Skip to content
ScamSniff
← Back to Home

Account Security

What to Do If Your Email Account Gets Hacked: A Step-by-Step Guide for Seniors

9 min readBy ClearShield Team

If you think your email account has been hacked, here is the most important thing to know right now: you can fix this. Millions of people deal with hacked accounts every year, and most recover fully — especially when they act quickly.

This guide walks you through exactly what to do, step by step, in plain language. No technical experience needed.

How to Tell If Your Email Has Been Hacked

Before we get to the fix, let's make sure something actually went wrong. Here are the most common warning signs:

  • You can't log in, even though you're entering the right password
  • Friends or family tell you they received strange emails from you that you never sent
  • You notice emails in your Sent folder that you didn't write
  • Your email password was changed without you doing it
  • You're getting "password reset" notifications from banks or shopping sites you didn't request
  • Your email address shows up in a data breach notification

If any of these sound familiar, keep reading. You have work to do — and the sooner you start, the better.

Step 1: Try to Regain Access Immediately

Your first goal is to get back into your account before the hacker changes anything else.

Go to the login page of your email provider (Gmail, Yahoo Mail, Outlook, etc.) and try your current password. If it works, skip ahead to Step 3. If it doesn't, use the "Forgot Password" or "Can't access my account?" link right on the login screen.

Your email provider will send a recovery code to your backup phone number or backup email address — a number or address you set up when you created the account. Check both.

If you can't remember your backup address or no longer have access to that phone number, look for the option that says "Try another way" or "I need more help." Most providers have an account recovery form where you answer questions to prove you're the real owner. Be patient — this process can take a day or two.

> Tip: If this is a Gmail account, Google's account recovery page is very good at helping you prove you're the real owner. Have your phone nearby — they often send a verification prompt to it.

Step 2: Contact Your Email Provider's Support

If the self-service recovery doesn't work, call or chat with customer support directly.

  • Gmail (Google): Search "Google account recovery help" and use the chat or phone options under your account settings
  • Yahoo Mail: 1-800-305-7664
  • Outlook / Hotmail (Microsoft): Search "Microsoft account support" for live chat options

Tell them your account was hacked and you can't get back in. They deal with this every day and will walk you through it.

Step 3: Change Your Password the Moment You're Back In

Once you're inside your account, change your password immediately. Don't wait.

A strong password for email should:

  • Be at least 12 characters long
  • Use a mix of letters, numbers, and symbols
  • Not include your name, birthday, or address
  • Be different from every other password you use

A good trick: use a passphrase — three or four unrelated words strung together. Something like Purple-Train-Bicycle-Lamp is actually very strong and easier to remember than P@ssw0rd123.

Write your new password down on paper and keep it somewhere safe at home — not on your computer.

Step 4: Turn On Two-Step Verification

Two-step verification (sometimes called two-factor authentication or 2FA) means that even if someone gets your password, they still can't get into your account without a code sent to your phone.

Here's how to turn it on:

  1. Go to your email account's Security Settings
  2. Look for "Two-step verification" or "Two-factor authentication"
  3. Follow the prompts to link your phone number
  4. From now on, when you log in, you'll enter your password AND a 6-digit code texted to your phone

It adds about 10 extra seconds to logging in — and it blocks the vast majority of hackers. Well worth it.

Step 5: Check What the Hacker May Have Done

Now that you're back in control, look around. You need to know what happened.

Check your Sent folder. Were any emails sent in your name? Look for anything you didn't write — especially messages asking people to send money, click a link, or call a phone number.

Check your Inbox for password resets. Did the hacker request password resets for any of your other accounts — your bank, Amazon, PayPal? Look for emails from those services that you didn't request.

Check your account settings. Look to see if:

  • Your recovery phone number or backup email was changed
  • Any email "forwarding" rules were added (this lets hackers receive copies of all your future emails)
  • Your account name or profile was changed

Delete any forwarding rules you didn't create. Change your recovery phone and backup email back to your own.

Step 6: Alert Anyone Who May Have Been Targeted

If the hacker sent emails from your account to your contacts, those people may have clicked on dangerous links or been tricked into sending money.

