Email Fraud

Email fraud, also known as email scam, is a significant and growing category of cybercrime that exploits electronic mail systems to deceive individuals, organizations, or businesses for financial gain, identity theft, or other malicious purposes. Essentially, email fraud is defined as sending fraudulent, misleading, or deceptive messages via email, with the intent of tricking recipients into revealing sensitive information, transferring money, clicking on malicious links, or engaging in actions that benefit the perpetrator while harming the victim. Unlike physical deception that relies on face-to-face trickery, email fraud takes advantage of the anonymity, speed, and global reach of digital communication, making it a particularly powerful tool for cybercriminals.

The core of email fraud lies in its ability to create a false sense of legitimacy. Scammers carefully craft messages that appear to come from trusted sources such as banks, government agencies, e-commerce platforms, or well-known organizations. These emails often use techniques like spoofing, where the sender’s address is forged to look authentic, or phishing, which directs recipients to fake websites designed to gather personal and financial information. In many cases, email fraud is designed to exploit human psychology—fear, urgency, curiosity, or greed—to compel individuals to respond without verifying the authenticity of the message.

Email fraud can take many forms, each with different objectives and methods. Common types include phishing emails attempting to steal login credentials or credit card information; advance-fee scams promising large financial rewards in exchange for upfront payments; malware-laden emails that deliver viruses, ransomware, or spyware; and business email compromise targeting corporate officials to authorize fraudulent fund transfers. Despite these variations, a unifying characteristic of email fraud is the deliberate attempt to deceive recipients through communication that appears legitimate.

The impact of email fraud is far-reaching. Victims may suffer financial losses, damage to personal or corporate reputation, unauthorized access to sensitive data, and psychological stress. The widespread proliferation of email accounts and dependence on electronic communication have made email fraud not only more common but also more sophisticated. Cybercriminals continuously adapt their strategies, making detection and prevention challenging, thereby increasing the need for heightened awareness, technical security measures, and regulatory interventions.
Email fraud is a criminal practice that exploits users’ trust, inexperience, or negligence to gain illegal benefits. It is a blend of technology, psychology, and criminal intent that manifests in various activities threatening individuals, organizations, and society’s security. Its distinctive feature is manipulating people through deceptive and false information within the digital communication framework, making it one of the most prevalent and dangerous forms of cybercrime in today’s digital age.

This definition illustrates that email fraud is not merely a technical or financial issue but a complex social and psychological phenomenon that exploits both technological vulnerabilities and human weaknesses.

Email Account Hacking

Hacking an email account means unauthorized access gained by cybercriminals through various technical and psychological methods by obtaining the victim’s password and associated information. Email accounts are often the primary digital identity of an individual because they are linked to banking services, social media, official records, and personal communication. Attackers use techniques such as phishing kits, malware programs, fake login pages, keyloggers, and social engineering to access login details without the victim’s knowledge. In many cases, they send deceptive messages that look genuine and create a sense of urgency, prompting users to act quickly without verifying. Once the password is obtained, the hacker can read private emails, reset passwords of linked accounts, pretend to be the victim, and carry out further financial or identity theft crimes. Email hacking is particularly dangerous because it often remains undetected for a long time, allowing attackers repeated access and misuse of the account.

1. Phishing emails sent from genuine email accounts (but are actually fake)

Sending phishing emails via fake email accounts is one of the oldest and most widely used techniques to hack email accounts, with documented history dating back to the mid-1990s when internet email usage among common users started expanding rapidly. Around 1995-1996, early attackers targeted AOL users with deceptive messages appearing to come from official AOL administrators, asking users to verify or confirm their passwords. This method gradually evolved with the rise of email providers like Yahoo Mail (launched in 1997), Hotmail (1996), and Gmail (2004). The core idea has always been to convince the victim that the message is real and important. Scammers meticulously copy logos, email templates, sender names, and language styles used by legitimate service providers. They often include reasons like system upgrades, suspicious login activity, mailbox storage limits, regulatory compliance, or data security policy updates. Historically, during major events like the Y2K transition in 1999-2000, the rise of online banking in the early 2000s, and the tightening of data security laws in the late 2010s, large-scale phishing waves were recorded. When a victim clicks on a link in a phishing email, they are redirected to a fake login page that resembles the real service website. After entering login ID and password, the credentials are immediately captured and stored by attackers. This information is used to access the victim’s email account, reset passwords for linked services, commit identity theft, or carry out further deception. Cybercrime evidence from decades shows that phishing is mainly successful because it exploits human trust and haste rather than technical vulnerabilities. Even highly educated users have fallen prey, proving that phishing is a psychological attack supported by technical mimicry.

