Ryan Toohil has a BS in Computer Engineering from Virginia Tech and holds multiple patents in the web services domain. As the CTO at Aura, he leads the platform, information security, and corporate IT teams.
Alina Benny is an Aura authority on internet security, identity theft, and fraud. She holds a bachelor's degree in Electronics Engineering from the Cochin University of Science and Technology and has nearly a decade in content research. Twitter: @heyabenny
That’s the question a Reddit user frantically asked after opening their Gmail account to find hundreds of spam messages in their sent folder [*].
The scary truth is that your Gmail account is a hot target for scammers and hackers — and it’s relatively easy for them to take over your account if you don’t have security measures in place beyond a basic password.
For instance, in December 2023, CloudSEK reported on a session cookies exploit that lets attackers access your Gmail account even if you change your password [*].
Email accounts hacked in similar ways may be used to scam your contacts, extort you, or request password resets and two-factor authentication (2FA) codes for other accounts — including your bank or other financial accounts.
How To Tell If Your Gmail Account Was Hacked
Hackers and fraudsters can gain access to your account in several ways. Most commonly, they steal victims’ credentials via data breaches, phishing emails, or password attacks.
Here are six warning signs indicating that your Gmail account has been hacked:
Your Gmail password has been changed. If you can’t sign in to your Gmail account, a hacker has probably locked you out of it.
Someone from a different IP address has logged in to your account (or attempted to do so). Gmail provides a log ofIP addressesthat have been used to access your account. If there’s an IP that you don’t recognize (or you receive a notification), someone else has gained access.
You get notified that your recovery email or phone number has been changed. Once scammers gain access to your account, the first thing they’ll do is change your recovery information so that they can keep you locked out.
There are messages in your “sent” folder that you didn’t send. Often hackers use stolen email accounts to send scam and phishing emails to their victims’ contacts.
You start to receive other password reset emails (that you didn’t request). With access to your Gmail, hackers will be able to see what other services you use and try to gain access to them.
You find your email and password information on the Dark Web. The largest compilation of multiple breaches (COMB) with over 26 billion records was discovered in January 2024 [*]. While duplicates may exist, there’s a good chance that your email address is already up for sale through a Dark Web spigot.
🔦 Was your data exposed? Check for leaked passwords associated with your email address. Also receive a report of known breaches and what to do next using Aura's free Dark Web scanner.
The first step to regain access to your hacked account is to lock out the attacker. After that, you can begin implementing new Gmail settings as security measures to protect yourself in the future.
Here’s what you should do:
1. Check to see if you can sign in to your Gmail account
If you can still sign in to your Gmail account, it means that the hacker hasn’t locked you out (yet). This will make recovering your account (and blocking access to the hacker) much easier.
If you can’t sign in to your Gmail account, skip to Step 2 for more recovery options.
Here’s what to do:
Open a web browser (like Google Chrome) and sign in to your Google Account.
Select “Security” from the left-hand panel.
Under “Recent security events,” select “Review security events”to see your last account activity.
If you see any suspicious activity that you think came from a hacker, select “See unfamiliar activity?”
Follow the steps on-screen to secure your account. You will be asked to change your password — make sure to create a strong, unique, complex password that’s at least 12 characters long.
2. Enter your hacked Gmail account into the “Account Recovery” page
If you can’t sign in, you need to load the Google Account Recovery page to regain access to your email and eject any hacker that might be using it.
The recovery page will ask you a series of questions. The more you answer, the more certain Google will be that you are the legitimate owner of your Gmail account.
Tips to recover your Gmail account:
Use a familiar device and location. Google knows the devices, browsers, and locations from which you usually sign in. Using these will help convince Google that it’s really you.
Provide answers to your passwords and security questions. Next, Google will ask you about your previous passwords and security questions. Answer these as specifically as possible — pay attention to typos and uppercase and lowercase letters. If you can’t remember the answer exactly, reply with something as close as possible — for example, “NY” instead of “New York.”
Enter your recovery email address or recovery phone number. Google will prompt you to enter your connected email address if you had one set up. Once you input this account address, Google will send you a recovery email.
3. Use Google’s “Security Checkup” feature
Google’s built-in Security Checkup feature will take you through a checklist of actions to increase the security of your Google Account. It also enables you to learn what parts of your account were accessed by the hacker so that you can take extra steps to reduce the damage done.
What to do:
Check whether your saved passwords were accessed. If you save your passwords using Google, Security Checkup will show you if they were used. If so, immediately change those passwords to new ones that are unique and secure.
Check if your contacts were downloaded. If they were, you can let your contacts know to look out for suspicious phishing emails.
See whether your Google Wallet was used. If you link your Google Wallet, you can check whether hackers made any unauthorized payments using your account. If they did, you can dispute the charges with Google to potentially get your money back.
Even if you regain control of your Gmail account, hackers may remain signed in to your account on their devices. To ensure that they can’t log in to your account again (and kick you out the same way), you need to forcefully sign out of their devices.
Check for any app passwords that you didn’t create.
Click on the trash icon 🗑 (or “Remove”) to revoke access to your account using that password.
6. Run a full antivirus scan on your device
If your device was hacked, there’s a chance that it has been infected with malware. If this is the case, hackers may have access to your entire device — not just your Gmail account.
