• Mon–Fri 7am–7pm
  • Sat 7am–5pm
Fixable — In-Home IT Support Melbourne
book a home visit
call now
Request Callback

Hacked Email Account Help Melbourne: What to Do Immediately & How In-home IT Support Can Help

Hacked email account help Melbourne
  • hello.fixable@gmail.com
  • February 8, 2026
  • 10:14 am

Table of Contents

Security Guide · Melbourne

Hacked Email Account? What to Do Right Now, Step by Step

Whether you can still get in or you’re locked out — recovery steps for Gmail, Outlook and BigPond/Telstra. Plus the domino effect that puts your other accounts at risk, and how to prevent it happening again.

📧 Gmail · Outlook · BigPond ⚡ Act now
📅 Updated April 2026 ⏱ 8 min read 🔒 Provider-specific recovery inside

An email account being hacked is one of the most serious tech security incidents a Melbourne household can face — because your email isn’t just a place to receive messages. It’s the key to everything else. Your bank, your MyGov, your Medicare, your superannuation, your social media — almost every other account can be accessed by whoever controls your email, through the “forgot password” feature. Acting quickly and correctly makes the difference between a bad half-hour and weeks of ongoing damage.

This guide covers the three different scenarios people find themselves in, the immediate steps to take regardless of which one applies, and recovery instructions specific to each email provider. It also connects to our virus and scam removal guide — because sometimes email hacks and computer infections happen together.

Which scenario are you in? The response is different for each

Scenario A

You can still log in, but something seems wrong

Contacts are saying they received strange emails from you. You’re seeing emails in your Sent folder you didn’t write. Logins from unfamiliar locations are showing in your account activity. You still have access. → Change your password immediately, then follow the full lock-down steps below. Don’t wait — the attacker still has access until you change the password.

Scenario B

You’re locked out — password no longer works

Your password is being rejected. The attacker may have changed it. You need to use the account recovery process to regain access. → Use “Forgot password” immediately — don’t delay. The longer you wait, the more time the attacker has to change recovery details (phone number, backup email) which makes recovery much harder. See the provider-specific recovery steps below.

Scenario C — Worst case

Locked out AND recovery options have been changed

The password doesn’t work, and the “Forgot password” process sends a code to a phone number or backup email you don’t recognise — meaning the attacker has already changed your recovery details. → This requires working through the account provider’s identity verification process directly. See the provider-specific steps below — each provider has a different path for this. This is the most complex scenario and where professional help saves hours of frustration.

The domino effect — your other accounts are at risk too

This is the critical thing most people don’t realise immediately: whoever has access to your email account can reset the password for virtually every other account linked to it. Your bank’s “forgot password” sends a reset link to your email. So does MyGov, Medicare, your superannuation, streaming services, and anything else you’ve ever registered with that email address.

While you’re working to recover your email — do this on your phone right now:

  1. Call your bank and tell them your email has been hacked — they will flag your account for monitoring
  2. Check your MyGov account (on your phone with mobile data, not using the compromised computer) for any changes
  3. If you have internet banking open in a browser on the compromised computer — log out and change that password from your phone

Don’t wait until you’ve recovered the email to do these steps — the domino can fall very quickly. Financial institutions like banks and ATO take immediate reports seriously and can freeze suspicious activity. If your computer was involved in the hack, see our virus and malware removal guide for what to check and secure on the device itself.

Recovery steps by email provider

G

Gmail recovery

Scenario A (still have access):

  1. Go to myaccount.google.com → Security → Recent security activity — look for any logins you don’t recognise
  2. Change your password immediately: Security → Password
  3. Check recovery details: Security → Ways we can verify it’s you — ensure phone number and backup email are yours
  4. Click “Review devices” and remove any you don’t recognise
  5. Turn on 2-Step Verification (instructions below)

Scenario B/C (locked out):

  1. Go to accounts.google.com/signin/recovery
  2. Enter your Gmail address and click “Forgot password”
  3. Google will try various verification methods — check your phone, check a backup email, or answer security questions
  4. If your recovery phone number was changed: select “Try another way” and work through Google’s identity verification — this may ask you to confirm recent activity (emails you sent, contacts you’ve emailed, etc.)
  5. If all recovery options fail: Google’s account recovery troubleshooter walks through further verification steps

Important: Google’s recovery works best from a device and location you’ve previously used to access the account. Using a familiar device (even an old phone) significantly improves the success rate of recovery.

