Behind the Breach: What Happened When This Solo Coach's Email Was Hacked

Written By Keith Kirkland

“My clients started getting weird emails from me. Some with fake invoices. One had a link to ‘download their program materials.’ It wasn’t me. My business—and my reputation—were on the line.”

That’s what Alex, a mindset and wellness coach running her business solo, experienced when her email account was hacked. What started as one suspicious email quickly turned into a full-blown breach that threatened her client trust and professional identity.

In this post, we’ll walk you through what actually happened, how the hacker got in, and what Alex (and you) could have done to prevent it.

🔍 What Happened

Alex uses Gmail to run nearly every part of her business: coaching clients, scheduling calls, sending payment links, and sharing worksheets.

One morning, she noticed that her "Sent" folder had messages she didn’t remember sending. A few clients replied confused—or worse, clicked on links that downloaded malware or requested payment.

  • The attacker had logged into her Gmail account from another country.

  • They set up an auto-forward rule to monitor incoming emails silently.

  • Then they sent phishing emails posing as Alex to her clients.

She didn’t notice for days.

🚩 Red Flags That Were Missed

Here’s what allowed this breach to happen—and what made it worse:

  1. No Two-Factor Authentication (2FA)
    Alex had a strong password, but no 2FA. A data leak from a third-party site had exposed her login—and the attacker reused it.

  2. No Login Notifications Enabled
    She didn’t receive alerts about logins from new devices or locations.

  3. No Regular Account Checks
    She never checked sent messages or mail rules, where hackers often hide their tracks.

  4. Over-reliance on One Tool (Gmail)
    Since Gmail controlled her calendar, invoicing, and document sharing, one breach exposed everything.

🛡️ How You Can Protect Yourself

If you’re running your business through email (especially Gmail or Outlook), these steps are crucial:

1. Enable Two-Factor Authentication (Right Now)

Use Google Authenticator, Authy, or a hardware key. This alone could’ve stopped the hacker cold.

2. Use a Password Manager + Unique Passwords

Avoid reusing passwords across platforms. A leaked password from a yoga app or webinar tool can lead to your email being compromised.

3. Check for Suspicious Rules & Activity

Review your email account settings regularly:

4. Set Up Login Alerts

Get notified any time someone logs in from a new location or device.

5. Separate Business Functions

Don’t run your entire business through a single Gmail account. Use separate tools (or accounts) for payments, scheduling, and document sharing where possible.

💡 Bonus Tip: Pre-Draft an Emergency Email

In the event your account is compromised, have a draft email you can quickly send from a backup account to alert your clients:

“My main email has been compromised. Please do not click on any recent links or attachments. I’ll be back in touch soon from a secure account.”

🔚 The Aftermath—and the Lesson

Alex was able to recover her Gmail account, but not before several clients clicked on bad links. One even had to cancel a credit card. The experience shook her—and caused weeks of reputational repair.

But it didn’t have to happen.

Most email breaches are preventable with just a few minutes of setup and monthly review.

👉 Want a free Cyber Health Report for your business?
We’ll check for weak spots like password reuse, tool configuration, and account protections—so you can stay ahead of threats without becoming a cybersecurity expert.
Get Your Report →

Keith Kirkland
Next

How a Freelancer Lost $3,000 to a Fake Invoice—and How You Can Avoid It