Is your Gmail hacked?

Hackers know many ways to penetrate Gmail, and data leaks help them even more. They have multiple tools on the desk to make your life more difficult such as phishing emails, fake profiles, quid pro quo, malicious links or just plain jailbreak into your account. Read more about it in our articles about the most common hacking techniques and social engineering.

You might not even notice that your account has been hacked. It’s important to check your account activity and take immediate action if you see anything suspicious.

Here are a few ways to check whether somebody has hacked your account:

1. Log in to your Gmail account.

2. Scroll down to the bottom of the page and click on “Details” to see the latest connections.

3. Check whether you recognize all of them. If you see devices, IP addresses, or anything else you don’t recognize, stop all your Gmail sessions and change your password immediately.

1. Click on your profile icon in the top right-hand corner of the screen and click “Google Account.”

2. Choose “Security.” Then scroll down to “Recent security events” to find out whether Google detected any suspicious activity involving your account.

3. Then scroll further down to “Your devices” section and click “Manage devices.” Check if you recognize all of the devices used to connect to your account.

Click on “Secure your account” in case you spot an unknown device.

4. Go back and click “Manage third-party access” in the “Third-party apps with account access” section.

Check whether you recognize all of the third-party apps that are using your account. Remove those you don’t trust by clicking on the app name and pressing “Remove access.”

5. Go back once again and scroll down to “Linked Accounts.” See if you know them all and remove any suspicious ones.

If you suddenly stop getting emails or your friends start complaining about receiving scams from your account, this is a sign of malicious activity.

If you’ve determined that you’ve been hacked, do the following:

1. Open “Google Accounts” by clicking on your profile icon in the top right-hand corner.

2. Go to the “Home” section and check whether there are any issues found by clicking “Get started” under “We keep your account protected” section.

3. Finally, click “Get started” under “Take the Privacy Checkup” to customize your privacy settings.

If you cannot log in to your account and are sure that you’ve entered the password and username correctly, this means that someone might have hacked your Gmail and changed your password. In that case, go to the Google Account recovery page and follow the steps to recover your account. You can read our guide to recover your Google Account for more detailed instructions.

Once you’re in, change your password immediately. Do this not only for your Gmail account, but also for all other sites connected to it or that share the same password (by the way, you should never reuse your password!).

Use the steps described in the “Review your security settings” section. Also, undo all of the unfamiliar changes in Gmail settings.

1. Open Google search and click on “About” in the bottom left-hand corner.

2. Scroll to the very bottom to the “More about us” section and click “Contact us.”

3. Scroll down to the “Privacy, security and online safety” section and choose “Phishing: Gmail.”

4. Click on “Report a phishing email” and follow the steps indicated.

To protect your account from cyberattacks, you should:

1. Use Google’s 2-step verification system.

Two-step verification isn’t perfect, but it usually adds a valuable extra layer of protection for your account. Enable it by going to “Google account” > “Security” > “2-step verification.” 2FA adds an extra layer of protection by requiring a confirmation Google sends to your phone or a security key.

2. Use a strong password.

It’s best to start by learning how to create a strong password. Also, make sure the answer to your security question is unique and something hackers couldn’t guess easily.

3. Always sign out after a browsing session, especially when you use public computers.

In case you notice any suspicious logins, click on Sign out all other Gmail web sessions by going to “Details” at the very bottom of your Gmail inbox page and change your password immediately. It also lets you sign out of sessions you accidentally left open.

4. Always make sure any email you receive comes from a legitimate sender.

You should always double-check the email address. Also, avoid opening attachments, emails, and links that look suspicious. If you receive a phishing email from a company whose services you use (e.g., bank), contact them immediately for verification. You may also want to use Threat Protection, a useful NordVPN feature that can block websites that might be loaded with malware. If you accidentally click an email link that directs you to a site known to spread malware, Threat Protection can block that connection and protect you.

5. Use a secure browser.

Check our list of the most secure browsers and choose the best privacy browser for you.