Recognize and act quickly: What to do if your email account has been hacked?

When hackers gain access to an online account, quick action is crucial to prevent further damage. The BSI explains how to recognize that criminals have compromised your email address and password, what to do in an emergency, and how to protect yourself preventively.

Cyberattacks often result in criminal hackers gaining access to online accounts. According to the Federal Office for Information Security (BSI), eight percent of those affected by cybercrime experienced this last year. This can have serious consequences.

Among other things, the criminals can obtain the postal address and credit card information, buy or sell goods via the account, and send deceptively authentic spam messages to the victims' contacts in their name. If the stolen email address is used to reset other accounts, the criminals also have access to those.

To prevent the worst, swift action is crucial in an emergency, but those affected are often overwhelmed by this. Therefore, the BSI, in cooperation with the Federal and State Police Crime Prevention Program (ProPK), has published a checklist that victims can work through step by step. The brochure also includes tips on how to prevent such situations from arising in the first place.

Has anyone been affected?

First, it's essential to recognize that your email account has been hacked. There are several clear signs: alarm bells should ring if you can no longer log in despite using the correct password. You should also act quickly if your settings have changed or if you're logging in from an unknown new device.

What to do?

If you no longer have access to your account, contact the service provider immediately and warn your contacts. If you can still log in, change your password as soon as possible, end any active sessions, and check your account settings for any changes. In this case, too, it's essential to alert your contacts.

Then you should change the passwords of other potentially affected accounts and regularly check bank accounts and payment services like PayPal for unauthorized transactions. Authorities also recommend noting down all evidence in case you want to file a report.

How can you prevent it?

Even those not directly affected will find valuable tips in the brochure on how to prevent cybercriminals from accessing online accounts. The basic principle here is: a password alone is not enough.

Ideally, you should avoid passwords altogether and use passkeys instead, if services offer this option. If you still want or need to use passwords, you should at least activate two-factor authentication, which requires additional verification via a code sent by SMS or displayed on another device.

Furthermore, it's important to follow key security rules. These include using antivirus software, regular updates, using public Wi-Fi networks only with a VPN, and generally disclosing as little data as possible. Additionally, be cautious with emails and avoid carelessly clicking on links or opening attachments.