Email Account Compromise

An Email Account Compromise (EAC) is a type of cyber-attack where a scammer or hacker gains unauthorised access to someone's email account. Once the attacker has access to the account, they can use it for a variety of malicious purposes. A compromised email account could result in it being used to send fraudulent emails. If it happens to you, your contact list could be exploited, and bogus accounts could also be created to impersonate you.

Accounts can be compromised through phishing, where attackers trick users into entering credentials via deceptive emails. Credential stuffing and password attacks exploit reused or weak passwords, while malware like keyloggers captures login details without the user’s knowledge. Social engineering tactics also manipulate individuals into revealing their login information.

How to tell if someone else has access to your email account

Unrecognised messages sent from your account

If you see emails in your sent folder that you didn’t write, it’s a strong indicator that someone else has accessed your account. This is especially concerning if the emails contain links or are sent to others. Additionally, if you receive complaints about spam coming from your email, it's likely your account has been hacked.

Unexpected password reset alerts

Receiving notifications about password changes you didn’t initiate could suggest that someone else is attempting to access your account.

Missing emails

Hackers and scammers may delete emails in an effort to cover their tracks. If emails are missing from your inbox, it could mean unauthorised access has occurred.

What to do if your email account has been compromised

If the password you used for the compromised email account is the same for any other accounts or services, please change these immediately.

If you haven't done so already, it may still be possible to recover and regain access to your compromised account if you have previously set up a recovery email address or phone number, however, these may have been altered when the account was compromised. Use a search engine (e.g. Bing, Google) to find out how to recover your email address, and change your password as soon as access has been granted.

If you cannot regain control of the account consider contacting the service provider and requesting it to be closed down completely.

Contact any people you feel need to know about this account compromise and any bogus accounts.
Use a trusted method to contact them, i.e. email from a trusted account, call or text by phone.
Advise them not to response or in any way engage in communication with these bogus accounts, and if they are unsure to contact you by other means.
Advise them to mark any emails received from bogus email accounts as spam or junk before deleting. If you are unable to regain control of your legitimate account advise them to do the same with any emails received from it.

If you are unable to regain access and have subscribed to any services using the compromised email account, update the email address or stop the subscription as soon as possible.

If the hacker gets no response or value from the data using compromised/bogus accounts, they will typically fall out of use in due course.

Downloadable documents

A Guide to Email Account Compromise Infographic (PDF)

Page last reviewed - 28/04/2025.