5 Signs Your Email Was Hacked – and What to Do About It 

Hacked emails aren’t just an inconvenience – they can bring your life to a standstill. 

Imagine waking up to find yourself locked out of your email, your recovery options changed, your security features disabled, and money drained from your accounts. 

You feel angry, anxious, and powerless – even betrayed. It’s not surprising that Google searches for the keyword “how to protect my email from hackers” yield more than 42 million results. 

Hacked emails leave you feeling violated – and they steal your sense of security. 

Below, we talk about how attackers hack emails, how you can spot the signs of someone tampering with your inbox, and most importantly - what you can do about it. 

The new breed of email hackers – and how their attacks are getting smarter every year 

Hackers are working smarter, not harder. And they’re sending more phishing emails than ever. As a result, 3.4 billion emails received daily are malicious in nature.  

Here's another frightening statistic: Phishing now accounts for 80% of security incidents, with losses totaling $17,700 per minute. 

In 2025, attackers are using a sophisticated mix of technical exploits, social engineering, and evasion tactics to hack emails. Have you experienced any of them? 

Technical exploits 

Phishing-as-a-service

Ready-made phishing kits have simplified the process of launching large-scale phishing campaigns – making cybercrime easy for even low-skilled scammers.  

 

Take the Morphing Meerkat phishing kit. Attackers use it to send highly targeted emails, warning you that your email account is scheduled for deactivation. It can impersonate 114 brands and use DNS-over-HTTPS to identify your email provider.  

 

With that info, it can dynamically load a login page that looks like an exact replica of your provider’s page, along with your email address already pre-filled.  

 

Once you enter your password, it’s transmitted to the attackers. You’re then re-directed to the real login page afterwards – with you being none the wiser that your credentials have been stolen. 

Multi-channel phishing

This is where attackers target victims through multiple channels such as email, SMS text (smishing), voice (vishing), social media, and instant messaging apps. For example, the threat group STORM-0539 regularly uses multi-channel phishing to target retail organizations during the holiday shopping season. 

Hyper-personalized phishing

With AI, attackers can craft highly convincing deepfake audio and video messages.  The messages reference personal details only you know – to trick you into thinking they’re from trusted sources. Some attackers will even send you Google Maps street views of your home to pressure you into meeting their ransom demands. 

Quishing (QR code phishing)

Did you know that 12% of phishing campaigns now incorporate QR codes? Attackers are exploiting the widespread adoption of QR codes to embed malicious codes in emails, shopping kiosks, parking meters, and online restaurant menus. 

Evasion tactics 

Malicious SVG attachments

Attackers are increasingly using SVG files to pass email (DMARC, DKIM, and SPF) authentication checks and evade signature-based detection in secure email gateways (SEG). SVG campaigns have increased by 245% - a popular tactic is redirecting users to credential harvesting sites that mimic branding from trusted sources like Microsoft. 

Blob URIs and HTML smuggling

Here, malicious payloads are hidden within seemingly harmless attachments. When you click the attachment, a web page is opened right inside your browser. 

 

Hidden within that web page is malicious JavaScript (this is the smuggling part) which creates a blob (data that acts like a file). This blob will have a blob URI or temporary address within your browser. The JavaScript code tells your browser to open the blob URI, which displays a fake login page (say, one that mimics your bank or favorite ecommerce platform). 

 

Because the fake page is created within your browser (client-side) and not downloaded from the internet (server-side), it won’t raise an alarm with traditional security filters. 

ASCII/Unicode-based QR codes

This type of QR code hides phishing links in QR code made from text, rather than images. This makes it undetectable by OCR (optical character recognition) scanning tools, which are trained to check image-based (not text-based) QR codes. 

Cloudflare CAPTCHA evasion

Let’s face it: Cloudflare CAPTCHAs can be annoying, but you understand its necessity. Attackers know this and are weaponizing your trust in Cloudflare CAPTCHAs to hide phishing campaigns and distribute malware like LegionLoader to your device. 

 

Social Engineering

BEC and thread hijacking

With BEC, attackers impersonate your colleagues, bosses, or vendors to trick you into divulging sensitive info or making unauthorized transactions. A common practice is to hijack an email thread by pasting the conversation into a new email (usually with a lookalike or typo-squatted domain). 