2. Sending unsolicited or spam emails with malware attachments

Malware-based emails, which include malicious attachments, have a long and well-documented history, beginning primarily in the late 1990s with widespread email virus campaigns via computer worms. One of the earliest famous examples is the “Melissa” virus of 1999, which spread through infected Word document attachments sent via email. In 2000, the “ILOVEYOU” virus caused worldwide damage by tricking users into opening infected love letters, illustrating how social engineering combined with malware can harm systems on a massive scale. Over time, attackers refined these methods, embedding advanced malware in PDFs, ZIP files, Excel sheets, and executable files. When a victim opens such an attachment, malware silently installs in the background without visible signs. In the early 2000s, keyloggers became very common, recording every keystroke, including email usernames and passwords. Subsequently, more sophisticated malware emerged that could take screenshots periodically, monitor clipboard activity, read saved passwords in browsers, and even bypass basic antivirus detection. Evidence from forensic investigations indicates that once malware is installed, attackers can obtain credentials over long periods without the victim’s knowledge. This method is particularly dangerous because changing passwords does not help unless the malware is fully removed. The continuous evolution of malware techniques demonstrates that users’ curiosity, lack of awareness, and overreliance on email for official communication make email attachments a powerful weapon for hackers.

3. Hacking email accounts through social engineering and OTP sharing to bypass two-factor authentication

Two-factor authentication (2FA) was widely introduced in the mid-2000s as an additional security layer to protect online accounts, combining passwords with one-time passwords (OTPs) sent via SMS, email, or authenticator apps. Although 2FA significantly reduced automated hacking attempts, it did not eliminate human vulnerabilities. After 2010, social engineering attacks targeting OTPs became more common, especially as banks, government portals, and email services made 2FA mandatory. Scammers use psychological tricks like disguising identities, fear, urgency, and authority to persuade victims to share their OTPs. Historically, attackers impersonated customer support executives, security officers, or technical administrators, claiming suspicious login attempts or account verification needs. In many documented cases, victims received phone calls or emails immediately after phishing attempts, reinforcing the legitimacy of the request. Attackers often make the request at the exact time OTPs are generated, making victims believe the request is genuine. Evidence from cybercrime investigations shows that once an OTP is shared, attackers can instantly bypass the next security layer and gain full access to the email account. This technique has been widely used since around 2015, coinciding with the rise of SMS-based OTP systems. History proves that technology alone cannot prevent hacking if users are deliberately manipulated into handing over security credentials. When trust is exploited, even strong authentication systems can fail, illustrating that social engineering is one of the most effective tools in email account hacking.

Once An Email Account Is Hacked, Criminals Can Misuse It For Various Malicious Purposes

Once an email account is compromised, the attacker gains full control over the victim’s digital communications and can misuse the account in several harmful ways. The hijacked email can be used to hide the victim’s identity and send fraudulent messages to family members, friends, clients, or business contacts, often for financial scams or personal manipulation. Attackers can also access sensitive stored information such as identification documents, bank alerts, invoices, and login links, which can be used for theft or blackmail. In many cases, the email account serves as a gateway to other online services, allowing hackers to reset passwords and take over social media, banking, or shopping accounts. Such misuse can lead to financial losses, damage to personal and professional reputation, and long-term trust issues.

1. One of the most common misuses after hacking an email account is sending SOS or emergency messages to all of the victim’s contacts seeking money. This technique has been seen since the early 2000s, when email became a primary mode of personal communication. Scammers exploit the trust built over years between victims and their contacts. The hacked email is used to send urgent messages claiming lost passports, stolen wallets, medical emergencies, arrests abroad, or being stranded without cash. Historically, such scams became more common in the late 2000s as international travel increased, with stories of travelers appearing credible. Attackers carefully study the victim’s writing style, time zones, and personal details from previous emails to make the messages seem authentic. Since emails come from familiar and trusted addresses, recipients often do not verify the requests and immediately transfer money. Many real-world fraud cases reveal that even close family members have sent large sums without suspicion. Cybercrime investigation evidence repeatedly shows the success of this method through emotional pressure, urgency, and fear. Once the money is transferred, it is quickly moved to multiple accounts, making recovery difficult. This misuse results in financial loss, emotional distress, and long-term trust issues between victims and contacts.