📧

Outlook / Hotmail / Live recovery

Scenario A (still have access):

  1. Go to account.microsoft.com → Security → Recent activity — review for logins you don’t recognise
  2. Change your password: Security → Change password
  3. Check security information: Security → Update your security info — verify phone number and backup email
  4. Enable two-step verification: Security → Two-step verification → Set up

Scenario B/C (locked out):

  1. Go to account.live.com/password/reset
  2. Enter your email address and select how to receive a code
  3. If your recovery details have been changed, select “I don’t have any of these” — this leads to Microsoft’s identity verification form
  4. Microsoft’s recovery form asks detailed questions about your account (when it was created, recent contacts you emailed, subjects of recent emails). The more detail you provide, the higher the success rate
  5. If the form is rejected, wait 24 hours and try again — Microsoft reviews these manually and allows multiple attempts
📡

BigPond / Telstra email recovery

Requires phone contact with Telstra — online recovery is limited

BigPond/Telstra email recovery is more limited than Gmail or Outlook — the self-service recovery options online are basic, and most compromised account situations require calling Telstra directly. This is also complicated by Telstra’s ongoing migration of BigPond accounts — see our email setup guide for background on this issue.

  1. Try signing in at my.telstra.com.au with your BigPond email as the Telstra ID username
  2. If locked out: click “Forgot username or password” on the login page
  3. For compromised accounts where recovery details have been changed: call Telstra on 13 22 00 and specifically say “My BigPond email account has been compromised and the recovery details have been changed — I need to verify my identity to regain access.”
  4. Telstra will verify you using your account number, date of birth, and service address. Have these ready.

BigPond accounts: extra concern. BigPond email accounts that have been compromised are harder to recover than Gmail or Outlook because Telstra’s self-service tools are less robust. If you have a BigPond address and it’s been hacked, calling Telstra directly with your account details is the fastest path. We can assist with this call during a home visit if needed.

After recovery — lock it down properly

Regaining access is just the first step. An email account that was compromised once is more likely to be targeted again — because the attacker may have sold your details, or your password may appear in a data breach list that other attackers use. These steps turn a recovered account into a properly secured one.

1. Set a strong, unique password

Use a password that’s at least 12 characters, contains a mix of letters, numbers, and symbols, and is not used on any other account. A good method for something memorable: three unrelated words plus numbers, e.g. Lamp47Bicycle!Fence. Write it in a notebook kept at home — this is safer than reusing a simple password everywhere.

2. Turn on two-factor authentication (2FA)

Two-factor authentication means even if someone knows your password, they can’t log in without a code sent to your phone. This is the single most effective protection against email account compromise.

  • Gmail: myaccount.google.com → Security → 2-Step Verification → Get started → follow the prompts to link your phone number
  • Outlook/Hotmail: account.microsoft.com → Security → Two-step verification → Set up two-step verification
  • BigPond/Telstra: my.telstra.com.au → Account settings → Security → enable Two-Factor Authentication

3. Check and update recovery details

Verify that the recovery phone number and backup email address in your account settings are yours and current. These are what providers use to verify your identity if you’re ever locked out again — make sure they’re accurate. If the phone number registered is an old number you no longer have, update it now while you still have access.

4. Check for forwarding rules and filters

Hackers often set up email forwarding rules that quietly send copies of all your emails to their address — even after you’ve changed your password. In Gmail: Settings (cog icon) → See all settings → Forwarding and POP/IMAP → check for any forwarding addresses you didn’t set up. In Outlook: Settings → Mail → Forwarding → check. Delete any you don’t recognise immediately.

5. Change passwords on accounts that used this email for login

Now that the email is secured, change passwords on your bank, MyGov, Medicare portal, superannuation, and any other account where this email was the login. Even if those accounts weren’t directly accessed, the risk window was open and updating passwords closes it. If you use the same password on multiple sites — this is the moment to stop doing that.

