Email Breached? What Steps to Take When Time Is Critical

Greg Wilson, Head of Information Security
October 18, 2018

It seems all too common now that you open an email that begins something like, “Recently, our company discovered a cyberattack on our corporate database. While we have no evidence that your financial information was accessed or compromised, we are asking all users to users to change their passwords in order to help ensure our customers' trust and security.” The email makes it sound like all you need to do is change your password, but do you truly know how to protect yourself when your email has been breached?

Here’s how to limit the damage during an email breach. 

Take ownership of your email account. 
If you have been locked out of your account, follow the directions provided by your email provider to recapture your account, in addition to the following measures: 

  • Thoroughly review your account to ensure that your security questions and answers have not been changed or that your recovery email address has not been modified or is no longer valid.
  • Review your address and other personal contact information to ensure that they have not been modified. Avoid providing sensitive personal information that could be used to steal your identify if your email account is breached.
  • Review your signature and out of office messages to ensure that they have not been altered.
  • Review your sent and trash folders in your mailbox to see if there were emails sent and/or deleted that require your immediate attention.
  • Ensure your emails are not forwarded to an unknown email address and only known devices and applications are authorized to connect to your email account.
  • Review your “Sending name” and “Reply to address” to ensure they have not been altered.
  • Confirm there are no rules or filters you did not set up enabled in your account. These can be used to direct incoming emails to the trash or another folder so you do not see them.


Now that you have regained control of your email account, let’s correct the likely point of access into your account … your password.

Change your password.
After a hack, there is often a moment of realization that having “password” as your password was probably not the best idea. Creating the right password is often about balancing convenience and memorability with security. Make your password stronger and ensure that it does not contain any information that you share on social media or your favorite slogan, such as “Hook’em.” Avoid birthdays, your children’s names, place of birth or other items that are easily discovered from your Facebook, LinkedIn or other accounts. Avoid using the same password for email as you would use for sensitive accounts such as banking, brokerage or other financial accounts. Use a password that is longer with a combination of letters, numbers and symbols.

Enable Two Factor Authentication/Verification.
This is an extra layer of security in which the user provides two means of identification from two different components. It requires a username and password which only you know and also something that only you would have access to, most likely your mobile phone. This feature sends you a text or calls your mobile phone with a code that you have to enter before access is granted to your email from a new device. The instances of email breaches will likely be significantly reduced by enabling this functionality. However, it’s important to ensure that you really read the verification requests when you receive them because you could be granting someone else access to your email.

Report the email breach.
Report the breach to your email provider and work with them to identify how the breach occurred and what actions have been taken on your behalf. They may also have other resources to help protect your account in the future and to identify future attempts to compromise your account again.

Contact the affected parties.
Reach out to anyone who was impacted by your email breach and let them know that an email breach occurred. Make arrangements to have a secondary source of verification for any sensitive requests that they received from you in email such as funds requests, changes to wiring instructions, bank transactions or address changes. 

Clean your device.
Make sure you install or update your antivirus and anti-malware. Run a full scan on your computer to remove any viruses and malware as soon as possible. Also, configure updates to automatically download and install. Don’t forget to download the latest operating system patches for Windows or iOS, as well as Adobe, Java and others, which are leading causes of account compromises. The software patches installations are critical because they contain repairs to correct security vulnerabilities that have been discovered in their software. Don’t forget to update to the latest supported browser, which will also get you the latest security updates. 

Avoid risky behavior.
While most of the above are actions you can take to play stronger defense against an attack, some actions you take online can significantly increase the likelihood of an email breach. It’s likely you have performed some or all of these actions in the past without consequence, but that doesn’t eliminate the fact that your risk increases when you take the actions listed below: 

  • Sharing a Password: Don’t reveal your password to anyone, even technical support. If you inadvertently reveal it or discover that it has been compromised, then change your password immediately.
  • Clicking on Suspicious Attachments: Avoid clicking on attachments from unknown senders, such as pictures or email links.
  • Taking the Bait: Always type in the web address to the vendor yourself and do not use the link included in the email. One trick is to hover over the link to see if the actual website matches the company that sent you the email.
  • Not Verifying the Contact: Call the number listed on your bank/brokerage statement or the back of your credit card to reach your financial institution.
  • Oversharing Private Information: Never provide any sensitive information, such as Social Security numbers or account numbers, if someone calls you asking to verify your identity or your account information. Never provide sensitive information via email or verify account credentials via links in emails.
  • Starbucks Banking: Never conduct sensitive financial transactions while connected to an unsecured network.

This guide is not intended to be all-inclusive but steps that should be considered if you suspect that your email account has been compromised or ways to prevent future email breaches. In today’s world, it’s impossible to completely prevent a targeted hacking attack or having your email compromised, but you can significantly reduce the likelihood it will occur and thwart attempts. 

If you would like more information on safeguarding your email, please review NIST 800-45 Guidelines on Electronic Mail Security.

The Emergence of Fee-based Planning

Tips for delivering high-value service and advice in the digital world.