Hacking the email is one of the most effective cyber attacks. Consider how many other accounts will allow you to reset passwords if only you had access to that email and you will quickly understand why email accounts are so valuable to cyber crooks.
Usually, it's as simple as guessing your password. Most email services (especially free ones provided by your Internet service provider) allow people to log in with just the username and password. Even if the criminals don't know your password, they could sometimes get it reset by answering security questions. Most people actually use very simple questions and answers that aren't hard to find out, such as "Your dog's name" or "What school did you go to".
After your email account is hacked, the crooks will usually change your password, send spam to your contacts, and even delete all your messages. Here is what you can do after it happened:
1. Recover your account
If you can't login to your email, it's because the hacker changed your password to something else. Either this or you just forgot it... Contrary to the popular beliefs, computers don't forget passwords, but people do!
You can try clicking "Forgot my password" and go through the recovery steps. Usually it involves answering security questions, sending a code to your phone number or another email address, or calling tech support.
If the recovery doesn't work, you may be completely out of luck. Free email services rarely have any tech support available, even if you are ready to pay.
If you can't recover your account, it has now become SOMEONE ELSE's account. Unless you backed up your emails and contacts, everything in it is gone forever. You'll need to start from scratch and set up a new account.
2. Change your password
If you do manage to log in, change the password immediately. Don't use passwords that are easy to guess, or the same password for all your websites. You can read why here.
3. Change or confirm your account recovery information
It's important to do this even if your email isn't hacked... The recovery information is used to recover a forgotten password. If you have an obsolete email address or an old phone number there, you won't be able to do it. And if the recovery info belongs to the hacker, they can click on "forgot password" link and reset your password once again.
Make sure that both the alternate email address and the phone number listed in your recovery information is yours and you can access it! If you ever change your phone number, you must update those records ASAP.
4. Check "out of office" messages, reply-to, forwards, and signatures
Hackers can use these to reply with their spam, or redirect messages to their email addresses. Your signature could contain links to malicious websites.
5. Check related accounts
This is the most difficult and time-consuming activity. If a hacker has access to your email, they can easily change passwords to other websites simply because they can click on "forgot password" links. Think about how many accounts you have that use your email address... Banks, government agencies, shopping websites, Facebook, etc.
Even though it takes a very long time, my advice is to change the passwords on those websites as well.
6. Let your contacts know
After you have recovered your account (or even before, by using another account), tell your contacts not to trust messages from the hacked email. The hacker could be impersonating you to scam other people
7. Backup your stuff
Even though this won't help you with the email address that got hacked, at least you can preserve your important messages and contacts. If you use online mail (through your browser and not an email client), all the emails are stored on their servers with nothing on your computer. If your email is important, I suggest setting up an email client (such as Outlook, Thunderbird, or EmClient) and do periodic backups of your emails.
8. If you are not sure, get help
A hacked email account is not something to take lightly and without proper technical knowledge and experience, it can be very confusing and daunting to recover from. The quicker you can ask for help, the better chances of restoring access and minimizing the potential damage you have.