2. Another serious misuse of hijacked emails is sending offensive, insulting, or threatening messages to friends, relatives, or professional contacts, followed sometimes by blackmail or ransom demands. Such acts date back to the late 1990s online harassment cases but became more organized around 2010 with the rise of cyber extortion. Attackers deliberately send obscene, defamatory, or socially damaging content from the victim’s email address to tarnish their reputation. In some cases, the attacker threatens to continue sending such messages unless ransom is paid. The psychological impact of this abuse is severe, as victims fear social embarrassment, family conflicts, or professional repercussions. Real cases show that attackers often target public figures, business owners, or professionals with valuable reputations. Because the emails appear to come from the victim’s own account, recipients initially believe the victim is responsible, causing shame and distrust. Over time, cybercrime records reveal that attackers may also fabricate false confessions or controversial opinions to provoke anger. This misuse demonstrates that email hacking is not only a financial crime but also a means of emotional manipulation, coercion, and social damage, with long-lasting effects even after account recovery.

3. Hijacked email accounts can also be misused to send fraudulent payment instructions to clients, customers, or business partners, leading directly to financial theft. This method, historically known as Business Email Compromise, started emerging in documented fraud cases in the early 2010s when online invoicing and digital payment standards grew. Attackers monitor email conversations, especially those involving invoices, contracts, or pending payments. At the right moment, they send emails requesting payments to “new” or “updated” bank accounts, citing reasons like audit requirements, account changes, or compliance needs. Since the emails appear legitimate and continue the ongoing conversation, recipients rarely question them. Numerous investigations into financial fraud reveal that companies suffered significant losses from this method, often long before detection. The attacker’s ability to read previous emails allows for precise timing and realistic language, making the scam highly convincing. This misuse is especially dangerous because it exploits established business trust rather than technical vulnerabilities, often involving large sums that are difficult to recover once transferred internationally. Ultimately, criminals use hijacked email accounts to also access other online accounts such as secondary email addresses, net banking, social media, shopping platforms, and cloud services. Since around the 2000s, email has become a central recovery tool for online services, allowing password resets via verification links. Hackers exploit this by searching for account registration emails, password reset links, and security notifications in the inbox. Using this information, they systematically reset passwords and gain control of multiple accounts within hours. Real cybercrime cases have shown that victims often only become aware of the breach when bank transactions fail or social media accounts get locked. This chain of account takeovers amplifies the damage, leading to financial theft, identity misuse, and long-term digital disruptions. The evolution of the online ecosystem has made email a “master key” to a person’s digital life, which is why email hacking remains one of the most powerful and dangerous forms of cybercrime.

Precautions / Safety Measures

1. Use Two-Factor Authentication

Two-Factor Authentication (2FA) is one of the most effective ways to prevent unauthorized access to email accounts. Historically, the concept of 2FA gained prominence in the early 2000s when online banking and internet services expanded rapidly, and password security proved insufficient against increasingly sophisticated cyberattacks. 2FA requires users to provide two forms of verification: something they know (like a password) and something they have (such as a code sent via SMS or email, or generated through an authenticator app). For example, when logging into Gmail, after entering the password, the user may receive a time-sensitive numeric code on their registered mobile device, which must be entered to complete the login. Even if a hacker steals the password through phishing or malware, the absence of the second factor prevents access, making hacking much more difficult. Cybercrime reports and real case evidence show that accounts with 2FA enabled experience significantly fewer breaches compared to those relying solely on passwords. Additionally, 2FA can be implemented through hardware tokens, authenticator apps, or biometric verification, offering flexibility and enhanced security. Organizations like Google and Microsoft have promoted mandatory 2FA for high-risk accounts, citing studies indicating that over 99% of automated attacks can be prevented through 2FA. The evolution of cyber threats highlights that passwords alone are no longer sufficient to protect accounts; 2FA adds a crucial layer of security against hacking attempts, phishing campaigns, and brute-force attacks, safeguarding both personal and professional digital assets.

