In the modern world, email is almost as essential as running water. That’s one reason why email hacking is so disruptive. As the backbone of personal and business communication across the Internet, having your Gmail hacked is intrusive, upsetting, and deeply inconvenient. If you’re unlucky, a have your Gmail hacked can also be dangerous.
How Was Your Gmail Hacked?
The word “hacking” often brings to mind a Matrix-like scene: a lone miscreant in a darkened room lit only by a computer monitor, chugging energy drinks and blasting techno music as he siphons billions into offshore bank accounts. That sort of advanced persistent threat does exist, but most of what we call “hacking” these days in far more mundane and impersonal.
A Gmail hack is typically the result of an attacker learning of your password. Unfortunately, this is often the result of a user’s mistake. There’s countless ways this can happen, but with a Gmail hack, one common vector is a phishing attack. An attacker might send you a phishing email that looks like a shared Google Doc. The email might even be sent from a trusted collaborator whose email has also been compromised.
When you click on the link, you might find yourself greeted by a standard Google login page. Unthinkingly, you’ll log in. What you might not realize until later is that you’ve just provided the attacker with your email address and password. Even savvy web users can fall prey to this attack and find their entire email account hijacked.
Why Was My Gmail Hacked?
There’s a few different reasons an attacker could try to gain access to your email account. Of course, the information contained in a email account is valuable, but it takes time to recover. Most often, a Gmail hack is motivated by the bugbear of the Internet: spam.
To be effective, spammers need thousands of valid email addresses. To get valid email addresses to hit with spam, attackers will siphon off the address books of active email accounts. Think of the hundreds of folks you’ve emailed since you opened your Gmail account. They’re now all targets for spammers.
Attackers might also use your account to give their spam emails validity. For example, you probably know enough about the Internet not to download attachments from strangers. But if a colleague sent you an email with a Google Sheet attached, you might not be as suspicious. By exploiting your social network, attackers can get a better return on their spammy investments.
If an attacker is just after your contact book for the sake of sending spam, you’re probably lucky. Sure, it’s massively inconvenient and embarrassing, especially if use that email for work, but you probably won’t suffer any serious damage as a result. But it’s not just about sending you offers for cheap pharmaceuticals, though, and attacks can be far more malicious.
After gaining access to your email account, attackers can reset the passwords for all the accounts that use that email as a contact point. This means FaceBook, LinkedIn, Twitter, even your bank—all of them could be open to attack. Your email address could also become a vector for malicious attachments. Those can do tons of damage to a users computer, from stealing money and trade secrets to disabling hardware or running a bot net. For a sense of the worst-case scenario, remember that the high-profile and disastrous Democratic National Committee hack in the US was performed over email.
What Should I Do If My Gmail Has Been Hacked?
Was your Gmail hacked? Then take these next steps as quickly as possible. Macs and iPhones aren’t affected by most email-borne viruses, but there are still some steps you need to take to recover your security.
Change your password
After a Gmail hack, change your Gmail password immediately. If you’re not sure how to do this, check out Google’s guide. The more quickly you change your password, the shorter the window for potential damage. Make sure your password is unique, secure, and reasonably long. If you’re not sure how to come up with a secure password, Google’s guide to strong passwords is a good place to start.
Check your sent emails
Look in your Sent emails to see if the attacker has been using your account to send spam. This isn’t exactly foolproof, as sophisticated attackers will delete emails from your account after they’ve been sent, but it’s worth a look.
Change your other passwords
If you used your email address as the primary contact point for social media platforms, change the password for those accounts immediately. Take this opportunity to make sure you’re using easy-to-remember, hard-to-guess passwords for your accounts. Again, Google’s own guide can be a great help here.
Alert your contacts
Alert your contacts to the hack as soon as possible. Tell them you’ve been the victim of an attack. Ask them to delete any emails they received from your address without opening them.
Report the attack to Google
While Google probably won’t be able to track down the perpetrator, they need to be aware that hacks are happening. This helps them improve the security of their email system and keep accurate statistics.
Having your Gmail hacked is absolutely miserable, but fortunately you can take steps to avoid it. Turn on two-factor authentication for Gmail and your other web services to help avoid account theft in the future. Also, practice a healthy suspicion online, and make sure your only enter login credentials on valid webpages.
You might also like: