How to Protect Your Email Account from Hackers

Co-authored by Yaffet Meshesha and Darlene Antonelli, MA

Last Updated: March 10, 2023 Tested

This wikiHow teaches you how to keep your email account safe from hackers. Sadly, hackers and scammers often target peoples' email accounts to gain access to sensitive information, and their tactics can be pretty convincing. Having a secure password is just the beginning—you'll also need to watch out for scam emails with redirected login links, fake technical support representatives, attachments and software that install malware, and people looking to steal your identity.

Things You Should Know

Use a strong password that is more than 12 characters and a mix of numbers and upper and lowercase numbers. Further protect your account with 2-factor authentication.
Don't open attachments or click links in emails unless you are positive that they are safe. Always verify the sender's email address.
Make sure your computer is up to date and is running a current version of protection software.

Method 1

Method 1 of 2:

Setting Your Account Up Technically

1
Create a strong password. A good password is hard for other people to guess, difficult for software to crack, but easy for you to remember. It can be difficult to come up with a password that meets all of your email service's criteria that's actually easy to remember, but here are a few tips:
- Your password should be long: The golden rule now is that a password should be 12 characters and contain a mix of uppercase letters, lowercase letters, numbers, and symbols.^{[1]
  X
  Trustworthy Source
  Microsoft Support
  Technical support and product information from Microsoft.
  Go to source}
- Don't forget to password-protect your phone or tablet: Even if it makes it take a little longer to access your home screen, always password-protect your mobile devices. If someone else gains access to your unlocked phone or tablet, they'll have access to all of your apps, including your email.
2
Use a unique password for your email account. Avoid the temptation of reusing passwords on multiple accounts. If you use the same password to log in to your favorite website as you do your email, you're putting your email at risk—if someone cracks your password on that site, they'll also have your email password.
- Since there are so many passwords to remember nowadays, you may want to try using a password manager.
- Avoid choosing the option to save your passwords on the web. If you save your password to make it easier to log in, anyone using your computer may access your email. This is especially important when you're using a public computer.
Advertisement
3
Turn on two-step verification. Most of the popular email services, such as Gmail and Outlook, allow you to enable two-step verification, which adds a second layer of protection to your account. When two-step verification is turned on, you'll also have to enter a special security code that is sent to you via SMS or in an authentication app when logging in from an unknown source (a computer in a different area than you usually log in from). This makes it so if someone manages to crack your email password, they'd also need access to your phone to actually sign in.
4
Make sure your computer is up-to-date and protected. To stay safe, make sure your antivirus/antimalware software is up-to-date, and that you're running the latest version of your operating system and email application. Out-of-date security suites often don't have the coding necessary to deal with newer viruses or hacks.
- Also, be careful when installing free software—sometimes software comes with sketchy malware. Research apps before you install them.
- If you're using Gmail, you should frequently check which apps you've allowed access to your account or perform a Security Check. If you're using Outlook, you can check your account history to make sure nothing you haven't approved has happened.

Method 2

Method 2 of 2:

Being Careful

1
Avoid opening attachments unless you already know what it is. Unless you know exactly who the sender is and what the attachment is for, resist the urge to click anything in the email.^{[2]
X
Trustworthy Source
Federal Trade Commission
Website with up-to-date information for consumers from the Federal Trade Commisson
Go to source} Attachments can install malware on your computer, which makes it easy for hackers to access your email and your other personal information.
2
Don't click any login links or buttons in an email message. Scam emails might also include fake login links or buttons that redirect you to a different website that captures your password. These emails are often very convincing and look like they come from a legitimate company or service you do business with. Even clicking the link can bring you to a site that looks like one you use often.^{[3]
X
Trustworthy Source
Federal Trade Commission
Website with up-to-date information for consumers from the Federal Trade Commisson
Go to source}
- If an email asks you to log in to update information or correct a billing error, open a web browser window, go to the address of the website directly, and log in that way to see if anything needs to be changed.
3
Learn to identify phishing scams. Scammers may use email to target victims—they'll often send emails requesting personal information that can be used to forge your identity, such as your social security number or banking information. Never provide any personal information over email unless you know exactly who is requesting the information.
- If you're using Gmail or Outlook, you'll see a red or yellow message at the top of the email, warning you that the email might be spam or a phishing scam.^{[4]
  X
  Trustworthy Source
  Microsoft Support
  Technical support and product information from Microsoft.
  Go to source}
- Check the return email address—is the person claiming to represent a certain company but using a free email account? Check the domain name (the part that comes after the @ sign) in the email address—is that actually the company's domain name? Sometimes scammers register fake domain names that look like the real thing to bait victims. For example, you could get an email from @netfl1x.com instead of the actual site, @netflix.com.
- Does the message contain an offer that's too good to be true, or a claim that you've won a contest you never actually entered? Are you being asked to wire money to someone you don't know? These are all signs of scams.
- When in doubt, if a scammer claims to be affiliated with a company, contact the company or service directly by phone or on their website. If there's a phone number in the email, don't call it—instead, go directly to the company's official website and locate the phone number there. Sometimes scammers include fake contact information.
4
Do not share your password with anyone. If anyone ever asks you for your password—even if they claim to work for your email service's support team—do not give them your password. There is never a need for a technical support representative to ask you for your password over the phone or email. Your password is meant to be private.
5
Make your security question answers difficult to guess. If your email provider allows you to set up security questions in the event that you lose your password, don't enter answers that someone else can figure out, such as your mother's maiden name or your first pet's name.
- If the questions provided are pretty simple, you may want to enter something that isn't the actual answer to the question—such as "Flamingo" as your mother's maiden name. Just make sure not to forget what you enter!

Expert Q&A

Question

How common is it for your email to be hacked?

Yaffet Meshesha
Computer Specialist
Yaffet Meshesha is a Computer Specialist and the Founder of Techy, a full-service computer pickup, repair, and delivery service. With over eight years of experience, Yaffet specializes in computer repairs and technical support. Techy has been featured on TechCrunch and Time.

Yaffet Meshesha

Computer Specialist

Expert Answer

It's actually extremely uncommon. People tend to think that this kind of thing happens all the time, but it's actually pretty rare. These days, the main way you're going to get in trouble with emails is if you open a phishing scam.
Question

What's the best antivirus for Windows?

Yaffet Meshesha
Computer Specialist
Yaffet Meshesha is a Computer Specialist and the Founder of Techy, a full-service computer pickup, repair, and delivery service. With over eight years of experience, Yaffet specializes in computer repairs and technical support. Techy has been featured on TechCrunch and Time.

Yaffet Meshesha

Computer Specialist

Expert Answer

Windows actually has a built-in anti-virus program called Windows Defender. I know it feels like you're getting extra protection when you pay for an antivirus program, but those paid programs are actually not all that better than the built-in version on your PC.
Question

How can I tell if an email is legit?

Yaffet Meshesha
Computer Specialist
Yaffet Meshesha is a Computer Specialist and the Founder of Techy, a full-service computer pickup, repair, and delivery service. With over eight years of experience, Yaffet specializes in computer repairs and technical support. Techy has been featured on TechCrunch and Time.

Yaffet Meshesha

Computer Specialist

Expert Answer

You can typically get a read on this just by reading the domain where the email came from. So, if you get an email from "James at Amaz0n," you're not actually getting an email from anyone at Amazon. Some of this boils down to common sense, but scanning the email address is always a key step.