Email is one of the most frequently used forms of communication. It's no wonder then that many cyber criminals are using fake emails to not only hijack your email account but also to steal your identity and more. In most cases, it's a potential entry way into your social media accounts, your online banking services, your website and other online areas of your life.
As such, your own email is one of the most valuable digital assets you have.
However, it is also one of the most vulnerable digital assets, which is why knowing how to spot potential threats and what to do if your information has been compromised is crucial.
In today's article, we'll talk about different ways you can spot a fake email and what to do in the event your email gets hacked.
Related: Understanding Online Security Threats
4 potential signs of a fake email
There are four major red flags that can help you recognize a fake email:
-
Wrong email address.
-
Spelling and grammar mistakes.
-
Asking for personal information.
-
Threatening subject lines.
Read on to see if you can spot a fake email.
1. Wrong email address
The first thing you should check is the email address of the sender.
In most cases, hackers will use an email address that looks like it's coming from a trusted source but it will be misspelled or off by a couple of letters.
Double-check the email addresses to ensure it is indeed coming from the right address.
2. Spelling and grammar mistakes
Another red flag that signals a potentially fake email is the number of spelling and grammar mistakes.
While typos happen to everyone, it's not so common to receive an email from a known brand or business riddled with mistakes.
You should also look for the way they address you in the email. If it starts with "Dear Customer" and the sender usually uses your first name, chances are the email is fake and you should delete it.
3. Email contains links or attachments asking for personal information
The primary purpose of a fake email is to steal sensitive personal information. As such, it's not uncommon for fake emails to contain links or attachments that ask you to submit information such as your password, username, bank account number or Social Security number.
Be wary of any such emails and call the company or business first to double-check if they truly did request this information.
You'll often find that there is no need to submit that information via email as the company or business in question would already have it on file.
4. Threatening subject lines
Another common indicator of fake emails is a subject line that sounds like a threat such as "Urgent Action Required" or "Attention: Your Account Will Be Closed!" These subject lines can cause fear, which then prompts you to act on it and do whatever the email instructs you to do.
Usually, these subject lines are used with fake emails that appear to come from your bank or even from official government agencies. Instead of acting first, call your bank or get in touch with your local government office to confirm if the email just doesn't seem right.
Don't forget: Institutions such as the FBI or IRS won't use email as their initial means of communication.
Related: Open season for phishing scams and other security threats
How to tell if your email has been hacked
While it’s important to learn the signs of a fake email, you also need to know how to tell if your email has been hacked. Here's what you need to be on the lookout for.
Contacts complain about spam messages coming from you
The first sign of a hacked email is your contacts complaining about spam or strange emails coming from your email account. The spam messages are either sent to everyone in your address book or your contacts are receiving a large number of emails from your account.
Related: Fight back against hacks
You cannot access your email account
In some cases, hackers will change your password, which will prevent you from accessing your email account. If you find that you cannot log in with your usual credentials and you haven't changed them recently, chances are your email account has been hacked.
Unrecognized emails are in your sent folder
In the event that you can still access your account, check your sent folder as well as your trash folder for any unrecognized emails. If your account has been compromised, you'll find spam messages sent to your contacts.
At the same time, keep your eye out for any password reset emails for other sites you use on a regular basis.
If you didn’t initiate a password reset, it's almost certain someone is trying to break into those accounts and you should change your password and lock down the security immediately.
Related: 10 best practices for creating and securing stronger passwords
What to do if your email has been hacked
Having your email hacked is an unfortunate experience; however, there are certain steps you can take to prevent further damage and minimize the chance of another security breach.
1. Change your password
If your email has been hacked, the first thing you should do is change the password. This will prevent hackers from getting back into your account as well as kick them out if they're still using it.
You can use a service like LastPass to help you generate a more secure password for your email account as well as for your other accounts.
Consider implementing 2FA or two-factor authentication.
With 2FA enabled, you will need to enter a special code generated by an app such as Google Authenticator on top of entering your usual username and password. This one extra step goes a long way towards hardening the security of your email account.
Related: Password managers do the heavy lifting of online security
2. Unlink other accounts
You’ve probably used your email address to register for countless online services. Log in to those accounts and change the email address used for signing in as well as your password for those accounts.
Doing so will prevent hackers from gaining access to those accounts by using the password reset feature.
At the same time, be sure to notify financial institutions about the hack and change your login information. Your bank might also be able to help implement extra security measures and monitor your account for any unusual financial transactions.
3. Notify your contacts
Notify everyone in your address book that your email account has been hacked. This will prevent them from clicking on any links coming from you, which in turn can prevent their accounts getting compromised as well.
4. Notify your IT department
If the hacked email account belongs to your company, you should notify your IT department. They might be able to restore the account for you as well as implement proper measures to ensure no other data has been compromised.
Editor’s note: Does your business need professional email? Check out GoDaddy’s Professional Business Email. You’ll get award-winning customer service + data security and spam filtering.
5. Scan your computer for malware
You should also scan your computer for malware. If your scan results return positive, you will have to clean the computer or reinstall your operating system to get rid of any viruses, trojans, worms or other types of malware.
Related: How does GoDaddy Express Malware work to clean malware?
6. Create a new email address
Even if you regain access to your hacked account, consider creating a brand new email address with a strong password consisting of both uppercase and lowercase letters, numbers and symbols.
You should also create a separate email for online purchases and accounts that grant access to your sensitive information.
Final thoughts on fake email
Fake emails are nothing new and they aren’t slowing down. Luckily, there are ways to protect yourself against your email getting hacked.
Use this article to help you recognize the signs of potential fake emails and what to do in the event your email has been hacked.