How to Keep Your Email Safe from Hackers, Phishing, & AI Scams

PDF download Download Article
Plus, what to do if your email gets hacked & how to secure it
PDF download Download Article

Hackers and scammers often target people's email accounts to gain access to sensitive information, and their tactics can be pretty convincing. But never fear: this wikiHow will teach you how to keep your email account safe from hackers. Having a secure password is just the beginning—you'll also need to watch out for scam emails with redirected login links, fake technical support representatives, attachments, and software that installs malware, and people looking to steal your identity. Keep reading to learn more, with expert tips from cyber safety specialist Sgt. Scott Nelson, JD, and tech specialist Gonzalo Martinez.

Keep Your Email Safe From Online Hackers

Use a strong password that combines letters and numbers, and enable two-factor authentication (2FA). Only open attachments that you know are safe, and never click links from someone you don't know. Also, always ensure that your computer and antivirus software are up to date.

Section 1 of 3:

PDF download Download Article
  1. A strong password should be hard for other people to guess, difficult for software to crack, but easy for you to remember. It can be tough to come up with a password that meets all of your email service's criteria and is easy to remember, but here are a few tips: [1]
    • Make it long. The golden rule is that a password should be at least 12 characters long and contain a mix of uppercase and lowercase letters, numbers, and symbols.
    • Choose random words. The more you use common phrases, dates, and quotes, the easier your password will be for hacking programs to guess.
    • Don’t use personal information. Avoid putting your birthday, house number, or name in the password (even a middle name).
    • Password-protect your phone or tablet. Even if it takes a little longer to access your home screen, always password-protect your mobile devices. If someone else gains access to your unlocked phone or tablet, they'll have access to all of your apps, including your email.
  2. Although it’s tempting to recycle passwords, don’t use your email password for multiple accounts. If you use the same password to log in to your favorite website as you do your email, you're putting your email at risk, because if someone cracks your password on that site, they'll also have your email password.
    • Since there are so many passwords to remember nowadays, try using a password manager .
    • Avoid choosing the option to save your passwords on the web. If you save your password to make it easier to log in, anyone using your computer can access your email. This is especially important when using a public computer.
    Advertisement
  3. Most popular email services, such as Gmail and Outlook , allow you to enable two-step verification, which adds a second layer of protection to your account. With two-step verification enabled, you'll have to enter a special security code that is sent to you via SMS or an authentication app when logging in from an unknown source (a computer in a different area than you usually log in from). [2]
    • This secures your email, making it so that if someone manages to crack your email password, they'd also need access to your phone to sign in.
    EXPERT TIP

    Brandon Phipps

    Technology Specialist
    Brandon Phipps is a Technology Specialist based in Bakersfield, CA. He is the owner of Second Star Technologies and specializes in Managed IT Services for small and mid-sized businesses in Bakersfield, CA. With over 23 years of experience, he offers expert cloud computing, cybersecurity, and network management solutions. Brandon is a committed community member and coach who leads and innovates in tech and sports coaching. His dedication to local businesses and communities is evident in his hands-on, tailored approach to IT solutions.
    Brandon Phipps
    Technology Specialist

    Enable two-factor authentication on all your digital accounts. That applies to all your personal accounts, business accounts, finances, client information, and productivity apps. Two-factor authentication protects your sensitive data from unauthorized parties and reduces the risk of security breaches. [3]