2. Do not open spam or emails from unknown senders

Opening emails from unknown senders or spam is one of the most common ways to hack email accounts. The practice of mass spam email sending began with the rise of ARPANET in the 1970s and significantly increased in the 1990s with the expansion of commercial email services. Hackers often use spam emails to distribute malware, phishing links, or deceptive content designed to trick recipients into revealing sensitive information. Opening these emails, even without clicking on links, can trigger advanced malware to automatically download or activate scripts that damage the system. Historically, attacks like the Melissa virus in 1999 and the ILOVEYOU virus in 2000 spread via email attachments, revealing the dangers of opening unknown messages. Modern attackers have improved these methods, embedding malicious code in PDFs, images, or documents. Security agencies worldwide, including CERT-In and the FBI Cyber Crime Unit, have repeatedly warned that spam emails are a primary vector for ransomware attacks, identity theft, and financial fraud. Avoiding emails from unverified sources significantly reduces the risk of malware infection, phishing attacks, and unauthorized account access. Users are advised to scrutinize the sender’s email address, watch out for strange subject lines, and never trust emails that claim urgent action without verification. Education and awareness about spam threats have been vital in preventing security breaches and financial losses caused by careless handling of unknown emails.

3. Be cautious when opening links sent via email, even if they come from someone you know in your contacts

Even emails from familiar contacts can be dangerous if the sender’s account has been hacked. In the past, compromised email accounts have been used to send malware or phishing links to all contacts stored in the victim’s address book. The rise of mass mailing worms like Sobig and Mydoom in the early 2000s accelerated such attacks, which spread through contact lists without the owner’s knowledge. Cybercriminals rely on established trust between victims and their contacts, increasing the likelihood that recipients will click links or open attachments. These links may redirect to fake login pages, download keyst loggers, or install ransomware on the device. For example, if a hacker gains access to an email account, they may send a seemingly harmless message to friends or colleagues containing a link claiming to be a document, invoice, or video. Once clicked, malware silently begins to operate, giving the attacker more control over the victim’s system. Cybercrime investigations show that over 70% of phishing and malware campaigns involve messages sent from compromised accounts. Even with trusted contacts, caution is essential, as attackers exploit social trust rather than technical vulnerabilities. Users should verify unusual requests through secondary communication channels and avoid clicking on unexpected links. Such vigilance helps prevent account hacking, maintaining both personal and professional cyber security.

4. Do not click on attractive and enticing links sent via WhatsApp messages or regular SMS

Hackers are increasingly using social engineering to trick users into clicking attractive links sent via WhatsApp, SMS, or other messaging platforms. This practice grew widely in the mid-2010s with the rise of mobile internet and instant messaging apps. Criminals often send messages promising prizes, free subscriptions, or instant notifications, enticing users to visit malicious websites designed to steal credentials or install malware. Incidents like the WhatsApp Gold scam in 2016 demonstrated how attackers exploited curiosity and urgency to compromise devices and accounts. Clicking these links can lead to malware infections, keylogging, or the unauthorized installation of applications that monitor communications and capture sensitive data. Global security agencies emphasize that social engineering attacks manipulate human psychology, relying on trust, curiosity, and fear, with technical sophistication playing a secondary role. Users who ignore such messages, even if they appear legitimate or come from familiar contacts, significantly reduce the risk of their accounts being compromised. Continuous awareness programs and historical case studies show that malware via malicious links is one of the main causes of personal and corporate data leaks. Therefore, exercising extreme caution and skepticism before clicking any unknown links is vital for maintaining digital security.

5. Keep your email password long and complex

A strong password is one of the essential measures to prevent email hacking. Historically, weak passwords have been the root of countless cyber attacks, dating back to the early 1990s when first password-protected accounts were introduced in corporate systems. A robust password should be at least eight characters long and include uppercase letters, lowercase letters, numbers, and special symbols. Difficult passwords are harder to guess or crack using brute-force, dictionary attacks, or automated scripts. Evidence from real-world cybercrimes shows that attacks exploiting weak passwords have led to major data leaks, such as the Yahoo data breach in 2013-2014, where over 3 billion accounts were compromised primarily due to easily guessable passwords. Historical cybersecurity advice emphasizes that using unique, complex passwords for each account reduces the risk of multiple platform hacks. Users should avoid common words, personal information like birth dates, and predictable patterns. Additionally, regularly updating passwords and using passphrases or randomly generated character combinations enhance security. Keeping passwords strong and complicated ensures that even if a phishing or malware attack occurs, unauthorized access chances are very low.

