A step-by-step guide to recovering a hacked email

A step-by-step guide to recovering a hacked email.

A great number of users nationally and internationally have reported incidents of email account hacking, prompting cybersecurity experts to urge swift action to prevent long-term damage.

With access to a single email account, hackers can potentially infiltrate multiple other online services, steal sensitive data, or deceive contacts into sharing financial details.

“Email remains the central hub of digital identity,” explains Asad Mehmood, a Lahore-based cybersecurity analyst. “If compromised, it offers a gateway into banking services, cloud storage, shopping apps and even social media platforms.”

Recent cases reported to Which? Tech Support, a UK-based advisory platform, reflect how hackers often use compromised email accounts to send phishing emails to contacts or request digital gift cards under false pretences.

Also read: Now you cam link your email with your WhatsApp account: Here’s how

Victims often remain unaware until friends or family alert them.

Below, experts outline a six-step recovery process and provide preventive tips to secure digital communications.

A complete guide to recovering hacked email

1. Change Password Immediately

If you still have access to your email, change your password without delay. Use a strong, unique password that has not been used for any other account.

• Gmail: Go to Manage your Google Account > Security > Password

• Outlook: Access My Microsoft Account > Security > Change password

• Apple (Mac): Navigate to System Settings > Apple ID > Sign-In & Security > Change Password

If access is lost, use the ‘Forgot password’ option during login to initiate account recovery. Most services will verify your identity via linked mobile numbers or alternate email addresses.

2. Log out of all devices

Hackers often remain logged in even after you change your password. Visit your account’s device management settings and force log out from unknown or suspicious devices.

• Gmail: Manage all devices under Security

• Outlook: View my devices under Security

• Apple ID: Scroll to the bottom of Apple ID settings to review and remove devices

3. Disable auto-forwarding

Auto-forwarding allows hackers to receive future emails even after being locked out. This setting is often overlooked.

• Gmail: Settings > See all settings > Forwarding and POP/IMAP > Remove any forwarding addresses

• Outlook: Settings > Email > Forwarding – disable if enabled

• iCloud Mail: Settings > Mail Forwarding – uncheck “Forward my email to”

4. Review inbox filters

Hackers may create filters to divert important messages or hide replies from email providers.

• Gmail: Settings > Filters and blocked addresses

• Outlook: Settings > Email > Rules

• iCloud Mail: Settings > Rules tab

Delete any filters you did not set up yourself.

5. Notify your contacts

If the hacker sent phishing emails to your contacts, it’s best to notify them that your account was compromised and warn them against engaging with suspicious messages.

“This is vital for damage control,” says Mehmood. “Scammers often impersonate users to extract money or sensitive data from their friends and relatives.”

6. Secure other accounts

Change the passwords of any accounts linked to the compromised email, especially if they share the same or similar passwords.

Hackers often attempt to reset passwords for services like banking, social media, or e-commerce by using the victim’s email for verification.

Why does this matter in Pakistan?

Cybercrime in Pakistan has seen a sharp rise over the last five years, particularly in urban centers like Lahore, Karachi and Islamabad.

According to the Federal Investigation Agency (FIA), over 100,000 complaints of digital fraud—including email and social media account takeovers—were reported in 2023 alone.

Also read: ‘Funny rejection’: Man gets rejected via email during interview

“Users here tend to reuse passwords across platforms and rarely enable two-factor authentication,” says a senior official at FIA’s Cybercrime Wing.

“That makes it easier for cybercriminals to launch brute-force or phishing attacks.”

How to prevent email hacks in the future

• Use Strong, Unique Passwords: Avoid using the same password for multiple accounts. Consider using a password manager.

• Enable Two-Factor Authentication (2FA): All major providers support 2FA, adding a vital layer of security.

• Use an Authenticator App: Apps like Google Authenticator or Microsoft Authenticator are more secure than SMS-based codes.

• Keep Recovery Options Updated: Ensure your email and phone number are current in account recovery settings.

• Monitor Account Activity: Routinely check login history and device access logs.

With increased digitisation of services—including education, banking, and government portals—email security is more important than ever.

In many cases, particularly in Pakistan, a compromised email can also lead to identity theft, loss of business data, and even legal consequences if sensitive information is misused.

Schools, media houses, and government departments have all fallen prey to such breaches in recent years.