 

Scammers replace your colleagues and carry on the conversation with you. This attack can lead to devastating consequences as you don’t realize you’re no longer communicating with your colleagues. 

Lookalike domains and homograph attacks

Fake domains that closely resemble legitimate ones are designed to trick you into trusting phishing emails. Scammers use visually identical characters from different alphabets (Cyrillic “a” instead of Latin “a”) to create fake domains. When you click on the link, you’re directed to a malicious site that steals your credentials or infects your device with malware. 

Zero-day phishing pages

A recent Google Chrome Zero-day flaw allowed hackers to take remote control of compromised devices. In March 2025, the hackers sent phishing emails to invite people to a fake forum. Just clicking the link in the email led to computers being infected. Unfortunately, Chrome had no fix until after the attacks started. 

 

Tip 💡: The common thread in all these attacks is clicking on malicious links in emails. So, be skeptical of links in emails from unknown senders. It’s best not to click – even if they look real. 

Tip💡: Keep your browser updated to detect and block the newest phishing threats.  

The burning questions everyone asks about hacked emails – and the answers no one wants to hear 

Do a Google search, and you’ll find online guides offering generic advice on what to do if your email has been hacked. 

They do little to ease your anxiety, frustration, or fears.  

Below, we deliver real solutions for securing your email and restoring your peace of mind – if the unthinkable happens. 

How do you know if your email has been hacked? 

If you’ve ever wondered how you can tell if your email has been hacked, here are five (5) critical signs to look for: 

#1 Your security settings were modified

If repeated attempts to log in fail - even after double-checking your password – you may have a hacked account on your hands. 

In 2025, attackers are doubling down on aggressive lockout tactics, often changing your password, 2FA, and recovery options upon gaining access to your account. This makes standard password resets ineffective.  

#2 Complaints from contacts

Sometimes, attackers won’t lock you out. Instead, they’ll hide in the background to monitor your communications and observe your habits. This allows them to craft convincing phishing emails to send to your contacts.  

Often, the attackers will set up inbox rules to hide their activity and they’ll delete sent emails, so you’ll be none the wiser until you hear complaints from your contacts. 

#3 Unexpected password reset emails

Keep an eye out for password reset emails you didn’t request. An attacker may be trying to gain access to accounts you have for banks, ecommerce sites, and payment platforms. 

#4 Strange activity on your social media accounts

If hackers have gained access to your email account, you may see unwanted activity on your social media accounts such as: 

• The sudden addition of new followers 

• Spam promotions to your social media audience 

• Changes to your account settings or password resets you didn’t authorize 

#5 Security alerts about logins from unfamiliar IP addresses, browsers, or devices

Many email providers will show the IP addresses, browsers, devices, or locations linked to your logins. If you see locations or devices you don’t recognize, it’s possible someone is tampering with your account.  

How to really check if your email has been hacked 

While the above five (5) signs can indicate your email has been hacked, there are two ways to know for sure: 

• Use a Secure by Design password manager with Dark Web Monitoring capabilities like LastPass – you get immediate alerts if your email has been compromised. 

• Use a reputable online email hack checker like Have I Been Pwned. 

Here's what to do if someone has hacked your email address – the no-nonsense tips that will save your sanity  

When the unthinkable happens, don’t panic. Take a deep breath, pat yourself on the back for uncovering the hack, and take swift action. 

If ALL your security settings have been changed, start by immediately contacting your provider’s live support team or filling out an official recovery form. 

Provide as much information as possible, such as: 

• account creation date 

• previous passwords 

• previous recovery methods 

• frequently emailed contacts 

• subscription info for food delivery, magazines, pet products, etc. 

• payment history 

• frequently used devices  

Tip💡: Call or fill out the information from a device, location, or IP address your provider recognizes. 

Tip 💡: Gather documentation to verify your identity, such as a government-issued ID, utility bill, passport, or active alternate email addresses/phone numbers. 

To protect your data, finances, and email contacts: 

• Use another email account to warn all your contacts that your email has been hacked. Include a warning to avoid opening links or attachments from your recent messages.   

• If the hacker hasn’t yet locked you out, follow your email provider’s recovery process to take your account back. Then, log out all suspicious devices connected to your account. 

• If possible, you’ll want to update passwords and enable advanced MFA for all accounts connected to your email – LastPass offers device-based, biometric, contextual, and phishing-resistant FIDO2 authentication options. 

