If a scammer has swiped your password and is using your account to spew spam, take action and add measures to help stop it from happening again.
If you still have access to the compromised account, changing the password is one of many steps you should take to protect yourself. If you are having trouble regaining control of the account, visit your mail provider’s site for instructions on recovering your account. Apple, Google, Microsoft and Yahoo all have guides on their sites, as should other email and internet service providers. Tell your friends that your account was hacked and to ignore any odd messages that appear to have come from you.
Your account may have been hacked through malicious software, so scan your computer for malware and viruses with a security program. If you do not have security software installed, you can use Microsoft’s built-in Windows Defender or Microsoft Security Essentials. Avast and AVG are among the many companies that make free basic antivirus software for Windows and Mac. Malwarebytes has free and trial versions of its malware-scanning program for Windows and Mac that can work alongside antivirus software. You should also update your computer and devices with the latest security updates.
Next, check your mail settings to make sure nothing has been changed — like copies of your messages set to forward to an unfamiliar addresses, unfamiliar entries in your address book, or new links or information added to your email signature file. Take this opportunity to change and update your security questions and answers that your provider uses to confirm your identity if you use the Forgot Password option.
While you are in your mail settings, set up two-factor authentication or two-step verification if you have not already and the feature is available from your mail provider. You will need to provide a code or acknowledge a login attempt on another device after you enter your password, but the extra step helps keep your account more secure.
If you have rescued your account and bolstered its defenses, you should be able to keep using the address as a login for other sites, but go in and change the password you used with it, along with all the other passwords for other sites where you used the address as your login. You should also update any site where you repeatedly used the same password as the one for the hacked mail account.