Even worse, a hacked device can give cybercriminals an easy way to discover your new passwords. Some malware (called keyloggers) captures everything you enter on your device and sends it to scammers.
This doesn’t just apply to Android devices — your account could have been compromised on any device running macOS, iOS, or Windows.
What to do:
Sign up for a reputable anti-malware and antivirus program. Aura’s digital security solution provides powerful antivirus software that can help discover and quarantine malware immediately.
Run a deep scan and delete the malware. Run a scan on every device you use to ensure that you are completely safe.
7. Enable two-factor authentication (2FA)
Enabling 2FA is essential after you’ve been hacked; it can prevent hackers from signing into your account — even if they have your password. With 2FA enabled, you’ll be asked to submit a verification code as proof that it’s actually you.
What to do:
Enable 2FA on your Gmail account. Sign in to your Google Account and select “Security”from the left-hand panel. Scroll down and click on “2-Step Verification.” Click “Get started”andthen complete the on-screen instructions to set up 2FA for your account.
Enable 2FA on other key accounts. Add 2FA to other key accounts — especially your bank accounts and social media. This is an additional safeguard that protects your accounts in case hackers manage to steal your login credentials.
Use a reliable authenticator app. Using SMS to receive 2FA codes can be intercepted via SIM swappingand other hacks. For Gmail, the Google Authenticatorapp is one of the safer methods.
Malware occasionally masquerades as a benign app that has permission to access your Google Account. In extreme cases, a third-party app is given complete access to your account and may send spam emails or log your personal information.
Sign in to your Google Account and select “Security”from the left-hand menu.
Scroll down to where it says “Third-party apps with account access” and select “Manage third-party access.”
Click on each app and scan its access permissions.
If there’s anything suspicious, click on the app and select “Remove access.”
9. Delete your Gmail account
If you’re unable to regain full control of your Gmail account or can’t remove the hacker’s access, deleting your account is the last resort. However, once your account is deleted, you won’t be able to access “Security Checkup” or any of your old data.
Update your recovery information. If you haven’t already, update your recovery information to prevent the hacker from bringing your account back online without your permission.
Delete your account. Sign in to your Google Account and go to the “Privacy & Security” section. Scroll down to the “More options” section, and select “Delete your Google Account.”
Was Your Gmail Hacked? Do This Right Away
As soon as you regain access to your Gmail account, you need to act quickly to secure it and protect yourself from further damage.
Change passwords for your email and other accounts immediately. With access to your Gmail account, scammers can uncover other information to hack you further. Changing your passwords immediately will prevent them from accessing other accounts.
Update your security questions. Change your security questions to ensure that scammers won’t be able to discover the answers online. Hackers can learn many things about you via social media and yourdigital footprint; use unique questions that only you know the answers to.
Check your account settings. Make sure there are no “rules” that you didn’t set up. If there are, delete them so that messages aren’t forwarded to another address. Also, check your signature for unfamiliar links that the hacker may have added.
Freeze your credit with all three credit bureaus. If you think hackers gained access to your financial accounts, you should freeze or lock your credit immediately. This will prevent them from taking out any lines of credit or loans in your name. Here’s how to freeze your credit with Experian, Equifax, and TransUnion.
Check your “Sent” folder for any scam messages that were sent from your account, and inform the recipients. The hacker may have targeted your contacts with social engineering scamemails. If so, you should send follow-up emails to those contacts to inform them of the scam, and recommend that they delete those emails.
File an official fraud and identity theft complaint with the Federal Trade Commission (FTC) and local law enforcement. If the hacker has used your information to commit fraud in your name, you should report this to the FTC atIdentityTheft.gov. Alsofile a police report.
⛑️ Take action: Protect your online accounts, devices, and finances from fraudsters by signing up for Aura’s digital security app. Try Aura free for 14 days.
How To Protect Your Gmail Account From Hackers
Use unique and strong passwords for all of your online accounts. Your passwords should be 12–15 characters long and contain a combination of symbols, uppercase and lowercase letters, and numbers. Every password should be unique.
Add a secure recovery email and phone number to your account. The more recovery methods that you have in place, the safer you are if your account gets hacked. You can add recovery methods in your Google Account’s security settings.
Set up a secure password manager to protect you against data breaches, phishing sites, and more. Aura’s password manager, which is included in all Aura plans, safely encrypts your passwords and remembers them so that you don’t have to worry.
Learn to recognize the signs of phishing, and beware of any links or attachments. Phishing attacks and hidden malware are two of the main methods by which scammers gain access to people’s accounts. Knowing what these attacks look like can prevent you from falling victim.
Reduce the amount of personal information that you share online. Hackers and scammers are constantly on the lookout for personal information that they can use to access your accounts or steal your identity. Practicing effective cyber hygiene can protect you against this risk.
Scan the Dark Web for compromised account passwords. Use Aura’s free Dark Web scanner to check whether any of your passwords have been compromised in data breaches. If they have, update them immediately.
Consider an all-in-one digital security solution to protect your accounts and identity. Aura’s top-rated identity theft protection monitors your sensitive information and finances for signs of fraud. If a hacker tries to access your accounts, Aura will help you take action before it’s too late.