Check if your email was in a data breach

Sometimes email accounts are compromised not through any mistake on your part — but because a website or service you registered with had a data breach, and your email and password were exposed in that breach. These stolen credentials are sold on criminal forums and used to try to access email accounts.

Check Have I Been Pwned: Go to haveibeenpwned.com — a free, legitimate security tool run by respected security researcher Troy Hunt. Enter your email address and it will tell you whether your email and password have appeared in any known data breaches.

If your email appears in breach results: the specific breach name and date will show. Change the password on any account where you used that password. This site is safe to use — it doesn’t store your email address and is recommended by the Australian Cyber Security Centre.

Frequently asked questions

My contacts are getting spam from my email address but I can still log in fine. Is my account hacked?

Two possibilities. (1) Your account has been accessed and the attacker sent spam from it — check your Sent folder for emails you didn’t send. If you find them, follow the Scenario A steps above. (2) Your email address is being “spoofed” — the emails appear to come from your address but were actually sent from elsewhere. Email spoofing is technically different from account compromise — you don’t have to change your password, but there’s no straightforward way to stop it either. Check your Sent folder: if nothing there, it’s likely spoofing. If emails are in Sent that you didn’t write, your account is compromised.

I’m locked out of Gmail and the recovery process failed. What now?

Google’s account recovery works best from a trusted device and familiar location. If you’re using a new computer at a new location, Google may not recognise you. Try the recovery from your phone (especially if you’ve previously accessed Gmail on that phone), or from your old computer if it still works. Also try at different times of day — Google’s automated system sometimes gives different results. If all else fails, Google has a form where you can appeal for manual review, but success rates are low without substantial verification information. This is one of the most complex situations we help with during home visits — it often takes patience and trying multiple approaches.

Does having my email hacked mean my computer has a virus?

Not necessarily — they’re related but separate issues. Email accounts are most commonly hacked through password reuse (you used the same password on a site that had a data breach), phishing (you clicked a fake login page and entered your password), or credential stuffing (automated attacks trying leaked passwords). A computer virus can also steal passwords, but it’s one cause among several. It’s always worth running a scan with Windows Security or having the computer checked — see our virus removal guide — but a clean scan doesn’t necessarily explain the hack if the cause was a data breach or phishing.

How did the hacker get my password in the first place?

The four most common ways: (1) Data breach — a website you registered with was hacked and your email/password combination was leaked. Check haveibeenpwned.com. (2) Password reuse — you used the same password on multiple sites, one was breached, and attackers tried it on your email. (3) Phishing — you clicked a fake login page (disguised as your bank, Australia Post, ATO, etc.) and entered your email and password, which was captured by the attacker. (4) Malware — a keylogger or password-stealing program on the computer captured it. Checking haveibeenpwned.com usually tells you which category applies.

Can Fixable help me recover and secure my email account at home?

Yes — we handle Gmail, Outlook/Hotmail, and BigPond/Telstra account recovery during home visits across all Melbourne suburbs. We work through the recovery process with you, check for forwarding rules and other backdoors, enable two-factor authentication, check the Have I Been Pwned database, and advise on securing other accounts that may have been at risk. We also check the computer for any malware that may have contributed to the compromise. Our rate is $89/hr with no call-out fee. For seniors we take extra time to explain everything clearly — see our seniors IT support page. Call 0435 955 429.

Need help recovering and securing your email?

We recover Gmail, Outlook, and BigPond accounts, stop the domino effect on other accounts, check for forwarding rules, and lock everything down with 2FA. $89/hr, no call-out fee, all Melbourne suburbs.

Related guides

Serving all Melbourne suburbs — Doncaster, Camberwell, Box Hill, Glen Waverley, Kew, Hawthorn, Balwyn, Ringwood and all surrounding areas. View all service areas →

About Fixable: Friendly, patient on-site IT support across all Melbourne suburbs. NDIS Worker Screening cleared. Always in plain English. Call 0435 955 429 or visit fixable.au

Need Tech Help Today?

Call now or request a free callback — we service all Melbourne suburbs.

Call now
Request a Free Callback
Book a Home Visit

Need Tech Help Today?

Call now or request a free callback — we service all Melbourne suburbs.

Call now
Request a Free Callback
Book a Home Visit