  4. To stay safe, ensure your antivirus and antimalware software are up to date and that you’re running the latest version of your operating system and email application. Out-of-date security suites often lack the necessary coding to deal with newer viruses. When installing antivirus software, Nelson also has a few safety tips:
    • “You need to be the one initiating that download or purchase of the software,” Nelson says. “So if you see something pop up on your screen that says, ‘Warning, you need to download and install this software,’ I would not recommend that.” [4]
    • “If you go to Costco or a Target or something, you can actually buy a CD or thumb drive directly from them that you can install on your computer,” adds Nelson. [5]
    • In other words, ensure your software comes from a trustworthy and thoroughly verified source! Research all apps and programs before installing them.
  5. Unless you know exactly who the sender is and what the attachment is for, resist the urge to click anything in the email. [6] Attachments can install malware on your computer, making it easy for hackers to access your email and other personal information.
  6. Scam emails may also include fake login links or buttons that redirect you to a different website that captures your password. These emails are often very convincing and look like they come from a legitimate company or service you do business with. Even clicking the link can take you to a site that resembles one you use often. [7]
    • If an email asks you to log in to update information or correct a billing error, open a web browser window, go to the website's address directly, and log in that way to see if anything needs to be changed.
  7. Scammers may use email to target victims—they often send emails requesting personal information that can be used to forge your identity, such as your Social Security number or banking information. Never provide any personal information via email unless you know exactly who is requesting the information.
    • If you're using Gmail or Outlook, you'll see a red or yellow message at the top of the email, warning you that the email might be spam or a phishing scam. [8]
    • Check the return email address. Is the person claiming to represent a certain company but using a free email account?
    • Does the message contain an offer that's too good to be true, or a claim that you've won a contest you never actually entered? Are you being asked to wire money to someone you don't know? These are all signs of scams.
    • When in doubt, if a scammer claims to be affiliated with a company, contact the company or service directly by phone or on their website. If a phone number is included in the email, don't call it—instead, visit the company's official website and locate the phone number there. Sometimes scammers include fake contact information.
    EXPERT TIP

    Brandon Phipps

    Technology Specialist
    Brandon Phipps is a Technology Specialist based in Bakersfield, CA. He is the owner of Second Star Technologies and specializes in Managed IT Services for small and mid-sized businesses in Bakersfield, CA. With over 23 years of experience, he offers expert cloud computing, cybersecurity, and network management solutions. Brandon is a committed community member and coach who leads and innovates in tech and sports coaching. His dedication to local businesses and communities is evident in his hands-on, tailored approach to IT solutions.
    Brandon Phipps
    Technology Specialist

    Be careful when clicking on links or sharing your personal information online to avoid security breaches. Cybercriminals send emails with malicious links to deceive users. Verify the sender's identity and take precautions before clicking on any links or sharing personal information to prevent unauthorized account access.

  8. If anyone ever asks you for your password—even if they claim to work for your email service's support team—do not give them your password. There is never a need for a technical support representative to ask you for your password over the phone or via email. Your password is meant to be private.
  9. If your email provider allows you to set up security questions (for use in the event that you lose your password), don't enter answers that someone else can figure out, such as your mother's maiden name or your first pet's name. Choose questions and answers that nobody else would know but you!
    • If the questions provided are pretty simple, you may want to enter something that isn't the actual answer to the question, such as "Flamingo" as your mother's maiden name. Just make sure not to forget what you enter!
  10. 10
    Avoid logging into your email in public. It’s even easier for hackers to access private information if you’re using public Wi-Fi (or a public computer). So, try not to log into your email with public Wi-Fi, unless you have a VPN (Virtual Private Network) to encrypt your data. Furthermore, public computers have a higher risk of containing spyware, so avoid using them to access your email or any sensitive information.
    11. Advertisement
Section 2 of 3:

Protecting Yourself From Phishing & AI Scams

PDF download Download Article
  1. 1
    Learn to recognize the signs of an AI-created scam. With AI, scammers can create convincing photos, videos, email messages, and even fake audio clips of people’s voices. “What you want to pay attention to is the distinct differences in the header of the email,” says Nelson. “For example, if you get an email from Amazon.com , that’s normal. But some of this spam could come from what looks like Amazon, but it’s spelled A M A S O N.” [9]
  2. 2
    Verify that the person contacting you is who they claim to be. If you get a suspicious message from someone, use a verified email address or phone number (not the one used to contact you) to get in touch with that person and confirm whether or not they actually emailed you. You can also do this with companies; if a company emails you about an issue, visit their actual website and use the contact information there to ensure the issue is real. [12]
    • In short, never accept an email as truth without verifying it first!
  3. 3
    Use code words to confirm loved ones’ identities. Say you get a scam email (or text) that looks like it’s from a family member—how do you know it’s a scam? Well, if you and your family discuss code words beforehand, you can pick a secret word that means it’s really them, and when the person trying to scam you doesn’t use it, you’ll be able to see through the ruse. [13]
  4. 4
    Take your time, even if the message is urgent. Scammers often make their emails sound urgent, as though something bad will happen if you don’t respond immediately with the information they want. However, don’t give in to the urgency! If an email appears to be spam, take the time to verify it, regardless of how urgent it seems. You don’t need to rush into anything, and it’s better to be cautious. [14]
  5. 5
    Report scams targeting you or your loved ones. “Contact your local law enforcement agencies,” Nelson urges. “They're going to have the best up-to-date information about whether or not this can be a federal crime or a state crime. They can take the report themselves, or they can provide you with either a state or federal agency to contact.” [15] Furthermore, when you report targeted scams, you can also get help in protecting yourself from them.
    6. Advertisement
Section 3 of 3:

