A hacked email account is one of the most stressful things that can happen to anyone with a computer. Your email is the master key to almost everything else — banking, shopping, social media, council tax, work logins. If an attacker controls it, they can reset passwords across your whole digital life. We see it every week with customers across Edinburgh, from Leith and Morningside to Musselburgh and Dalkeith, and the pattern is almost always the same: a single weak or reused password, no two-factor authentication, and panicked recovery a few days too late.
The good news is that if you act quickly, you can usually take the account back, lock the attacker out, and prevent the worst of the damage. Here’s the step-by-step guide we use when an Edinburgh customer rings us in a panic.
How to Tell If Your Email Has Actually Been Hacked
Before you do anything drastic, check whether the account has really been compromised. The clearest signs are:
- Friends, family or colleagues mention spam or odd messages from your address.
- Items you didn’t send appear in your Sent folder — or your Sent folder has been emptied.
- Password reset emails arrive for accounts you didn’t request.
- Your password no longer works, even though you’re sure it’s right.
- A login alert pops up from a country or device you don’t recognise.
- Mail rules or forwarding addresses appear that you never set up.
If only one of these is true, it could still be a glitch — but if two or more match, treat it as a real intrusion and move on to the steps below.
Step 1: Change Your Password Immediately (From a Clean Device)
Sign in and change your password straight away. Make it long — at least 14 characters — and unique to that account. Never reuse a password you’ve used elsewhere.
One important detail: change the password from a device you trust. If your home PC has malware on it, anything you type could be captured by a keylogger. If you’ve been seeing the symptoms in our signs your PC has a virus guide, use a different device — a phone you’ve never had problems with, or a friend’s laptop — until you can have your computer cleaned.
Step 2: Sign Out All Other Sessions
Most providers let you forcibly log out every device that’s currently signed in. This kicks the attacker out even if they’re still inside the account.
- Gmail: Account → Security → “Your devices” → sign out from anything you don’t recognise.
- Outlook / Microsoft: account.microsoft.com → Security → Sign-in activity → “Sign out everywhere”.
- Apple iCloud: appleid.apple.com → Devices → remove anything unfamiliar.
- Yahoo: Account Info → Recent activity → sign out of all sessions.
Step 3: Turn On Two-Factor Authentication
Two-factor authentication (2FA) is the single biggest thing you can do to stop this happening again. Even if your password leaks, the attacker still needs the second code from your phone.
An authenticator app (Microsoft Authenticator, Google Authenticator or Authy) is far more secure than SMS codes, which can be intercepted via SIM swap attacks. We have a full walkthrough in our how to set up two-factor authentication guide.
Step 4: Check for Sneaky Account Changes
Once an attacker is in, they often add a quiet backdoor so they can return later, even after you change the password. Before you relax, check and remove anything you didn’t set up:
- Forwarding rules — mail being silently copied to an address you don’t recognise.
- Filters — rules that auto-delete password reset emails so you never see them.
- Recovery email and phone number — make sure both still belong to you.
- App passwords / connected apps — revoke any third-party app you don’t recognise.
- Reply-to address — sometimes changed to redirect replies elsewhere.
Step 5: Reset Anything Linked to That Email
Think of every account that uses this email address as the recovery option: online banking, Amazon, eBay, PayPal, social media, your council MyGov account, work logins. If the attacker had even an hour inside your inbox, they may already have triggered password resets elsewhere.
Change the password on every account that uses the email — especially anything financial. A password manager makes this far less painful; we cover the basics in our Edinburgh password manager guide.
Step 6: Tell Your Contacts
Send a short message to friends, family and colleagues letting them know your account was compromised and to ignore anything suspicious sent in the last few days. Phishing attacks often piggy-back on hacked accounts because messages from a familiar sender slip past people’s defences. A heads-up stops the attacker spreading further through your network.
Step 7: Check Your PC for Malware
If you can’t explain how the attacker got in, the most likely culprits are a leaked password from another website (check yours at haveibeenpwned.com), a phishing email you clicked, or malware on the device you use most.
Run a full scan with Windows Defender, then a second-opinion scan with Malwarebytes. If you find anything — or if the symptoms persist after cleaning — bring the machine to us. Our virus and malware removal service includes a deep clean, removal of any keyloggers or remote-access tools, and proper protection going forward.
How to Stay Safe From Now On
Once you’ve regained control, a few habits will make this far less likely to happen again:
- Use a unique password for every account — a password manager makes this realistic.
- Turn on 2FA on every account that supports it (especially email, banking and social media).
- Be suspicious of urgent emails asking you to log in; check our phishing scams guide for the warning signs.
- Avoid logging in to important accounts on public Wi-Fi — see our public Wi-Fi safety guide for safer habits.
- Keep Windows and your browser fully patched.
How We Can Help
If you’ve been hit and don’t know where to start — or if you suspect there’s malware on your PC behind it — we can help. We work with home users and small businesses across Edinburgh, the Lothians and Fife, including Bonnyrigg, Penicuik, Livingston and Linlithgow.
We’ll clean your computer, secure your email and other accounts, set up 2FA properly, and make sure no remote-access tools are left behind. Bring your laptop to us, or use our home and office callout service if you’d rather we came to you. Book online or get in touch — the sooner you act, the less damage an attacker can do.