Your Gmail account is the gateway to your personal data as well as lots of other applications you use. And this means that all your eggs are in one basket. If your Gmail account gets hacked, you could be exposed to more risks than you can imagine. Therefore, you should learn how to identify and neutralize any threats quickly.
Hackers know many ways to penetrate Gmail, and data leaks help them even more. They have multiple tools on the desk to make your life more difficult such as phishing emails, fake profiles, quid pro quo, malicious links or just plain jailbreak into your account. Read more about it in our articles about the most common hacking techniques and social engineering.
You might not even notice that your account has been hacked. It’s important to check your account activity and take immediate action if you see anything suspicious.
Here are a few ways to check whether somebody has hacked your account:
1. Log in to your Gmail account;
2. Scroll down to the bottom of the page and click on Details to see the latest connections;
3. Check whether you recognize all of them. If you see devices, IP addresses, or anything else you don’t recognize, stop all your Gmail sessions and change your password immediately.
1. Click on your profile icon in the top right-hand corner of the screen and click Google Account;
2. Choose Security. Then scroll down to Recent security events to find out whether Google detected any suspicious activity involving your account;
3. Then scroll further down to Your devices section and click Manage devices. Check if you recognize all of the devices used to connect to your account.
Click on Secure your account in case you spot an unknown device;
4. Go back and click Manage third-party access in the Third-party apps with account access section.
Check whether you recognize all of the third-party apps that are using your account. Remove those you don't trust by clicking on the app name and pressing Remove access.
5. Go back once again and scroll down to Linked Accounts. See if you know them all and remove any suspicious ones.
If you suddenly stop getting emails or your friends start complaining about receiving scams from your account, this is a sign of malicious activity.
If you’ve determined that you’ve been hacked, do the following:
1. Open Google Accounts by clicking on your profile icon in the top right-hand corner;
2. Go to the Home section and check whether there are any issues found by clicking Get started under We keep your account protected section;
3. Finally, click Get started under Take the Privacy Checkup to customize your privacy settings.
If you cannot log in to your account and are sure that you’ve entered the password and username correctly, this means that someone might have hacked your Gmail and changed your password. In that case, go to the Google Account recovery page and follow the steps to recover your account.
Once you’re in, change your password immediately. Do this not only for your Gmail account, but also for all other sites connected to it or that share the same password (by the way, you should never do that!).
Use the steps described in the Review your security settings section. Also, undo all of the unfamiliar changes in Gmail settings.
1. Open Google search and click on About in the bottom left-hand corner;
2. Scroll to the very bottom to the More about us section and click Contact us;
3. Scroll down to the Privacy, security and online safety section and choose Phishing: Gmail;
4. Click on Report a phishing email and follow the steps indicated.
To protect your account from cyberattacks, you should:
1. Use Google’s 2-step verification system.
Two-step verification isn’t perfect, but it usually adds a valuable extra layer of protection for your account. Enable it by going to Google account->Security->2-step verification. 2FA adds an extra layer of protection by requiring a confirmation Google sends to your phone or a security key.
2. Use a strong password.
You can find some tips how to create one here. Also, make sure the answer to your security question is unique and something hackers couldn’t guess easily.
3. Always sign out after a browsing session, especially when you use public computers.
In case you notice any suspicious logins, click on Sign out all other Gmail web sessions by going to Details at the very bottom of your Gmail inbox page and change your password immediately. It also lets you sign out of sessions you accidentally left open.
4. Always make sure any email you receive comes from a legitimate sender.
You should always double-check the email address. Also, avoid opening attachments, emails, and links that look suspicious. If you receive a fishy email from a company whose services you use (e.g., bank), contact them immediately for verification.
5. Use a secure browser.
Check our list of the most secure browsers here.
To learn more about cybersecurity, subscribe to our monthly blog newsletter below!