Bitesize Cyber Series - How To Check If Your Email Credentials Have Been Leaked

So far, we have tackled many prominent issues surrounding cybersecurity, including:

• How to dispose of old devices without leaking data
• How to secure your personal devices
• How to protect your photos and videos from unauthorised access
• How to spot a phishing email
• The rise of a new cyberthreat - What is quishing?
• How to create a strong password
• How to secure your home Wi-Fi

This month’s focus is on how to check if your email has been compromised.

What are email credentials?

Email credentials are the unique email addresses and passwords that you use to gain access to your email account.

What would hackers want with my email credentials?

Almost everything we sign up for across the internet uses an email address. Online banking, shopping, logging into social media networking sites, file sharing platforms, business related accounts/software, the list goes on.

We tend to spread our email addresses rather openly for something that is so pivotal in this digital age. Quite quickly, we can lose track of what we have used it to sign up to over the years. For a cybercriminal, a compromised email inbox is a jackpot, as it can result in huge reward for them and total chaos for the victim.

From your email inbox, it’s easy for a cybercriminal to piece together a pretty cohesive picture of your life, and from there they can look to impersonate you. This could include social engineering attacks against someone you know, signing you up for unwanted services that may send you spam, or even using your information to do criminal activities on the dark web.

How to know if your email has been hacked?

There are a number of signs that might indicate that your email has been infiltrated by someone.

1. You’re unable to sign in to your email account as the password has been changed.
2. There are unauthorised messages in your sent box.
3. Your contacts have received spam emails from your account.
4. You have received multiple password change requests from websites and apps you’re signed up to.
5. Your email inbox is receiving a large volume of spam emails.
6. You were notified that your email address was included in a data breach.

What to do if your email has been hacked?

If your email address has been hacked, it’s important to act quickly to limit the damage as much as possible.

Step 1 – Assess the severity of the leak

Firstly, you need to figure out how your information was leaked. Was it via a data breach/ Did you fall victim to a phishing scam? Were you included on an exposed list?

You can use websites like Have I Been Pwned or Norton Breach Detector to identify where your information has been leaked. Once you have identified what the source of the data breach is, or who, check to see if they have taken any steps to address the breach or inform their users as to the next steps.

Step 2 – Change your password

If you have any reason to believe your email account has been compromised, you should change your password immediately. Use a strong, unique password that is not easily guessed. If you struggle to remember your passwords, consider using a password manager to help store (and generate) your passwords.

Top tip: Set up multifactor authentication on your email account to make it harder for cybercriminals to gain access in the future.

Step 3 – Notify your contacts

If you’re worried that your email has been compromised, we recommend letting your friends, family, colleagues or any other important individuals who have your email address know. Ask them to be on the lookout for any unsolicited emails from you and be very careful about any potential phishing attempts that may be in the pipeline.

Step 4 – Check your settings and sent folder

Did you know that cybercriminals can set up automatic forwarding to send your emails to a different address? Comb through your email settings to check that none of your settings have changed. This could include random filters or email forwarding rules.

It’s also worthwhile reviewing your sent folder too. If you spot an unfamiliar email in your sent box, then it is a clear indicator that your email address has been hacked.

Step 5 – Continue to monitor closely

Unfortunately, this is not a once and done item on the checklist. We recommend that you do regular checks for any suspicious activity on your account. Look out for any password reset requests, emails that you didn’t send in your sent box, and any signs of unexpected login attempts.

If you have any accounts linked to the email address in question, such as social media profiles or banking, you should also monitor those closely too.

Step 6 – Invest in antivirus

Depending on your preferences, you could also look at downloading antivirus software, which can scan your software to ensure there is nothing sinister skulking around in the shadows of your devices. There are both free and paid versions available.

Step 7 – Create a new email address

If you are noticing that you’re getting constant spam or phishing emails, then there is a good chance your email has been a victim of email address or exposed in a leak.

You may want to consider creating a new email address and updating any accounts connected to the compromised email address to the new email address.

It could be beneficial to have several different email addresses, each focused on a particular aspect of your life. For example:

• An email account specifically for any very important things such as banking, mortgages, investments or pensions.
• An email account tied to your various social media accounts.
• An email account for any shopping and subscriptions.
• An email account for any other miscellaneous accounts that don’t fall into the above categories.

By separating your accounts, you’ll be able to reduce the fallout if one email address gets compromised.

When setting up your new account(s) there are a few things you should keep in mind:

• Do not delete your compromised account – It may sound strange, but many experts caution users from deleting email accounts. Did you know that most email providers recycle email addresses? If you delete your email account, it can go back into circulation, meaning that if a cybercriminal gets their hands on it, they can spam every website with the ‘forgot my password’ request to gain access to your account. Once they are in, they can try to impersonate you or capitalise on any saved bank account numbers if it’s an online store.
• Never reuse passwords – This one should go without saying. All email accounts should have strong, unique passwords to limit the likelihood of a breach.
• Enable multifactor authentication – For added security, we recommend that you always use multifactor authentication.

Step 8 – Report the leak

If you ever suspect that your account was hacked or exposed, report it to your email provider immediately for further guidance. They may be able to investigate and offer additional security measures to reduce the level of damage. Not only that but reporting also helps email providers track scam-based behaviour so they can improve the platform’s security and reduce the chance of it happening to others.

If you think that your email is being used for illegal activity, report it to your local authorities or visit the National Cyber Security Centre website for more guidance. 

By following these steps, you can help minimize the risk and mitigate any potential damage caused by your email address being leaked.

Worried about cybercrime?

When it comes to cybercrime, many SMEs don’t have sufficient cyber insurance. But the reality is, the risk of cybercrime impacting your business far outweighs many other risks that you would cover for without a second thought. It’s time to get real about cybersecurity. To find out more about cyber insurance, give us a call on 0330 029 5626 or visit our dedicated cyber insurance page 

About the author

Marc Rocker, Head of Cyber has been with Towergate for over 15 years advising commercial clients of all sizes on their business insurance needs.

As Head of Cyber Insurance, Marc has responsibility for ensuring that the advice and products that Towergate provides meet clients’ needs. Marc is a member of the British Insurance Brokers’ Association (BIBA) cyber technical committee.

Consistent with our policy when giving comments and advice on a non-specific basis, we cannot assume legal responsibility for the accuracy of any particular statement. In the case of specific problems, we recommend that professional advice be sought.