If your email has been hacked, regain control, change access, remove hidden rules, and lock down recovery options before the attacker returns.
Email account takeovers move fast. One stolen inbox can reset passwords, grab one-time codes, and impersonate you with scary speed.
This guide gives you a clear sequence: stop the bleed, get back in, remove quiet backdoors, then tighten sign-in so a leaked password won’t sink you again.
What To Do After Your Email Has Been Hacked Today
Start with the moves that kick the intruder out and cut off the fastest ways they can keep control. Then clean up the settings that let them slip back in later.
Do These First, Even If You’re Still Shaking
- Use a clean device — Sign in from a phone or computer you trust; avoid the device where you first noticed the hack.
- Change the password — Create a new, long password that you haven’t used anywhere else.
- Sign out other sessions — Remove unknown devices and force a sign-out across sessions from the security page.
- Lock recovery options — Replace any recovery email, phone number, or backup codes you didn’t set.
- Turn on two-step sign-in — Add an authenticator app, security key, or passkey so a stolen password won’t be enough.
A Simple Timeline So You Don’t Miss A Step
| When | What you do | Why it matters |
|---|---|---|
| 0–10 minutes | Change password, sign out sessions | Stops active access and cuts off quick resets |
| 10–30 minutes | Fix recovery email/phone, add two-step | Blocks takeback attempts after you regain control |
| 30–60 minutes | Remove forwarding rules, filters, connected apps | Eliminates quiet backdoors that survive password changes |
| Next 24 hours | Reset passwords on linked sites, scan devices | Stops follow-on theft across banking, shopping, socials |
Get Back Into The Account If You Can’t Sign In
If the attacker changed your password or recovery options, your first job is getting access back through the provider’s recovery flow. Move quickly, then keep trying from the same device and network so the system sees a consistent pattern.
Google, Gmail, And Workspace Accounts
Use Google’s built-in security checks to review devices, access, and recent sign-ins, then complete each prompt it shows. After you’re back in, do the cleanup steps below so nothing stays hidden.
- Run Google Security Checkup — Use Google Security Checkup to review devices and account activity, then remove anything you don’t recognize.
- Confirm recovery details — Re-check the recovery email and phone number so password resets route to you.
Outlook, Hotmail, And Microsoft Accounts
Microsoft accounts often get taken over through password reuse or a fake sign-in page. After you regain access, focus on sign-out, password change, and account settings that control recovery and sign-in.
- Change access right away — Reset your password as soon as you can, then remove unknown devices in the account security area.
- Review recovery settings — Confirm your recovery email and phone are yours, then remove anything you didn’t set.
If Recovery Fails On The First Try
- Retry from a familiar place — Use a device and Wi-Fi you used before, since providers score sign-ins by history.
- Gather proof of ownership — Have older passwords, account creation timing, and billing details ready if the provider asks.
- Wait out temporary blocks — Some services pause repeated attempts; follow the cooldown window shown on-screen, then try again.
Kick Out Hidden Backdoors Inside Your Inbox
After you can sign in, assume the attacker tried to stay attached. Many takeovers add quiet rules that forward mail, hide alerts, or keep access through a connected app token.
Forwarding Rules And Auto-Reply Traps
- Remove unknown forwarding — Delete any forwarding destination you didn’t add, and confirm forwarding is off.
- Review auto-replies — Clear any vacation reply that shares travel dates, phone numbers, or other personal details.
- Check blocked senders — Remove blocks that would hide security notices from your provider.
Filters, Rules, And Folder Routing
Attackers love rules that hide bank alerts or password resets by shoving them into Archive, Trash, or a new folder. Scan every rule, not just the ones that look suspicious at first glance.
- Open the rules list — Go to settings and view all filters or mail rules in one place.
- Delete rule-based hiding — Remove rules that skip the inbox, mark as read, or auto-delete sensitive mail.
- Search for missed alerts — Check Archive, Trash, Spam, and custom folders for security emails you didn’t see.
Third-Party App Access That Survives Password Changes
Many services let apps connect through delegated access. If a shady app was approved, it can keep pulling mail even after you change the password.
- Review connected apps — Remove any app or device you don’t recognize from “connected apps” or “third-party access.”