6. Do not store your passwords on your device (phone/tablet, etc.)

Storing passwords directly on smartphones, tablets, or computers poses a significant cybersecurity risk. Historically, cybercriminals have exploited locally stored passwords through malware, device theft, or unauthorized physical access. For example, malware like Zeus in the early 2000s targeted stored credentials in browsers and applications, allowing attackers full access to accounts without needing to enter passwords. Similarly, incidents of device theft show that anyone with access to an unlocked device can retrieve stored passwords and use them to access emails, banking, and social media accounts. Evidence from global cybersecurity reports indicates that plaintext passwords stored on devices often serve as the first point of compromise in cyber incidents. Users are advised to rely on encrypted password managers or memorize complex passwords instead of local storage. Avoiding stored passwords reduces the risk of remote hacking attempts and physical theft leading to account breaches. This precaution is strongly recommended in many cybersecurity frameworks and historical analyses to prevent email account hacking.

7. Do not share your password with anyone and change it regularly (every 2-4 months)

Password confidentiality is a fundamental principle of digital security. Historically, social engineering attacks, such as those reported in the early 2000s, often relied on victims willingly sharing passwords with impersonators posing as colleagues, IT staff, or service providers. Once disclosed, accounts could be compromised immediately, leading to identity theft, financial fraud, or unauthorized access to sensitive communications. Changing passwords every 2-4 months reduces the risk of prolonged compromise, especially if an attacker has already obtained login credentials. Events in the mid-2010s, including corporate breaches, demonstrate that static passwords weaken over time due to ongoing phishing and malware surveillance. Global cybersecurity guidelines, including those from NIST and ISO standards, recommend secure storage and regular password updates. Maintaining this practice ensures that even if a password is unknowingly exposed, its usefulness to an attacker is limited by time, safeguarding both personal and business digital assets.

8. Always lock your smartphone, tablet, laptop, etc., with a PIN or password

Lock screens are crucial for protecting devices from unauthorized physical access to emails and sensitive data. Cybercrime investigations have shown that unmonitored or unlocked devices are often used for email hacking, data theft, and identity theft. In the early 2000s, many data leaks in corporate environments occurred because employees left laptops unattended, allowing malicious insiders to access accounts. Using PINs, passwords, or biometric authentication on lock screens provides a vital barrier against unauthorized access. Even in public places such as cafes, airports, or offices, physical access to unsecured devices can lead to significant data leaks. Evidence from cybercrime cases worldwide indicates that strong device locks not only prevent straightforward hacking but also reduce risks from malware installed via USB drives or physical connections. Keeping the device actively locked ensures it remains secure, reducing the chances of opportunistic or targeted attacks, and is a fundamental aspect of individual and organizational cybersecurity hygiene.

Advice For Victims

1. Contact your email service provider and request them to temporarily block your account to prevent misuse by the hacker

When a victim discovers their email account has been hacked, one of the most immediate and effective steps is to reach out to the email service provider and request a temporary suspension or blocking of the account. Historically, providers like Gmail, Yahoo Mail, and Hotmail have offered emergency account recovery and suspension services, especially after increased cyber attacks in the early 2010s. Blocking the account prevents hackers from sending emails, accessing sensitive personal data, or damaging linked accounts. Supporting this request requires proof of ownership and evidence of unauthorized access, such as government-issued ID, suspicious email screenshots, copies of email headers showing unusual activity, or login history records. For example, Gmail users can submit identification documents with a verification form to temporarily disable a compromised account. Case studies indicate that victims who contacted providers immediately could prevent significant financial or reputational damage. Cybersecurity frameworks advise documenting all suspicious activity as evidence to expedite suspension and recovery. Temporarily blocking the account for a few days can also prevent social engineering attacks, phishing attempts, or harmful attachments, reducing further harm. Over recent years, this has proven to be one of the most effective initial steps to regain control and minimize damage after account compromise.

