I just received a couple of spam emails from a friend who had had her email account hacked. The hacker sent the spam to everyone on her contact list. Here's what I told her:
First, replace your old password!
Second, choose a password that can't be guessed based on text in your emails!
Third, write down the password. Keep that piece of paper till you remember the password without looking.