What to Do If Your Email is Hacked

PDF download Download Article
  1. 1
    Recover your hacked account. Most email providers have web pages you can access and use if your email gets hacked (which is where your security questions and alternate contact information will come in handy). Follow the instructions given by your email providers to recover your hacked email account—and then take steps to secure it.
    • For example, here are email account recovery instructions for Google , Outlook , and Yahoo .
  2. 2
    Change your password and secure your account right away. Do this as soon as your account is recovered; until you change your password, the hacker can still get back into your account. Use the tips above to choose a super secure password—and, while you're at it, enable two-step verification to give your account an extra layer of security. Hopefully, this will prevent further hacking attempts! [16]
    • It’s also a good idea to change your password periodically, if possible!
  3. 3
    Check on your other email accounts. Even if you haven’t seen any signs that your other accounts have been hacked, it’s best to check them thoroughly (and change your passwords there, too). If a hacker gains access to one email, they could potentially gain access to others, so ensure that everything is completely secure, not just the original hacked email.
  4. 4
    Let your contacts know what happened. Once your account is recovered and secure, reach out to your contacts and inform them of the hacking. They may have received strange emails from the hacker; be sure to explain when your email was hacked so they’ll know which messages, if any, to delete. Also inform them that your account is secure again, so they don’t get worried! [17]
    5. Advertisement

How Do I Keep My Data Secure In The Cloud?


Expert Q&A

Search
Add New Question
  • Question
    How can I tell if an email is legit?
    Yaffet Meshesha
    Computer Specialist
    Yaffet Meshesha is a Computer Specialist and the Founder of Techy, a full-service computer pickup, repair, and delivery service. With over eight years of experience, Yaffet specializes in computer repairs and technical support. Techy has been featured on TechCrunch and Time.
    Yaffet Meshesha
    Computer Specialist
    Expert Answer
    You can typically get a read on this just by reading the domain where the email came from. So, if you get an email from "James at Amaz0n," you're not actually getting an email from anyone at Amazon. Some of this boils down to common sense, but scanning the email address is always a key step.
    Thanks! We're glad this was helpful.
    Thank you for your feedback.
    If wikiHow has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission. Support wikiHow
    Yes No
    Not Helpful 0 Helpful 3
  • Question
    How common is it for your email to be hacked?
    Yaffet Meshesha
    Computer Specialist
    Yaffet Meshesha is a Computer Specialist and the Founder of Techy, a full-service computer pickup, repair, and delivery service. With over eight years of experience, Yaffet specializes in computer repairs and technical support. Techy has been featured on TechCrunch and Time.
    Yaffet Meshesha
    Computer Specialist
    Expert Answer
    It's actually extremely uncommon. People tend to think that this kind of thing happens all the time, but it's actually pretty rare. These days, the main way you're going to get in trouble with emails is if you open a phishing scam.
    Thanks! We're glad this was helpful.
    Thank you for your feedback.
    If wikiHow has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission. Support wikiHow
    Yes No
    Not Helpful 0 Helpful 7
  • Question
    What's the best antivirus for Windows?
    Yaffet Meshesha
    Computer Specialist
    Yaffet Meshesha is a Computer Specialist and the Founder of Techy, a full-service computer pickup, repair, and delivery service. With over eight years of experience, Yaffet specializes in computer repairs and technical support. Techy has been featured on TechCrunch and Time.
    Yaffet Meshesha
    Computer Specialist
    Expert Answer
    Windows actually has a built-in anti-virus program called Windows Defender. I know it feels like you're getting extra protection when you pay for an antivirus program, but those paid programs are actually not all that better than the built-in version on your PC.
    Thanks! We're glad this was helpful.
    Thank you for your feedback.
    If wikiHow has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission. Support wikiHow
    Yes No
    Not Helpful 2 Helpful 6
See more answers
Ask a Question
200 characters left
Include your email address to get a message when this question is answered.
Submit
      Advertisement