Send a short email to your contacts — or call the ones you're closest to — letting them know your account was hacked, that you're in control now, and that they should not click any links or respond to any unusual requests they received from you recently.

A simple message works fine:

> "My email account was hacked recently. If you received any strange messages from me asking for money, gift cards, or to click a link — please ignore them. I'm sorry for any concern. My account is now secure."

This is important. Hackers often use stolen email accounts to run "grandparent scams" or fake emergency requests against the account owner's family.

Step 7: Change Passwords on Any Accounts Linked to That Email

Your email address is the master key to your digital life. Any account that uses that email to log in or reset a password is now potentially at risk.

Make a list of the most important ones and change their passwords today:

  • Your bank or credit union
  • PayPal, Venmo, or Zelle
  • Amazon or any online shopping accounts
  • Social media (Facebook, Instagram)
  • Medicare or Social Security online accounts

Use a different, strong password for each one. Yes, this takes time — but it's the most important protection you can do right now.

Step 8: Put Identity Monitoring in Place

Here's something most people don't think about: when a hacker gets into your email, they may have already read weeks or months of old messages. That means they could have seen your Social Security number, bank statements, medical bills, insurance cards — any sensitive document you've ever emailed or received.

That information can be used for identity theft — opening new credit cards in your name, filing a fraudulent tax return, or accessing your medical benefits — sometimes months after the original hack.

The best way to protect yourself going forward is to use an identity monitoring service that watches for your personal information being misused.

Aura is one of the most trusted options for this. It monitors your Social Security number, bank accounts, credit reports, and the dark web (a hidden part of the internet where stolen data gets sold), then alerts you immediately if anything looks suspicious. It also includes up to $1 million in identity theft insurance.

After a hack, Aura gives you real peace of mind — because you know someone is watching your back even when you're not.

Step 9: Protect Yourself from Future Hacks

Once you've cleaned up the damage from this hack, take a few extra steps to make sure it doesn't happen again.

Use a VPN when on public Wi-Fi. Places like coffee shops, libraries, and airports have Wi-Fi networks that hackers can easily spy on. A VPN (Virtual Private Network) encrypts your internet connection so no one can intercept your passwords or personal information.

NordVPN is easy to use — even for people who've never used a VPN before. You install it on your phone, tablet, or computer, and then just tap one button to turn on protection. Your first month is completely free, so it's worth trying.

Keep your devices updated. When your phone or computer asks you to install an update, say yes. Updates often fix security weaknesses that hackers use to break in.

Be suspicious of email links. Even from people you know. If an email asks you to click a link and log in somewhere, go directly to that website by typing the address yourself instead. Hackers often send fake login pages that steal your password.

A Quick Reference Checklist

Print this out and keep it handy:

  • [ ] Try to log in; use "Forgot Password" if blocked
  • [ ] Contact email provider support if self-recovery fails
  • [ ] Change your email password immediately
  • [ ] Turn on two-step verification
  • [ ] Check Sent folder and account settings for damage
  • [ ] Alert contacts who may have received suspicious emails
  • [ ] Change passwords on bank, PayPal, Amazon, and social media
  • [ ] Set up identity monitoring with Aura
  • [ ] Install NordVPN for safer browsing going forward

You're in Control Now

Discovering your email was hacked is scary. But by following these steps, you've done exactly what needed to be done. You've locked out the intruder, cleaned up the damage, and put better protection in place.

The people who suffer the most from email hacks are the ones who freeze up or wait. You didn't. That matters.

Want to make sure this never happens again? Join thousands of seniors who get our free weekly security tip delivered to their inbox — simple, practical, and always in plain English.

Get Our Free Weekly Security Tip

Short, simple, and jargon-free. One tip a week to keep your accounts safe. Join 3,000+ readers. Unsubscribe any time.

Affiliate Disclosure: This article may contain affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. We only recommend products we genuinely believe in. This helps support our work and allows us to continue providing free content.

email securityhacked accountidentity theftonline safetyseniors