A compromised email account can feel urgent, but the response should be calm and structured. The goal is to stop access, understand what happened, and reduce the chance of the same issue coming back.
Secure The Account First
Reset the password, revoke active sessions, confirm multi-factor authentication settings, and check whether recovery information was changed. If the account has admin access, treat the situation as higher risk.
Check Mailbox Rules And Forwarding
Attackers often create hidden forwarding rules, delete rules, or filters that move replies out of view. Review inbox rules, forwarding settings, delegates, shared mailbox access, and suspicious sign-in activity.
Look For Business Impact
Check whether invoices, payment instructions, client messages, or internal requests were sent or changed. If external contacts may have received suspicious messages, notify them clearly and quickly.
Strengthen Controls Afterward
Review MFA coverage, password policies, admin roles, email security settings, and user training. The follow-up matters because a single compromised account can reveal broader security gaps.
Need Help Applying This?
Turn the idea into a practical next step
OnlineV can help review the current setup, separate urgent items from nice-to-haves, and explain what would make sense for your business.
Book a Free Session