How to Recover a Hacked Email Account
If friends say they are getting odd messages from you, or you can no longer log in, your email account may have been taken over. It is unsettling, because email is often the key to everything else, but it is usually fixable. Most providers have a clear recovery process, and the steps below walk you through it.
The aim is twofold: get back in, then lock the door so it does not happen again. Work through it in order and do not rush. If you would rather have a hand, this is a good one to do alongside a family member. This is one piece of a bigger picture, so it is worth reading our full guide to staying safe online as well.
Quick answer
Go to your email provider’s official sign-in page and use the “forgot password” or “can’t sign in” link to reset your password. Once you are back in, change the password to a new strong one, turn on two-factor authentication, and check the account settings for anything the hacker may have changed.
Step 1: Try to reset your password
Open your browser and go to your email provider’s own website, such as Gmail, Outlook, Yahoo or Bigpond. Do not use a link from any suspicious email. On the sign-in page, look for “Forgot password” or “Can’t sign in” and follow the prompts. The provider will usually send a code to your phone or a backup email to prove it is you.
Step 2: If you cannot get back in
If the hacker has changed your recovery phone or email, use the provider’s account recovery process, sometimes called “account recovery” or “more ways to verify”. This may ask questions only you would know. Take your time and answer as fully as you can. Australian providers like Telstra and Optus also have phone support if you are stuck, which you can reach through their official website.
Step 3: Lock the account down
Once you are back in, do these straight away:
- Set a new, strong password you have not used anywhere else.
- Turn on two-factor authentication so a password alone is not enough to log in.
- Check the recovery phone and email are still yours, and remove anything you do not recognise.
- Look in settings for mail “rules” or “forwarding” the hacker may have added to quietly copy your mail, and delete them.
Our guides on creating a strong password and two-factor authentication make these two steps easy.
Step 4: Tidy up and warn others
Let your contacts know your email was hacked, so they ignore any odd messages sent from it. If you used the same password on other accounts, change those too. And if any banking or shopping accounts use this email, keep an eye on them. You can report the incident to Scamwatch at scamwatch.gov.au if you would like advice or it led to any loss.
Before you finish
Download the free Family Tech Safety Checklist to help check phone safety, passwords, scam messages, emergency contacts and medical alarm details.
FAQ: Recovering a hacked email
How do I know my email was hacked?
Common signs are friends getting strange messages from you, being logged out, missing emails, or a password that no longer works.
What if the hacker changed my recovery details?
Use your provider’s account recovery process, which can verify you another way. Australian providers like Telstra and Optus also offer phone support through their official website.
Should I make a new email instead?
Usually no. Recovering your existing account keeps your contacts and history. Only consider a fresh start if recovery genuinely fails.
How do I stop it happening again?
Use a strong, unique password and turn on two-factor authentication. That combination stops most account takeovers.
Do I need to tell anyone?
Let your contacts know so they ignore any scam messages, and report it at scamwatch.gov.au if you would like advice.
