NetSafe routinely takes reports of email accounts being compromised after people find their Hotmail,, Yahoo! or Gmail email account has been hacked or hijacked.

In many cases, the account has then been used to send spam, scam or phishing emails to random addresses or to their own contacts list stored in the web-based system.

Those gaining unauthorised access often ask business contacts, friends or family to send money urgently via Western Union or another money transfer service to help the account owner get home from a holiday in the UK or other destination.

Sometimes email account owners can still get access with their own password; other times they need to go through a lengthy recovery process to take back ownership of their email account.

How to recover your webmail account

Most major email providers have online forms that you need to fill out to recover your account, these can be accessed at the links below:

You should remember that providers of free email services have millions of customers and may not provide any support outside of the online recovery forms.

If you rely on always having access to your emails then read on for our security tips for email accounts below.

Prevention is better than cure

Most email or social media accounts are hacked due to one of these common vulnerabilities:

  1. You did not secure your account with a strong, unique password and a ‘dictionary’ or ‘brute force’ attack allowed the hackers quick access;
  2. Your computer or another device you used to access your emails was infected with malware or a virus or;
  3. You fell victim to a ‘phishing’ email, logging in to a fake website that sent your account login details to cybercriminals.

How to prevent your email account from being hacked

If you rely on your email being always accessible, NetSafe advises that you take the following steps to secure your account. And be very cautious about the volume of documents and data you keep stored in your email account, especially if you use a free webmail service that may be very hard to regain access to:

  • Use two factor authentication
    2 factor or 2FA sounds complex but boosts your security by requiring something you know and something you have. A good way of understanding ‘two factor’ is your EFTPOS card – you have the plastic card and must know the correct PIN to use it to pay for things.Two factor for email security normally involves linking your email account with a mobile phone number that will receive numeric codes via text message when you try to login or use a new device. You can see what companies support 2FA online.
  • Set an alternative or ‘recovery’ email address
    And make sure this email account is secured with a different strong password to avoid ‘daisy chaining’ or a hacker trying to get access to all your online accounts.
  • Only login over a secured connection
    Pick an email provider that uses an https:// web address when logging in. Look for a padlock icon in your browser or consider using a browser plugin or extension such as HTTPS Everywhere.
  • Don’t publish the information you use for your secret or account reminder questions
    Any information that you use to authenticate your account recovery or login should not be published online on your Facebook profile or other sites.