2. Send emails/messages to all your contacts from a separate email account, request them, and alert them not to respond to emails coming from the hacked email

Once an email account is hacked, it becomes very important to inform all contacts immediately to prevent further damage. In the past, cybercriminals have used compromised email accounts to impersonate victims and exploit their contacts through phishing messages, SOS scams, or malware attachments. Events like large-scale phishing campaigns in the early 2000s show that quickly notifying contacts significantly reduces the chances of continued exploitation. Victims should immediately create a secondary email account or use another trusted communication channel to send messages to all contacts informing them of the situation. These messages should clearly state that they should not respond to any emails from the compromised account, avoid clicking any links, and ignore any attachments or payment requests. Including specific examples of suspicious emails, such as subject lines or sender names, increases the effectiveness of the alert. Evidence from cybercrime reports shows that when victims actively warn their contacts, the success rate of subsequent scams drops considerably. Additionally, this communication helps maintain the victim’s credibility and prevents misunderstandings that can occur when contacts receive inappropriate or fraudulent emails from the hacked account. By taking this step, victims also gain time to pursue recovery measures and protect their social, professional, and business networks from potential cyber threats. This approach is widely recommended in cybersecurity guidelines and has proven effective in preventing damage from hacked email accounts.

3. Write to all service providers where your hacked email account is registered as a communication address, instructing them not to process any requests from the compromised email without secondary manual verification during recovery or alternative communication modes

An essential step in reducing the impact of a hacked email account is notifying all service providers where the compromised email is registered as the primary contact. Historically, attackers have used hacked email accounts to perform password resets, access banking accounts, social media profiles, cloud storage, and subscription services, a trend that became prominent alongside the widespread use of online services in the 2010s. By directly contacting service providers, victims can request that no transactions, password resets, or account changes be processed from the compromised email without additional verification. Supporting this request through alternative communication channels such as phone numbers or secondary emails ensures that any legitimate requests are manually verified. Evidence from multiple cybercrime case studies shows that victims who promptly inform service providers are able to prevent unauthorized fund transfers, data theft, and further account compromises. For example, during online banking fraud incidents, banks rely on email verification for significant changes, making this communication necessary to prevent losses. Historically, regulatory and cybersecurity authorities have recommended this proactive approach as a primary step in account recovery, emphasizing the importance of manual verification over automated processes during security breaches. Informing service providers creates a protective shield around all accounts linked to the hacked email, reducing the likelihood of cybercrime’s growing impacts and strengthening overall digital security. This measure is especially critical for accounts managing sensitive personal, financial, or business information, where even minor unauthorized access can have serious consequences.

How To File A Complaint

1. If your compromised email account has been used to send emails, print out the entire header of the suspicious email

When an unauthorized email is sent using a hacked email account, the first step in documenting the incident is to take a physical printout of the suspicious email along with its full header. Email headers contain essential technical information such as the sender’s IP address, original mail server, timestamp, and routing details, which can be used to trace the email’s path and identify the originating location. Historically, email header analysis has been a fundamental tool in cybercrime investigations, with documented cases dating back to the late 1990s when law enforcement agencies began tackling email fraud and phishing attacks. For example, during early phishing scams in the early 2000s, forensic analysts relied heavily on header data to determine whether emails genuinely originated from the claimed sender or were spoofed by attackers. By taking a printout, victims create a verifiable record of the email content and metadata that can serve as evidence in police reports or legal proceedings. This printed record is especially valuable in proving financial fraud, harassment, or unauthorized communication claims, as it preserves the email’s state at the time of investigation—important because digital content can be easily altered or deleted. With headers properly documented, investigators can identify the original source, potentially locate the attacker’s IP address, and connect the incident to broader cybercrime networks, increasing the chances of successful investigation and recovery.

2. Note: Collect the entire header only from the first receiver’s email account (not from a forwarded email)

It is crucial to extract the full email header specifically from the first recipient’s account, not from a forwarded copy, because the original header contains authentic technical routing information. Forwarded emails often modify or append additional metadata, which can obscure the original source and time of the message. Historically, forensic email analysis has relied on the first recipient’s header to accurately reconstruct the email’s path. Investigations by cybercrime agencies such as INTERPOL and national cyber units in the 2000s established that headers provide key details like the original IP, sender domain, and intermediary servers through which the email passed. These details are necessary to differentiate genuine senders from fake addresses or hacked accounts. Focusing on the first receiver’s full header allows investigators to precisely determine where the hacking originated, whether from a specific server, location, or hacker network. Cybersecurity manuals and forensic guidelines consistently recommend this method, as any mistake or omission in header collection can lead the investigation astray. Additionally, properly capturing the original header helps law enforcement identify crucial technical details such as timestamps, mail relay data, and email authentication results (SPF, DKIM, DMARC), which are vital for legal action. Therefore, obtaining the full header from the first recipient is a critical step in establishing a strong, verifiable case against the misuse of email accounts.

