: Select your user icon (top right-hand corner), then My Microsoft account. Select Security > View my devices. Choose Remove device for any you don't recognise.
• For Apple accounts on Mac: Open System Settings and click your Apple ID. Scroll to the bottom to see a list of all devices connected to your Apple ID. If you see a device you don’t recognise or want to remove, click Remove from Account.

3. Check your auto-forward settings 

When hackers gain access to an email account, they often enable auto-forwarding so they can continue receiving your messages even after you recover the account and change the password. This setting is easy to overlook and could allow hackers to maintain access to sensitive emails, leaving you vulnerable to further attacks.

To check for auto-forwarding, go to your email account settings and look for the forwarding or auto-forward option.

• In Gmail: Select Settings > See all settings. Choose Forwarding and POP/IMAP and then select Delete any forwarding setup.
• In Outlook: Go to Settings > Email > Forwarding and IMAP. If you see any forwarding set up, click Disable forwarding and then select Save.
• In iCloud Mail: Click the gear icon, then choose Settings. Select Mail Forwarding. If forwarding is enabled and you don’t recognise the address, uncheck 'Forward my email to' or remove the address. Optionally, uncheck 'Delete messages after forwarding' if it's selected.

4. Examine your inbox filters

Hackers might set up filters on your email account to block, delete, or move emails into random folders to confuse you.

Within your account settings, there will be an option for filters and rules – we recommend deleting any that you have not set up yourself. 

• In Gmail: Select Settings > See all settings. Under Filters and blocked addresses, check carefully for any unknown or new ones and delete.
• In Outlook: Go to Settings > Email > Rules. Review the list and delete any rules you did not create yourself.
• In iCloud Mail: Click the gear icon, then Settings. Go to the Rules tab and review each rule — if you find one you didn’t create or don’t recognise, click the trash icon to remove it.

We've heard from Which? Tech members struggling to stop unwanted messages clogging up their inboxes, but there's a fix – discover how to block spam emails for good.

5. Notify your contacts

While they had access, the hacker might have used your account to send phishing emails or copied your contact list for later use.

With this in mind, it’s best to let your contacts know that your account has been compromised. This can help prevent the spread of phishing attacks.

A good antivirus will prevent you from falling for phishing attacks - see our pick of the best antivirus.

News, deals and stuff the manuals don't tell you. Sign up for our Tech newsletter, it's free monthly.

6. Look over your other accounts

Any other online accounts that share the same or a similar password to the one the hacker used to gain access should be changed.

It is crucial to use completely unique passwords for each online account to prevent a domino effect, where one breach leads to the compromise of multiple accounts. The hacker may also have accessed other accounts by using your email for verification. It’s recommended to change the passwords for any accounts containing sensitive data.

Lock up the data you share online and think before you post – see 7 ways to secure your social media and email accounts.

How to prevent your email from getting hacked again

• Use a unique, strong password for each and every account. Consider a password manager.
• Enable two-step verification in your email account settings. (see also: What is two-factor authentication?)
• Use an authenticator app if supported by your account. 
• Keep your account recovery options up to date.
• Regularly review your account activity, such as logged-in devices.

Scammers desperate to make a quick profit are tricking unsuspecting users into calling fake support numbers. Read our advice on how to stop scam pop-ups on Windows.

Join Which? Tech Support

Get tech confident

Solve your tech issues and get expert buying advice by chatting to our support team as often as you need. From only £4.99 a month.

Join Which? Tech Support

Cancel anytime.

Which? Tech Support can help you keep on top of your home tech. Our experts explain things clearly so that you can resolve issues and feel more confident using your devices.

Get unlimited 1-2-1 expert support:

• By phone – clear guidance in choosing, setting up, using and resolving issues with your home tech devices.
• By email – outline the issue and we’ll email you our answer.
• By remote fix – we connect securely from our office to your home computer and resolve issues while you watch.
• In print – Which? Tech Magazine, six issues a year delivered to your door.

You can join Which? Tech Support.