WASHINGTON — Cyberespionage may be the new normal, but you wouldn’t think that an American graduate student would be a target for state-level spyware and surveillance. Apparently, though, I am.

On May 19, I awoke to an email from an unfamiliar sender, “Wahedk87,” with the subject line “Planned visit to Qatar.” The email warned me that “the U.A.E. authorities have informed their counterparts in Qatar regarding your planned visit” and accused me of conducting a “dirty mission” to “gather some confidential information.”

In college at New York University, in 2013, I had spent a semester of study abroad in the United Arab Emirates; I am now a master’s candidate at Georgetown University’s School of Foreign Service, and at the time of Wahedk87’s email I was a week away from traveling to Qatar. My “dirty mission” was my thesis research, and the “confidential information” I sought was about the labor conditions of migrant workers in the capital, Doha.

Working with a cybersecurity expert, I learned that my personal email had been hacked twice in April. In advance of the hack, the attacker sent me bait emails including a fake BBC News alert about migrant labor abuses in Qatar. Once the hacker had access, he synced my personal email to an external account. This granted access to every message I had sent and received since my account’s inception four years ago.