• You can create strong passwords quickly and easily with the LastPass password generator. 

• You may want to request new credit/debit cards to prevent or stop more unauthorized transactions. 

• Be sure to run your antivirus software to check for spyware or keyloggers. 

• Implement a credit freeze with all three credit reporting agencies (Equifax, Experian, and Transunion) - this makes it more difficult for scammers to get credit in your name. 

• Place a fraud alert with all three credit reporting agencies – this tells lenders you may be a victim of identity theft and prompts them to take precautions before extending credit in your name. 

• There’s an identity theft case every 22 seconds. So, you may want to consider identity theft protection services. See the US News and TechRadar 2025 lists for updated info on the best identity theft protection for your family. 

Tip 💡: Although persistence can pay off, being realistic is important. If you’ve exhausted all recovery options, provided all possible verification details – and still come up empty - further attempts are unlikely to succeed. At this point, it’s best to focus your efforts on protecting your other accounts, securing your finances, and enabling credit monitoring to prevent identity theft. 

Can you get hacked by opening an email?  

The short answer is no.  

Simply opening an email without clicking on any links or attachments is generally not enough to get your email account hacked. 

Your risks of getting hacked, however, rises with these three actions: 

• Clicking on malicious links that direct you to phishing sites 

• Downloading attachments that execute malicious code, potentially infecting your device with keyloggers that steal your login credentials 

• Entering your passwords on phishing sites 

I got an email saying I was hacked and recorded – what do I do now? 

Attackers may use spoofing techniques to forge their email headers. The goal is to make it appear as if they’re sending emails directly from your inbox. This is a form of psychological manipulation, designed to convince you they have full access to your email account.  

The attackers hope this will increase the likelihood of you complying with their demands. 

A prime example of such a campaign is the “Have you heard of Pegasus?” sextortion scam, where hackers claim to have hacked devices with the notorious Pegasus software and recorded victims engaging in illicit and deviant sexual behavior. The goal is to create fear and urgency so victims will pay up – usually in cryptocurrency – without verifying their claims. 

If you get such an email, don’t respond to it. It's a scam, which you can report to your email provider and the FTC. If you’ve already paid the ransom, contact your bank or financial institution so they can attempt to block or reverse the payment. Above all, try not to worry – the scammer doesn’t actually have any videos of you. Their main goal was to make a profit at your expense. 

What is the most hacked email provider? 

While free email providers like Gmail, Apple iCloud Mail, AOL Mail, and Yahoo! Mail boast user-friendly interfaces, generous storage, and basic security protections, privacy concerns remain. 

Gmail and Yahoo! Mail, for example, are heavily reliant on data mining for advertising purposes. Meanwhile, AOL Mail, iCloud Mail, and Gmail all lack end-to-end encryption. 

Yahoo! Mail has also been implicated in providing backdoor access to government agencies, which has fueled unease about its role in government surveillance. 

Finally, the most hacked email providers are attractive targets for hackers, highlighting the importance of caution when using any email service. 

Why spam filters are 100% irrelevant to securing your email account (and the solution that’s relevant, but ignored by most people) 

If you rely on email platforms like Yahoo! Mail, iCloud Mail, Gmail – or their spam filters - you’re risking more than your convenience. 

Here’s why: Spam filters are notoriously unreliable. A Google search for “spam filter not working” nets more than 76 million results.  

Remember: Your email is the gateway to everything – your bank accounts, social media profile, and personal data.  

Free email services may be cost-effective, but you deserve better than relying on spam filters as a security strategy.  

This is where LastPass comes in: Built on Zero Knowledge, Secure by Design principles, it’s a technologically sound, battle-tested fortress designed to protect your most sensitive digital assets. 

Imagine generating truly unique passwords for ALL your accounts and never having to remember a single one - except the master password to access your password vault.  

Imagine fast, easy login experiences – without having to enter ANY passwords. 

And imagine MFA options so advanced, they block 99.2% of account takeovers – a feat that free email services simply can’t match.  

This is why LastPass is a top Cybersecurity News pick for best password managers of 2025. 

Just think: Only a third of the world uses a password manager.  

Today, you can lock down your email accounts with an advanced password manager that’s built to defend your security and peace of mind. A LastPass trial gets you 30 days FREE protection for your digital life, no credit card or commitment required.