Here are some best practices to safeguard your email accounts and recover them when needed.
Login to your account:
- if password has not been changed, it’s easy.
- If you cannot login, try “Forgot Password” and or any other recovery options
- If all of them have been changed, contact the mail provider and report compromise or there is nothing much you can do. Since you cannot proceed further. All you can do is to inform via other means to all your contacts(as many as you know) that your email has been hacked and not to respond to any emails from that account to protect them from being victimized.
Change Password:
- If you are able to login, change your password, it obviously should not be simple, use as many different combination of letters, numbers and special characters. Best would be to use password managers to generate and save them.
Change Recovery Option:
- Changing password alone is not enough.
- Check to assure that your alternate email id and phone number used for password reset is not changed.
- Make changes to recovery options like Security questions.
- Hacker could easily compromise your email again using those recovery options if not changed by clicking “forgot password”.
Check linked accounts:
- Probably hacker has access to all of your accounts that are linked to hacked account. Check all the account and apply step 2 to all of them.
Keep Backup:
- Keeping backup of all your datas is one of the easiest and critical action users have to take.
- What if you are not able to access to your account after all tries? You lose all your data , a backup will save you.
Use encryption:
- Use encryption : for instance exchanging pgp keys and using them while exchanging critical emails like transactions details. This would prevent unauthenticated emails.
It is more about prevention since recovery and tracing source (hacker ) is complex and in most cases not possible. Please read “Protecting Privacy on the Internet” for online best practice.