Somebody recently asked me this question. Many people have seen, every now and then, the weird emails coming from a friend or relative that could not possibly be sent by them, so I thought it’s worthwhile to make the answer broadly available:
If you want to inform someone that their email account has been hacked, it is usually wise to use an alternate mode of communication if possible (Another email address than the one being the source of suspicious emails or even a phone call). Sending an email to the email address that seems to be hacked might only worsen things if the account is actually under the control of a hacker, for it only confirms your email address is valid and makes you prone to receiving spam (your email address will be sold in the black market for a price).
If YOUR email has been hacked, the first immediate action is to change your password, preferably from a different computer than then one you normally use, just in case the cause of the email hacking is password-stealing malware implanted in your computer. The next action is then to do a thorough malware check to make sure the source of the security breach in your computer is NOT malware (weak passwords can be guessed without needing password-stealing malware to perpetrate, plus in rare cases passwords are stolen from the computers running the email service on the Internet – the servers), or get rid of any malware if there is any.
There is a possibility that your hacked email account has had its password changed to lock you out. To regain control of your email account you might need to reset the password. Most email services provide methods of doing that. Security questions that only you know the answer to, a cell phone number a new password can be sent to as a text message, a secondary email to send a new password to, all these must be pre-set for this kind of eventuality. So a good preventive measure is to make sure these reset password mechanisms are in place for your email address.