Everyday Security in an Online World

Secure a Compromised Account

Finding out

If it’s your email or a social media account that’s compromised, you might hear from a friend who’s received a suspicious message purporting to be from you.

If it’s an account with an online shop, the first you might know is when you receive a receipt for an item you didn’t buy, or spot an unfamiliar transaction on your bank statement.

Or you might be alerted directly by the account provider. Larger companies in particular are getting good at spotting potentially fraudulent behaviour, for example if your account is accessed from another country.

How it happened

If one of your accounts is compromised, the attacker almost certainly learned your password by tricking you with a phishing email (see Recognise Social Engineering).

It’s very unlikely that the attacker has actually accessed your computer, tablet or phone. Instead, they are simply logging into your account from their own computer.

Change your password

Log into the website or app and look for a section like ‘My Account’ or ‘Settings’, then use the option to change your password.

If you can’t log in because the attacker has changed your password themselves, you’ll need to use the ‘forgotten password’ facility instead.

The new password should be one you have never used before on any account. Ideally, let your browser or password manager generate a password for you (see Use Strong, Unique Passwords).

Check your security details

With your password changed, the attacker can no longer log into your account using the old, stolen password. However, they might have changed your security details — for example, substituting your phone number with theirs – meaning they can now use the ‘forgotten password’ facility and have a recovery code sent to their phone.

So, check the security details on your account. You should recognise all phone numbers and email addresses.

Log out other sessions

If the attacker still has your account open in their browser, they might be able to go on causing problems for a while after you have changed your password. If your account has a facility to forcibly log out all other devices, use it.

Special considerations for email

If an attacker breaks into your email account, they might make some additional and more sinister changes.

One is to switch on mail forwarding, meaning that any emails people send you from now on will not reach you but will instead be rerouted to the attacker.

Another is to establish blocked senders so you no longer receive messages from particular people or companies. Similarly, the attacker may create rules or filters that move certain incoming emails into folders so you won’t find them in the inbox.

And they might enable an autoresponder so that anyone emailing you immediately receives a pre-written reply from the attacker.

You should check for all these things when dealing with a compromised email account.

Finally, most major email providers let you create app passwords, different from your main password, for compatibility with older software. Check the relevant section in your account settings and delete any app passwords you find.

Note that you cannot use an email app like Outlook, Thunderbird, or the Mail app on your phone or tablet to change your email password or check your security details and other settings. Instead, use a browser like Chrome, Edge, Firefox or Safari to visit the website of the company that operates your email.

Prevention is better than cure

The single best thing you can do to reduce the likelihood of your account getting compromised again is to enable two-factor authentication (see Use Two-Factor Authentication).

This is particularly important on your email account. If your email provider does not support two-factor authentication, consider switching to one that does.

If you found this useful, you can support my work by buying me a coffee or ordering a paperback or Kindle copy of the book.