My previous email address has been hacked beyond recovery.
This particular email hack is unlike other account hacks where a simple password change cleans things up. Once your account is hacked, there is nothing you can do to save it. Barring the hacker getting a real life, your address (not your actual account) will be used time and again to spam your contacts.
How It Works
A hacker gains access to your account once and harvests your contacts list. After that, they no longer need access to your actual account. They send emails to your contacts from a separate account that forges your email address as the sender (called spoofing), and they do this about once a month. This tactic allows them to get past spam filters.
You could report the IP address from which the emails are coming, but the hacker can then just change their IP address.
1. Your spam folder suddenly fills up with failed delivery messages from “Mail Delivery System” in response to messages that your account never sent.
2. Some of your contacts respond to emails from your email address that you never sent asking you if it the messages were spam.
Sarcastically: Never do anything interesting online, and never give out your email address.
But for real, here are two concrete steps you should take right now that might potentially prevent this from happening to you:
1. Use two-step authentication. Google does a better job of describing this, so just click on that link.
2. Use a program like 1Password to create and remember randomly generated unique passwords.
If It Happens to You
Even after taking those to steps, just by being on the internet you are still exposed. If this happens to you, you have to start over with a new email address and tell everyone to block your old one. I hope this doesn’t happen to you, but, if it does, here’s what I did:
1. Created a new email address using two-step authentication and 1Password.
2. Bcc’d my contacts (you can only do 100 at a time on Gmail) on an email from my old account asking them to use my new email address and block my old email address.
3. Set an auto-responder on my old email address with the same note I sent in #2.
4. Forwarded all emails from my old email address to my new email address.
Happy interneting! Stay safe.