      Video

      Tips

      • If you have to type your password multiple times due to page reloading or internet issues, do not copy and paste your password. Always type it. If you have it copied, you should copy a random word after that, so when you leave the computer, another person can't paste it onto a page.
        Thanks
        Helpful 0 Not Helpful 0
      • When creating a password, try choosing a word you can remember, but breaking up the letters with numbers and symbols. For example, w9i0k2i1h0oW! blends "wikiHow" with "90210" and adds an exclamation point to the end for good measure. This can be a helpful way to remember complicated passwords.
        Thanks
        Helpful 1 Not Helpful 1
      Submit a Tip
      All tip submissions are carefully reviewed before being published
      Name
      Please provide your name and last initial
      Submit
      Thanks for submitting a tip for review!
      Advertisement

      You Might Also Like

      22 Tips to Protect Your Facebook Account from Hackers
      How to
      Clear Your Browser's Cookies
      How to
      Block Cookies in Chrome, Safari, & More
      4 Simple Ways to View Cookies in a Web Browser
      4 Ways to Block Porn on Android from Websites and Apps
      How to
      Verify a PGP Signature
      How to
      Access Blocked Websites
      How to
      Delete Tracking Cookies
      Block a Program from Accessing the Internet with Windows Firewall
      End McAfee Pop-Up Notifications on Windows and macOS
      How to
      Hack a Computer
      Everything You Need to Know About VPNs and Your Phone
      How to
      Keep Your Address Private
      How to
      Install an SSL Certificate on a Server
      Advertisement

      References

      1. https://edu.gcfglobal.org/en/internetsafety/creating-strong-passwords/1/
      2. https://support.google.com/answer/2451907?hl=en
      3. https://consumer.ftc.gov/articles/use-two-factor-authentication-protect-your-accounts
      4. Scott Nelson, JD. Cyber Safety Specialist. Expert Interview
      5. Scott Nelson, JD. Cyber Safety Specialist. Expert Interview
      6. https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
      7. https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
      8. https://support.microsoft.com/en-us/office/help-protect-your-outlook-com-email-account-a4f20fc5-4307-4ece-8231-6d4d4bd8a9ba
      9. Scott Nelson, JD. Cyber Safety Specialist. Expert Interview
      1. Scott Nelson, JD. Cyber Safety Specialist. Expert Interview
      2. Scott Nelson, JD. Cyber Safety Specialist. Expert Interview
      3. https://it.wisc.edu/news/ai-powered-scams-how-to-protect-yourself-2024/
      4. https://it.wisc.edu/news/ai-powered-scams-how-to-protect-yourself-2024/
      5. https://it.wisc.edu/news/ai-powered-scams-how-to-protect-yourself-2024/
      6. Scott Nelson, JD. Cyber Safety Specialist. Expert Interview
      7. https://it.wisc.edu/news/ai-powered-scams-how-to-protect-yourself-2024/
      8. https://it.wisc.edu/news/ai-powered-scams-how-to-protect-yourself-2024/

      About This Article

      Article Summary X

      1. Make sure your computer is up-to-date and protected.
      2. Use a VPN (if you're using a public computer).
      3. Create a strong password.
      4. Use a unique password for your email account.
      5. Turn on two-step verification.
      6. Avoid opening attachments unless you already know what it is.
      7. Don't click any login links or buttons in an email message.
      8. Learn to identify phishing scams.
      9. Do not share your password with anyone.
      10. Make your security question answers difficult to guess.

      Did this summary help you?
      In other languages
      Thanks to all authors for creating a page that has been read 411,528 times.

      Reader Success Stories

      • Moni Wen

        Jun 6, 2016

        "My Yahoo email has been hacked numerous times, I don't know how. I change my PW constantly but your PW tips ..." more
      Share your story

      Is this article up to date?

      Advertisement