Email is an essential tool, one that’s fundamental to doing business and managing all the online services we use. We need it to be secure, but unfortunately, that’s not always the case. While that sounds alarming, you can take steps to prevent your email from being compromised or to address it if it happens.


Fastmail’s privacy features can help you keep your email secure. Learn about why Fastmail is the best choice for private email.

Compromised email accounts should be taken seriously and addressed immediately. In this article, we’ll discuss how email accounts can become compromised and what you can do to ensure your information remains secure and private.

What Is a Compromised Email Account?

A compromised email account is one that has been accessed by someone other than its owner. This can happen when someone takes advantage of a weak password or uses an online scam to gain access to an account. Once a scammer has compromised an email account, they can go through any associated accounts and attempt to steal even more private information.

While it’s tempting to take the possibility of compromised email lightly, to think “who cares if someone reads my email? I don’t have anything to hide,” your email is the gateway to many of your other online accounts. User IDs, password resets, and other access points can make a compromised email account far more impactful than just someone reading your junk emails.

How Does Your Email Account Get “Hacked”?

Your email can get compromised (sometimes referred to as “hacked”) through various means, but some of the most common include the following:

  • Practicing poor password habits, such as selecting easy-to-decipher passwords or continually using the same password across multiple accounts.
  • Falling prey to phishing scams.
  • Failing to log out of shared/public computers.

A scammer can take advantage of any of these methods to access your email and start taking sensitive information, and once they get started, it’s difficult to stop them. Often the best way to avoid having your email account compromised is by making your password complex enough that a scammer won’t easily guess it. Additionally, you should avoid any emails that appear suspicious.

You can also use tools that can help you manage and protect your passwords, such as 1Password.

Can Opening Your Email Get You “Hacked”?

Relax - simply opening an email is generally not a risky activity. However, it pays to be vigilant about whether your email is from a legitimate sender. You should make sure you trust the person or organization before you take any action the email suggests.

You can check whether an email is legitimate by taking the following steps:

  • Note whether the sender’s email domain matches the business they’re supposedly emailing from. For example, if a sender claims to be from your bank, their email address should be from yourbank.com.
  • Look for tricky misspellings in the sender’s email domain, such as substituting letters for numbers, e.g., “y0urbank.com.”
  • Analyze whether the subject heading or language in the email body is using over-the-top emotional triggers, such as “URGENT MESSAGE REGARDING YOUR ACCOUNT” or “ACT NOW!” These are often attempts to make you act without thinking.

If you suspect your email is suspicious, delete it. If you’re not sure, take steps to protect yourself, such as never clicking on any links inside or opening attachments that you’re unsure of.

How Do You Know if Your Email Has Been Compromised?

The easiest way to tell if your email has been compromised is if you suddenly can’t access it anymore. If your password is being denied after being entered correctly, and you’re certain that you didn’t change it, it’s highly likely that a scammer has compromised your email and changed the password.

There may also be situations where a scammer has gotten into your email without changing your password to avoid suspicion that something’s wrong. In this situation, it’s important to watch for emails in your inbox, sent folder, and even your trash folder that you don’t recognize, or unexpected emails from places like your bank regarding certain transactions or changes to your account information.

Signs Your Email Has Been Compromised

Other signs that your email has been compromised are notices of new app passwords you didn’t create and logins from locations you haven’t been to.

If you suspect your email account has been compromised, it’s also important to ask your contacts if they’ve received any suspicious emails you didn’t send.

How Do I Find Out if Someone Is Using My Email?

It’s concerning to think that someone else might be using your email, but there are some resources you can use to make sure the only person using your account is you.

Fastmail makes it possible to look through your account activity to see exactly how your account has recently been accessed, the IP address it was accessed under, and the date and time of any given activity. If any of the previously mentioned information doesn’t match your own activity, there’s a good chance that someone else is using your account.

To do this, go to your Login Log. You can find this at Settings → Password & Security. Once there, click Review next to Logged In Sessions, then click View all logins in the last 4 weeks. Logins cannot be edited or deleted from this log, so this page shows the full history of every time your account was accessed over the last four weeks.

Using “Have I Been Pwned?”

Another resource you can use to find out if your email has been compromised is the website Have I Been Pwned?. This site allows users to input an email or phone number and find out if either of them has been connected to a data breach. If the site is able to find any potential breaches, it will tell you exactly where they originated from and roughly when they occurred.

If your email address is tied to a company that recently experienced a “hack,” Have I Been Pwned? will provide as much information possible on the extent of the data breach and suggest the next steps to better secure your email. This includes making sure your email password is unique and hasn’t been used across other services.

You can also prevent your email from being compromised by using unique email addresses that don’t identify you with each of your online accounts in conjunction with strong, unique passwords. Using Masked Email by Fastmail along with 1Password makes this easy.

What Happens if My Email Is Compromised?

Once a scammer compromises your email, there are a number of things they can do with your personal information. Your email is a doorway to all of your accounts and devices, and it can be used to reset passwords, delete accounts, or gain access to other sensitive data. In addition, scammers often use compromised email accounts to send spam or phishing attempts to your contacts, so it seems as though they’re coming from a trusted source.

Can Someone Access My Bank Account with My Email Address?

Another potential result of a compromised email account is identity theft. Sometimes gaining access to your sensitive financial information is as simple as changing the password on your online bank account, which a scammer can do without issue if they’ve completely locked you out of your email. Banks will implement some additional security measures to ensure this doesn’t happen, but the most skilled scammers can still make their way around such roadblocks.

What Are Next Steps When Your Email’s Been “Hacked”?

If you discover that your email account has been compromised, it’s important to remain patient and vigilant. The first thing to do is assess how extensive the “hack” is, and take the following measures to secure your email and any associated accounts as much as possible.

  1. If you still have access to your email, change the password immediately and implement any two-factor authentication measures available.
  2. Go through each of your accounts tied to your email, change their passwords, and add any additional security measures. Update your accounts in order of importance: first, start with credit and banking accounts, then work through other accounts that would have financial information. Move on to social media accounts that contain other personal information, and finally secure any remaining accounts that a scammer is less likely to take advantage of.
  3. Once you’ve secured your email, you should inform your connections that you’ve been “hacked.” Warn them not to click on any emails or messages you didn’t send, and delete them immediately. If your social media accounts have been compromised due to an email “hack,” ask your friends and family to report and block your old account so the scammer can no longer impersonate you. It’s important to inform anyone close to you of your “hack” as soon as possible, so they don’t fall prey to the same hacker.
  4. Stop using that email address entirely and choose an email provider that works to ensure your privacy and provides tools that help keep you secure online.

How Fastmail Protects Your Email Account from Being Compromised

At Fastmail, our top priorities are your data's privacy and your email's security. We know how quickly “hacking” techniques can evolve; that’s why we’re always developing new measures to effectively protect every aspect of our customers’ data.

Fastmail provides the tools you need to keep your email private, from two-factor authentication to a record of login attempts made on your account. Thanks to our partnership with 1Password, you also get access to hundreds of email aliases that minimize the amount of exposure your actual email address receives, protecting you from potential phishing and spam.

Fastmail supports using custom domains, so you can have comprehensive protection and data privacy whenever you’re online. All of it serves to deter scammers and keep them away from your data, ensuring your life isn’t derailed by those who would use your information against you.

If you need help, you can rely on Fastmail’s customer support team. You’ll be able to get help from a real person who’s knowledgeable about email and will work with you to provide the answers you need.

Take control of your email account’s privacy and sign up for your 30-day free trial of Fastmail today.