- Revoke old mail clients — Remove legacy IMAP/POP clients you no longer use, then re-add trusted ones.
- Reset app passwords — If your provider uses app passwords, delete them all and create new ones only as needed.
Secure The Device That Might Have Leaked Your Login
If your email was taken over, the password likely leaked through phishing, password reuse, a breached site, or malware on a device. Fixing the inbox without fixing the leak often leads to a second takeover.
Device Clean-Up You Can Do Right Now
- Run a full malware scan — Update your security tools, then scan the whole device, not just quick scan.
- Update the system — Install the latest OS and browser updates, then reboot.
- Remove sketchy extensions — Uninstall any browser add-on you don’t trust, then review the rest.
- Reset saved passwords — If your browser saved the old email password, delete it so it can’t auto-fill.
Check Your Browser And Cookie Sessions
Some attackers rely on session cookies instead of passwords. Signing out everywhere helps, and it’s smart to clear old sessions on your side too.
- Clear cookies for the mail site — Remove site data for your provider, then sign in again with your new access.
- Review password manager entries — Make sure the saved login matches your new password and recovery email.
Protect The Accounts Your Email Can Reset
Your inbox is the master key for many sites. Once you regain control, treat this like a password reset campaign, starting with anything that can cost money or expose personal data.
Prioritize Resets In This Order
- Banking and payments — Change passwords, check new payees, and review recent transfers.
- Shopping and delivery — Check saved cards, shipping details, and order history.
- Mobile carrier accounts — Add a PIN or port-out lock if your carrier offers it.
- Social and messaging — Rotate passwords so the attacker can’t impersonate you elsewhere.
- Work and school tools — Alert your admin team if you use a managed account.
Tell People Before They Fall For A Scam
Attackers often message your contacts while they still have access, asking for gift cards, crypto, or urgent help. A fast heads-up can save someone from sending money.
- Send one clear warning — Tell contacts your email was hacked and to ignore recent messages or links.
- Call close contacts — If someone is likely to act fast on your messages, a quick call beats another email.
- Report impersonation — If scammers used your name on other platforms, use the platform’s report tools.
Set Up Defenses So It Doesn’t Happen Again
Once the account is clean, lock it down with stronger sign-in and safer habits. The goal is simple: make a stolen password useless.
Turn On Strong Sign-In
- Use an authenticator app — Pick app-based one-time codes over SMS when you can.
- Add a security key or passkey — Hardware-backed sign-in blocks most phishing attempts.
- Save backup codes safely — Store them offline, not in your inbox or a notes app tied to the same account.
Set Alerts And Watch For Repeat Attempts
Most providers can alert you about new sign-ins and recovery changes. Turn those alerts on and keep them loud.
- Enable sign-in alerts — Get notifications for new devices, new locations, and password changes.
- Watch recovery changes — Treat a recovery email or phone change as an emergency.
- Check forwarding monthly — A quick check of forwarding and rules catches stealth changes early.
Stop The Two Big Causes Of Takeovers
Most email hacks trace back to two patterns: reused passwords and fake login pages. Fix those patterns and your odds improve fast.
- Use different passwords everywhere — A password manager helps you keep long, different logins without memorizing them.
- Slow down on login links — Type the site URL yourself or use a trusted bookmark.
- Verify security emails — Check the sender domain and the account activity page before you click anything.
When You Should File A Report
If the attacker used your email to open accounts, steal money, or grab personal info, take it past cleanup. The U.S. Federal Trade Commission has a step-by-step path for hacked accounts and identity theft reporting.
- Follow the FTC recovery steps — Use FTC guidance for hacked email if you need a formal plan and records.
- Freeze the money trail — Contact banks and card issuers right away if you spot charges you didn’t make.
A Quick Final Check Before You Move On
Before you close the tab, do one last sweep. This catches the sneaky stuff that causes “it got hacked again” stories.
- Confirm recovery options — Make sure recovery email, phone, and backup codes belong to you.
- Review connected apps — Remove anything you don’t use, then keep the list lean.
- Recheck rules and forwarding — Scan filters, rules, forwarding, and auto-replies one more time.
- Verify main account logins — Sign in to banking, shopping, and social sites to confirm your resets stuck.
- Store your new access safely — Save passwords in a trusted manager, not a text file or your inbox.