How do I check if my business email has been hacked

Cybersecurity threats continue to evolve, and business email compromise (BEC) remains one of the most significant risks organizations face. If you suspect that your business email account has been hacked, taking immediate action is critical to prevent further data breaches, financial losses, and reputational damage. This guide will walk you through the steps to confirm unauthorized access, identify potential damage, and secure your account against future attacks.

Signs That Your Business Email May Have Been Hacked

Unusual Login Activity

Most email service providers log all recent sign-ins, including the location, IP address, and device used. If you notice logins from unfamiliar geographic locations or unknown devices, it could be a sign that someone else has gained access to your account.

To check login activity:

• Google Workspace (Gmail): Go to Google’s Security Checkup and review “Your devices” and “Recent security activity.”

• Microsoft 365 (Outlook): Visit the Microsoft Security page and check “Sign-in activity.”

• Other Providers: Look for a “Recent Login” or “Security” tab in account settings.

Emails Sent That You Didn’t Compose

Hackers often use compromised accounts to send phishing emails, malware, or fraudulent messages to your contacts. Check your Sent Items folder for messages you don’t recognize.

Additionally, some attackers delete sent emails to cover their tracks. If you suspect this, check the Deleted Items or Trash folder for unusual activity.

Email Forwarding Rules Have Been Changed

Cybercriminals may set up forwarding rules to silently send copies of your emails to an external address, allowing them to spy on your communications.

• Gmail: Go to Settings > Forwarding and POP/IMAP and verify that forwarding is turned off.

• Outlook (Microsoft 365): Go to Settings > Mail > Forwarding and check if any unknown forwarding rules exist.

• Other Providers: Check mail settings for automatic forwarding or email rules.

New or Modified Email Rules and Filters

Hackers sometimes create rules that automatically move or delete emails containing security alerts, bank notifications, or password reset emails.

• Gmail: Go to Settings > Filters and Blocked Addresses to review and delete any suspicious filters.

• Outlook: Go to Settings > Mail > Rules and look for any unauthorized rules.

Unexpected Password Reset Emails or Login Alerts

If you receive an email stating that your password was changed or a login was attempted from an unknown device, someone may be trying to take control of your account.

How to Check If Your Business Email Was Leaked in a Data Breach

Use a Data Breach Checking Tool

Sometimes, email compromises occur due to leaked credentials from previous security breaches. To see if your email address has been exposed:

• Have I Been Pwned (HIBP): Visit haveibeenpwned.com and enter your email to check for breaches.

• Firefox Monitor: monitor.firefox.com provides a similar service with breach notifications.

• Google Security Checkup: If using a Google Workspace account, Google will notify you if your credentials have been leaked.

If your email appears in a breach, change your password immediately and enable multi-factor authentication (MFA).

How to Secure Your Business Email Account After a Breach

Change Your Password Immediately

If you suspect a compromise, reset your password to a strong, unique one. Use a mix of:

• At least 12-16 characters

• Uppercase and lowercase letters

• Numbers and special symbols

• Avoid common words, names, or predictable patterns

Use a password manager (e.g., 1Password, Bitwarden, LastPass) to generate and store secure passwords.

Enable Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) adds an extra layer of security by requiring a second verification step, such as a code sent to your phone or a hardware security key.

• Google Workspace: Enable MFA in Security > 2-Step Verification.

• Microsoft 365: Go to Security & Privacy > Two-Step Verification.

• Other Email Services: Enable MFA in security settings.

For enhanced security, use an authenticator app (e.g., Google Authenticator, Microsoft Authenticator) instead of SMS-based 2FA, which can be vulnerable to SIM-swapping attacks.

Revoke Unauthorized Sessions and Apps

• Google Workspace: Go to Security > Manage Devices and sign out of any unrecognized sessions.

• Microsoft 365: Visit Security & Compliance Center > Sign-in Logs and revoke access from unknown locations.

• Third-Party Apps: Review OAuth permissions to ensure no malicious apps have account access.

Run a Full Malware Scan on Your Device

If your email was hacked, malware or keyloggers may be present on your device. Run a full system scan using:

• Windows Defender (Windows)

• Malwarebytes (Windows/macOS/Linux)

• Bitdefender, Kaspersky, or ESET for enterprise-grade protection

Preventing Future Business Email Compromises

Implement Email Security Best Practices

• Use business-grade email security tools like Microsoft Defender for Office 365 or Google Advanced Protection.

• Train employees on phishing awareness to recognize social engineering attacks.

• Enable domain-based authentication (DMARC, DKIM, SPF) to prevent email spoofing.

Regularly Monitor Email Logs and Activity

• Enable security alerts for login attempts and unauthorized changes.

• Review email audit logs (available in Microsoft 365 & Google Admin Console) to monitor suspicious behavior.

Use End-to-End Encryption for Sensitive Emails

For added security, use end-to-end encryption (E2EE) solutions such as ProtonMail, Tutanota, or enterprise-grade encryption services like Microsoft Message Encryption (OME).

If your business email has been compromised, acting quickly is crucial to contain the breach and prevent further security risks. Start by checking for unauthorized access, updating your password, enabling multi-factor authentication, and revoking suspicious sessions. Strengthening email security policies and regularly monitoring for threats will help safeguard your business from future attacks.

By implementing these security measures, you can significantly reduce the risk of business email compromise and ensure that your organization’s sensitive data remains protected.