How to Secure a Compromised Email Account

If an email user is not careful with the way they use their email account, it can become vulnerable to being compromised or hacked.

Common causes of an email account being compromised or hacked

  • The email user accesses their email account on a computer or device that happens to be infected with malware. The computer or device could be theirs, or someone else’s, or both.

    The malware secretly and invisibly monitors the user’s keystrokes or accesses their stored email settings, and transmits them to the malicious party.

  • The email user uses a weak or easily-guessed email account password, such as an English word or a combination of English words, someone or something they like or are associated with. A malicious party gets lucky while trying out the various possible passwords.

  • The email user uses a password for their email account that they also used on a different service, and that other service is compromised, or their operators are malicious.

  • The email user unknowingly enters their email account’s login details on a phishing site, such as a malicious website pretending to be a webmail service.

  • The email user writes down their email account login details somewhere, and it is discovered.

  • The email user stores their email account login details elsewhere digitally, either locally or remotely, and the storage is compromised.

  • The email user is in the process of entering their email login details when someone manages to sneak a peek, or it is recorded on camera or CCTV.

  • The email user shares their email account’s login details with a third party, and either the third party is malicious, or any of the above happens to the third party!

Steps to take when an email account is compromised

  1. Educate the email user about email security. Providing the above list of common causes will help them identify areas they need to work on immediately.

    Only proceed to the next step once the email user has fully understood the causes and taken the necessary steps or precautions to resolve any outstanding issues.

  2. Have the email user perform a complete anti-malware scanning and cleaning of any Windows-based computers or Android-based mobile phones or tablets with access to their email account.

  3. Sign in to your hosting account’s cPanel.

  4. Under the Email section, click Email Accounts.

  5. Click Manage next to the affected email account.

  6. Under Security, enter a new password.

    The new password should be unique, difficult-to-guess, and not used anywhere else. You may use the Generate button to help create a strong password.

  7. Under Restrictions, select Allow for each action.

  8. Click Update Email Settings to save your settings.

  9. Supply the email user with their new password.

  10. The email user can then sign in to Webmail and change their password at any time.

    Have them use a strong and unique password that they’ve never used anywhere before. They may find the built-in password generator helpful for this purpose.

    Webmail access details are found on the Info page for your hosting account at the Client Lounge.

  11. Once the user has changed their password, they will need to enter their new password into their various email apps (if any) on their devices.

  12. Let us know via a Client Care ticket that the above steps have been completed, so that we can adjust any server-side email restrictions that may have been put in place for your account or domain(s) by the security system.

The above steps will help increase the security of the email account and reduce the chances of that email account’s login details being compromised in the future.