Netsafe regularly helps people who have had their email hacked or hijacked. In many cases, the account has then been used to send spam, scam or phishing emails to random addresses or the contact list for the email account holder.

People who gain unauthorised access may ask your business contacts, friends or family to send money urgently via Western Union or another money transfer service to help you.

Sometimes email account owners can still get access to their email with their own password. At other times they need to go through a lengthy recovery process to take back ownership of their email account.

How to recover your email account

Most major email providers have online forms that you can fill out to recover your account:

You should remember that providers of free email services have millions of customers and may not provide any support outside of the online recovery forms.

If you rely on always having access to your emails then read on for our security tips for email accounts below.

Prevention is better than cure

Most email or social media accounts are hacked due to one of these common vulnerabilities:

  1. You did not secure your account with a strong, unique password and a ‘dictionary’ or ‘brute force’ attack allowed the hackers quick access;
  2. Your computer or another device you used to access your emails was infected with malware or a virus or;
  3. You fell victim to a ‘phishing‘ email, logging in to a fake website that sent your account details to criminals.

How to prevent email hacking

If you rely on your email always being accessible, our advice is that you take the following steps to secure your account.

  • Use two factor authentication: 2 factor or 2FA sounds complex but boosts your security by requiring something you know and something you have. A good way of understanding ‘two factor’ is your EFTPOS card – you have the plastic card and must know the correct PIN to use it to pay for things. Two factor for email security normally involves linking your email account with a mobile phone number that will receive numeric codes via text message when you try to login or use a new device.
  • Create an alternative or ‘recovery’ email address: And make sure this email account is secured with a different strong password to avoid ‘daisy chaining’ or a hacker trying to get access to all your online accounts.
  • Only login over a secured connection: Pick an email provider that uses an https:// web address when logging in. Look for a padlock icon in your browser or consider using a browser plugin or extension such as HTTPS Everywhere.
  • Don’t publish the information you use for your secret or account reminder questions: Any information that you use to authenticate your account recovery or login should not be published online



Need help or advice? Contact us.

  • Email
  • Call us toll free on 0508 NETSAFE (0508 638 723)
  • Online report form

Our helpline is open from 8am – 8pm Monday to Friday and 9am – 5pm on weekends.

More information