Email is a pretty mundane part of our digital lives now and may not be something you spend much time thinking about.
But if you’re not paying attention, it’s all too easy to miss the often quiet signs that somebody is trying to break into your accounts.
And it’s not your personal correspondence you have to worry about. Hackers with access to your email account can cause significant harm by resetting your banking passwords or those of crypto accounts or other investments.
They can drag your good name through the mud, too, contacting everyone you know and using your account to hack them. They may do that first through your email and then through your social media accounts.
Following are some dangerous signs to watch for that your email account may be compromised, leaving you at risk of fraud and identity theft.
1. You can’t log in to your email
While this is an obvious sign that something is wrong, you might not immediately think it’s suspicious. You might blame yourself, thinking you mistyped or misremembered your password too many times.
A good, free password manager can avoid that kind of issue. But a more sinister possibility is that someone else got into the account and locked you out by changing your password.
You’ll need to get back into your account before you can do a security sweep and figure out what might have happened. Here are steps to take from some of the major email providers:
Once you can log in again, the FTC recommends making sure you’ve been signed out on all devices, changing your password, turning on two-factor authentication and making sure your account recovery contact information is up to date.
You should also check your recently sent and deleted mail.
2. You can’t log in to financial or social media accounts
Just like your email itself, social media accounts you can’t access might not set off alarm bells. But you may be logged out because of someone’s attempts to guess your password, or because they did get in and changed it.
Here’s some help from major social media companies:
Follow their advice to secure your account and make sure it wasn’t misused.
3. You are notified about a username or password change you didn’t make
If you get a ton of junk email every day, you’re not alone. Keeping up can feel like an unnecessary chore — you can just skip or delete anything you don’t feel like looking at, right?
But certain notifications you don’t want to miss could show up in your inbox — like an email from any website where you have an account that mentions resetting your password or changing your username.
If you didn’t ask for that, who did? It could have just been someone making a typo on their own username or email, but there’s reason to believe it’s more malicious than that.
Notifications like this should make you more vigilant about your account. Some services offer a way to report that you didn’t request any changes.
You also don’t necessarily want to click any links in this email, just in case it’s a scam trying to scare you. Instead, go on your own to the website of the account in question — using a search engine if you need to.
4. Friends or family ask about weird emails you didn’t send
Compromised email can often be an invisible problem so someone asking you about a weird message is about the clearest clue you can get.
It can only mean one of a few things. You’re either being pranked, facing short-term memory loss or someone else used your account.
5. You are notified that someone else logged in to your account
As a security protection, many companies take notice of how, when and where you log in to your account. If you do a lot of traveling or use a variety of computers, tablets and phones, you may already be familiar with messages about “unknown devices” or locations. Sometimes that’s just a mix-up, but it could be trouble.
These messages may require a response to approve attempted logins, or they might just be letting you know it happened. Either way, you should immediately log in yourself — without using any links in the warning message, in case it’s a fake made by identity thieves — and reset your password.