How to fix a compromised email account

If your email account has been compromised, you will need to take the following steps:

• Scan your device(s) for malware.
• Reset your password.
  
• Re-enter your password on any email clients.

Step 1 - Scan your devices with a dedicated malware scanner. Most email compromises occur due to the password being guessed through brute force, but we'd still recommend checking that your computer has no malicious software installed. If you're unsure about a suitable malware scanner, talk to your IT team.
Note: All devices can get viruses, even phones and Apple devices.


Step 2 - Close all your email clients, and turn any phones off if they log into a compromised email account.
This will make the next steps easier, because all email clients will repeatedly try to log in with the password they have stored. When you update the password they will still be using the old one, and may cause your IP to be blocked on our server firewall.


Step 3 - Log into cPanel. If you can't log in, follow this guide to unblock your IP first.


Step 4 - Use this guide to reset your email password to a unique value. DO NOT change the password back to the previous value or one that you've used before.


Step 5 - Ensure the email account in question is not suspended in cPanel. Use this guide to unsuspend it if needed.


Step 6 - Turn on your email clients one at a time, and use these guides to re-enter the email password in both the Incoming and Outgoing sections.


Step 7 - After updating your email client, send an email from the email account to itself. If you receive this email in your device's inbox, this confirms that both Outgoing and Incoming mail is working for that device.


Step 8 - If you used your old email password for any other accounts, we'd recommend updating those passwords as well for security.