What happens when your email account is hacked?


If you click on unidentified links in emails, and/or attempt to log into a site, a hacker can get your credentials and use your email account to send out spam to your contacts and other places. If someone recognizes your email, they might click on any links in the email, and surrender their credentials to the hacker also.


How can I avoid hacking?


While this first step is not generally applicable for a hacked email, since the email address is usually legitimate, you should make a practice of ensuring that emails are being sent from legitimate sources. You can check easily to see if an email is a legitimate email. First, check to see if the email comes from a legitimate Lesley email. If you are on a mobile device, you can click on the From field and it will show the email address. Phishing and spoofing email messages usually contain a fake sender address and/or name, so while the message may state that it has come from a Lesley community member, it is in fact from a different non-Lesley email address. Always review the From field in the email to be sure is has actually been received from the person in question. If you choose to reply to the message, make sure that the message is going to an @lesley.edu address. If you do not see a Lesley email address, then simply delete the email.  


However, if someone has hacked an email address, the address will be valid (although the legitimate sender won't be aware of the email). So you always have to be on the lookout for the links within emails! You must verify that any links are going to a legitimate Lesley site.  Just hover (do NOT click) your mouse over any link that you are being directed to click on.  If you don't see a Lesley link, delete the email. IT also won't ask you for your username and password, so if an email asks you for that information, you should delete the email.


What do I do if my account has been hacked?


  • You must change your password at the https://mp.lesley.edu site!  If your account was sending out tons of emails, your account might already be shut down. So, if you have any issues changing your password, contact IT at it@lesley.edu or 617-349-8770. 


Note: If your account has been shut down, IT will set your password to the default and clear your security questions. When the account has been restored, you must change the password, set up your security questions and run a scan of your device.


  • After you change your password, and log back into your Lesley email, you should check your Inbox and Sweep Rules to make sure that the spammers have not created any rules that would divert emails from your Inbox or Sent folders to your Deleted folder. 


  1. Click on the Settings icon at the top of the page (the icon for this looks like a gear, and is to the left of your initials). 
  2. Select Mail from the drop down list that appears under the heading Your App Settings. A new page will load. 
  3. To the left, locate Inbox and Sweep Rules under the heading Automatic Processing
  4. Check under the box labeled Inbox Rules to make sure that there are no rules created to divert your mail.

  • Additionally, if you have antivirus software on your computer or mobile device you should run a scan to ensure that there are no malware or viruses on your device. If you don’t already have anti-virus software on your personal device, Sophos may be an option that you can use to run a scan of your computer. There should be a free version for you to download online which you can find here: https://home.sophos.com/en-us.aspx.  You can search in your app store for protection for your mobile device.