Email was Hacked? Here’s What You Should Do

Written By Tom Kelly

Discovering that your email has been hacked is not a great experience and it's not a good look for your business. Email accounts often contain sensitive information, trade secrets, personal correspondence, access to other online accounts, and worst of all Your Online Identity that Customers and Associates Trust. 

Here’s What You Should do If Your Email was Hacked

1. Confirm and Assess the Breach:

Promptly confirm any suspicious activity or signs of compromise in your business email. This may include unexpected password changes, unusual outgoing emails, or reports of unauthorized access from your team.

2. Actively Contain the Incident:

Immediately regain control of the compromised email account. Key actions include:

  • Change the email account password to a strong, unique one.

  • Enable two-factor authentication to add an extra layer of security.

3. Consider Getting Professional Cybersecurity Help (Like us):

If Your Email Was Hacked, there’s a lot of liability (more on that later) than can come from it. The quicker you investigate, assess the situation, and mitigate, the less costly it will be.

Hackers are good at engineering persistence into your environment. You don’t want your response to turn into a game of whack-a-mole.

We regularly investigate and respond to these types of email security incidents, and we’ve seen a lot of companies make costly mistakes.

4. Investigate and Document:

Hackers will often use your email account to:

  1. Send malicious emails to customers, vendors, etc. used to phish their credentials, spread ransomware, and trick people into sending them money (wire fraud). 

  2. Spy on you

  3. Steal sensitive information

  4. Access other accounts

You’ll need to determine:

  • Which Accounts were Accessed?

  • How Your was Account Accessed:

    • Via a phishing email?

    • Malware?

    • Compromised credentials shared across multiple accounts?

    • Social Engineering?

    • Vulnerability? (if you host an email server)

  • Who (customers, vendors, etc) was sent Malicious Emails?

  • What information was accessed?

Hackers will often engineer persistence or backdoors in your network and sometimes they’ll re-route emails to them, so they won’t lose access after you change passwords. This needs to be investigated too.

A Hacked email can often be part of a larger security breach. Conduct an internal investigation to ascertain the extent of the breach and identify any potential data compromise. Document all of this, especially if you’re in a regulated industry.

5. Notify Affected Parties:

Notify everyone who received a malicious email. 

There is a lot of liability involved with these malicious emails, it could lead to a data breach, ransomware, or wire fraud and other scams. This will help reduce the chances of damages.

6. Review and Clean Email Activity:

Thoroughly review the email account(s) for any unauthorized sent or received messages. After documenting and notifying affected relevant parties. Remove any suspicious emails from the inboxes and outboxes, to prevent anyone from clicking them again. If you have an un-send option, use it.

7. Comply with Breach Notification Laws:

If people’s personal identifiable information (PII) was exposed, you’ll need to notify them. Depending on how many people’s information was exposed you may need to notify state attorney generals.

If you are in a regulated industry (HIPAA, GLBA, FINRA, CMMC) you’ll need to notify the regulatory bodies.

You may need a data privacy / cybersecurity attorney for this.

8. Monitor your Email and Network:

Over half of victims of cyber crime are re-targeted, the hackers learned a lot about your company, they will likely use this information to re-target your company. Continuously monitor the email account and other IT systems for any further unusual activity.

9. Review Tighten Security Measures:

Implement tighter security measures for all business accounts:

  • Conduct a full security audit of email account settings and implement best security practices.

  • Reinforce security policies and educate employees on cybersecurity awareness and best practices.

  • Review and update other network security measures.

10. Check Domain Reputation:

If your email was used to send malicious emails and/or SPAM, theres a good chance that Internet Service Providers (ISPs), Email Hosting Providers, SPAM filtering companies, etc have flagged and blacklisted your domain. This means your email may get blocked in the future until you clear this up.

Need Help With a Hacked Email?

Call our cybersecurity emergency hotline. You’re not alone.

The Cybersecurity Emergency Team

Phoenix, AZ Based

Nationwide Cybersecurity Incident Responders

Tom Kelly
Previous

So Your Website has been Hacked and Redirected
Next

HIPAA Cyber Incident Response Requirements