4 ways to spot a fake email and what to do if your email is hacked

7 min read
Brenda Barron

Email is one of the most frequently used forms of communication. It's no wonder then that many cyber criminals are using fake emails to not only hijack your email account but also to steal your identity and more. In most cases, it's a potential entry way into your social media accounts, your online banking services, your website and other online areas of your life.

As such, your own email is one of the most valuable digital assets you have.

However, it is also one of the most vulnerable digital assets, which is why knowing how to spot potential threats and what to do if your information has been compromised is crucial.

In this article, we'll talk about different ways you can spot a fake email and what to do in the event your email gets hacked.

4 potential signs of a fake email

There are four major red flags that can help you recognize a fake email:

  1. Wrong email address.

  2. Spelling and grammar mistakes.

  3. Asking for personal information.

  4. Threatening subject lines.

Read on to see if you can spot a fake email.

1. Wrong email address

The first thing you should check is the email address of the sender.

In most cases, hackers will use an email address that looks like it's coming from a trusted source but it will be misspelled or off by a couple of letters.

Double-check the email addresses to ensure it is indeed coming from the right address.

However, more advanced hackers are able to mimic trusted email addresses and may even have a "verified sender" checkmark next to their email address.

It's always better to be safe than sorry, and you can always contact an organisation directly to check if an email really is from them.

2. Spelling and grammar mistakes

Another red flag that signals a potentially fake email is the number of spelling and grammar mistakes.

Although typos happen to everyone, it's not so common to receive an email from a known brand or business riddled with mistakes.

You should also look for the way they address you in the email. If it starts with "Dear Customer" and the sender usually uses your first name, chances are the email is fake and you should delete it.

The primary purpose of a fake email is to steal sensitive personal information. As such, it's not uncommon for fake emails to contain links or attachments that ask you to submit information such as your password, username, bank account number or other valuable personal information.

Be wary of any such emails and call the company or business first to double-check if they truly did request this information.

In the case of emails that ask you to click a link in order to log into your account, be very careful. Often hackers create authentic-looking login pages that are designed to capture your user name and password.

If you are concerned that the email may be authentic and you may need to take some action, don't click on the link in the email, but instead type the web address of the company in question into your browser. That way you can be 100% sure you're logging into a legitimate site.

4. Threatening subject lines

Another common indicator of fake emails is a subject line that sounds like a threat such as "Urgent Action Required" or "Attention: Your Account Will Be Closed!" These subject lines can cause fear, which then prompts you to act on it and do whatever the email instructs you to do.

Usually, these subject lines are used with fake emails that appear to come from your bank or even from official government agencies. Instead of acting first, call your bank or get in touch with your local government office to confirm if the email just doesn't seem right.

Sometimes, you may get emails claiming to be from bodies like HMRC offering you a tax refund. These look to play on a person's sense of greed - so don't be fooled into thinking you're in for an unexpected windfall.

How to tell if your email has been hacked

While it’s important to learn the signs of a fake email, you also need to know how to tell if your email has been hacked. Here's what you need to be on the lookout for.

Contacts complain about spam messages coming from you

The first sign of a hacked email is your contacts complaining about spam or strange emails coming from your email account. The spam messages are either sent to everyone in your address book or your contacts are receiving a large number of emails from your account.

You cannot access your email account

In some cases, hackers will change your password, which will prevent you from accessing your email account. If you find that you cannot log in with your usual credentials and you haven't changed them recently, chances are your email account has been hacked.

Unrecognized emails are in your sent folder

In the event that you can still access your account, check your sent folder as well as your trash folder for any unrecognized emails. If your account has been compromised, you'll find spam messages sent to your contacts.

At the same time, keep your eye out for any password reset emails for other sites you use on a regular basis.

If you didn’t initiate a password reset, it's almost certain someone is trying to break into those accounts and you should change your password and lock down the security immediately.

What to do if your email has been hacked

Having your email hacked is an unfortunate experience; however, there are certain steps you can take to prevent further damage and minimize the chance of another security breach.

1. Change your password

If your email has been hacked, the first thing you should do is change the password. This will prevent hackers from getting back into your account as well as kick them out if they're still using it.

You can use a service like LastPass to help you generate a more secure password for your email account as well as for your other accounts.

You can learn more about creating strong passwords in this guide.

2. Consider implementing 2FA or two-factor authentication

With 2FA enabled, you will need to enter a special code generated by an app such as Google Authenticator on top of entering your usual username and password. This one extra step goes a long way towards hardening the security of your email account.

3. Change passwords on other accounts

You’ve probably used your email address to register for countless online services. Log in to those accounts and change the password, especially if you were using the same password for your email account and your other online accounts.

Remember: You should use a unique password for every online account.

4. Notify your contacts

Notify everyone in your address book that your email account has been hacked. This will prevent them from clicking on any links coming from you, which in turn can prevent their accounts getting compromised as well.

5. Notify your IT department

If the hacked email account belongs to your company, you should notify your IT department. They might be able to restore the account for you as well as implement proper measures to ensure no other data has been compromised.

6. Scan your computer for malware

You should also scan your computer for malware. If your scan results return positive, you will have to clean the computer or reinstall your operating system to get rid of any viruses, trojans, worms or other types of malware.

If you need more information on this topic, read our guide: What is malware?

Final thoughts on fake email

Fake emails are nothing new and they aren’t slowing down. Luckily, there are ways to protect yourself against your email getting hacked.

Use this article to help you recognize the signs of potential fake emails and what to do in the event your email has been hacked.