3. Gather documentary evidence of misuse of hacked accounts (such as screenshots, bank transaction statements, etc.)

Collecting additional documentary evidence beyond emails strengthens the complaint and aids in investigation. These evidences may include screenshots of suspicious conversations, bank statements proving financial loss, records of unauthorized transactions, and any correspondence indicating coercion, phishing, or fraud. Historically, cases of cybercrime since the early 2000s, including business email compromise incidents and phishing scams, have highlighted the importance of gathering extensive evidence. For example, in cases where hackers manipulated email accounts to redirect payments to fraudulent bank accounts, documents like transaction statements and invoices proved crucial in retrieving stolen funds and identifying criminals. Screenshots of malicious emails, fraudulent requests, or suspicious login alerts provide visual proof of the attack and can show the sequence of events leading to the compromise. Law enforcement agencies, including CERT-In and local cybercrime units, emphasize maintaining both digital and hard copy evidence to ensure investigators have multiple sources to verify facts. Moreover, these evidences help demonstrate the impact of the crime, whether financial, reputational, or operational, assisting authorities in taking appropriate action. Systematically collecting and preserving these documents not only assists police investigations but also creates a record that can be used for insurance claims, regulatory reporting, or legal proceedings against offenders. Proper collection of evidence is the foundation for resolving successful cybercrime cases and has been recommended in national and international cybersecurity guidelines for decades.

4. File a complaint at your nearest police station, providing a detailed account of the incident along with the above documents

Once sufficient evidence has been gathered, the next step is to formally register a complaint at the nearest police station. Filing the complaint in person ensures that authorities get immediate knowledge of the incident and can verify the case promptly. Historically, the practice of reporting cybercrimes began in the early 2000s with the rise of internet-related offenses, leading to the establishment of specialized cybercrime units within police departments worldwide. For instance, in India, cybercrime investigation cells established in major cities like Mumbai and Delhi have handled thousands of complaints related to email hacking, phishing, and online fraud. When filing the complaint, victims should provide a detailed description of the incident, including dates and times of suspicious emails, any financial losses, communications with hackers, and collected evidence such as printed emails, full headers, screenshots, and bank statements. Detailed documentation ensures investigators have enough information to trace the hacker, identify affected systems, and coordinate with service providers. Complaints also serve as official records for future legal action, insurance claims, or regulatory inquiries. Case studies show that well-documented complaints significantly increase the chances of successful investigation and prosecution because authorities can act swiftly using the provided evidence. Properly recorded complaints help police monitoring cybercrime patterns, identify repeat offenders, and prevent further misuse of compromised accounts, ensuring victims receive timely assistance and remedial action.

5. Save digital copies of all the above documents and give them to the investigating officer at the police station on a CD-R

Providing the investigating officer with electronic copies of all collected evidence is a necessary step in modern cybercrime complaint procedures. Historically, the shift from paper-based to digital documentation started in the early 2000s, when digital evidence became more common and integral to investigations. Stored on CD-Rs or other secure digital media, soft copies allow investigators to examine email, headers, screenshots, and financial records without risk of loss or damage to the original data. This approach ensures forensic analysis can be conducted efficiently, as digital tools can track IP addresses, metadata, timestamps, and other technical details essential for identifying attackers. For example, agencies like CERT-In and national cybercrime units have long recommended providing electronic evidence to facilitate reconstruction of cyber incidents and maintain chain-of-custody integrity. Digital copies also enable sharing relevant data with other departments, forensic experts, or international cybercrime organizations if the attack spans multiple jurisdictions. Case studies indicate that complaints with digital evidence lead to faster and more effective investigations because authorities can immediately commence technical analysis, cross-referencing hard copies if needed. By storing and submitting a complete set of digital files, victims help ensure that law enforcement has all necessary resources to advance the case, identify perpetrators, and pursue prosecution.

Read Also: