When your email account gets hacked into, the first thing to do is the change your password on that account! This will keep the hacker from sending out more impersonating emails. However, there are some other things you must also do immediately.
(You also should consider sending out an email to your contact list telling them your account was hacked into and to ignore many emails they could have received from you; that is up to you personally, depending on the seriousness of the emails sent from your account. Most people are probably aware that if they get an email from you without a subject and just with a random webpage link, that your account has been hacked.)
First, consider if you use this same (or similar) password on other accounts. If so, you need to change the passwords on those other accounts also. The hackers may try similar usernames and passwords on other important accounts. Never use the same password on multiple accounts; if one gets compromised, they could possibly all be compromised. This is especially true for social networking sites (Facebook, LinkedIn, etc.) and financial or purchasing accounts (e.g. your bank, PayPal, Amazon, etc.).
Next, this is a good time to consider your “security posture”; i.e. what security measures you employ based on what you have to lose. You should take some thought about how your account could have been hacked. Was it from one of the large free email accounts (like Hotmail, Yahoo!, Gmail, etc.) and did it have an easy password that could have been cracked if someone was able to find out some personal info about you by searching the Internet? If so, then you could have just been one of the many that are hacked into all the time. A difficult password should keep this from happening.
However, since your account has been hacked, you now have to consider another way people break into accounts, and that is by answering the “forgot/reset password questions” that you are required to answer, such as “what is your mother’s maiden name?”, “what is your favorite pet’s name?”, etc. Many of these pieces of information about you can be found out from your public face on the Internet. That is why for these types of questions, I most often “consistently lie”. Please see my “Essential Security Measures” document where I talk about this more. (E.g. you must remember these non-truths so you can get back into your accounts if you need to!)
Also, for every account that allows me to do so (like Facebook and my bank), I set up the feature that requires me to get and respond to a text message on my cell phone whenever a new computer tries to access my account. I highly recommend this.
While you are at it, consider other ways your usernames and passwords can be stolen. Here are some possibilities for even a tough password to be hacked:
1) Do you have a good, up-to-date antivirus program, or a few of them (like Microsoft Security Essentials, AVG Free, Malwarebytes, etc.)? If not, you could have a virus or keyboard logger that is reading all the info you type on your computer.
2) On our home network, do you have a “home router” (not just the modem given to you by your Internet Service Provider [ISP])? You need one. And if you have one, make sure you change the administrator password.
3) At home, do you use “unsecured WiFi”? You should use WPA2 encryption on your wireless network at home; otherwise you may have someone eavesdropping on your network communication.
4) If you do WiFi in public locations, there is the possibility all your Internet traffic can be read, even your password. I suggest you use a VPN when entering any passwords or using private accounts in a public location.
5) Never use public computers to check your email; chances are they are infected by viruses or keyloggers; and your email account name and password may very possibly be compromised.
These are some things to consider immediately. However, if you have not looked at and implemented the “Essential Security Measures for Home Computers” that I have suggested at www.ComputerSecurityNW.com, then I suggest you do so. I talk about all these issues there and give details and suggestions for implementing them.
Please let me know if you have questions about any of this or if I can help you further.
Here is a great article that talks about this more in-depth and give some other great ideas: http://www.switched.com/2011/02/24/what-to-do-email-account-hacked/
Other people suggest you actually change your email account. I am not sure if that is necessary if you take all the above measures, but you can read this and consider it for yourself: http://answers.yahoo.com/question/index?qid=20100919082120AAfIHW6