This article is brought to you by Aura.
Watch the video to see how we protect you online.
This article is brought to you by Aura. Watch the video to see how we protect you online.
Start Free Trial
4.7 stars on Trustpilot
Close Button
What is Aura? (1:10)

I Think My Gmail Was Hacked! How To Secure Your Email

If you think your Gmail has been hacked, first recover your account using Google’s Account Recovery process and then reset your password.

If you think your Gmail has been hacked, first recover your account using Google’s Account Recovery process and then reset your password.

Illustration of an open envelope with an exclamation mark on it — indicative of a hacked Gmail account

Aura’s app keeps you safe from scams, fraud, and identity theft. Try Aura for free.

4.7 stars as of Dec. 2023

In this article:

    In this article:

      See more

      Aura’s digital security app keeps your family safe from scams, fraud, and identity theft.

      See pricing
      Share this:

      Can Hackers Take Over Your Gmail Account?

      That’s the question a Reddit user frantically asked after opening their Gmail account to find hundreds of spam messages in their sent folder [*]. 

      The scary truth is that your Gmail account is a hot target for scammers and hackers — and it’s relatively easy for them to take over your account if you don’t have security measures in place beyond a basic password.

      For instance, in December 2023, CloudSEK reported on a session cookies exploit that lets attackers access your Gmail account even if you change your password [*].

      Email accounts hacked in similar ways may be used to scam your contacts, extort you, or request password resets and two-factor authentication (2FA) codes for other accounts — including your bank or other financial accounts.

      {{show-toc}}

      How To Tell If Your Gmail Account Was Hacked

      Hackers and fraudsters can gain access to your account in several ways. Most commonly, they steal victims’ credentials via data breaches, phishing emails, or password attacks

      Here are six warning signs indicating that your Gmail account has been hacked: 

      • Your Gmail password has been changed. If you can’t sign in to your Gmail account, a hacker has probably locked you out of it. 
      • Someone from a different IP address has logged in to your account (or attempted to do so). Gmail provides a log of IP addresses that have been used to access your account. If there’s an IP that you don’t recognize (or you receive a notification), someone else has gained access. 
      • You get notified that your recovery email or phone number has been changed. Once scammers gain access to your account, the first thing they’ll do is change your recovery information so that they can keep you locked out.
      • There are messages in your “sent” folder that you didn’t send. Often hackers use stolen email accounts to send scam and phishing emails to their victims’ contacts.
      • You start to receive other password reset emails (that you didn’t request). With access to your Gmail, hackers will be able to see what other services you use and try to gain access to them.
      • You find your email and password information on the Dark Web. The largest compilation of multiple breaches (COMB) with over 26 billion records was discovered in January 2024 [*]. While duplicates may exist, there’s a good chance that your email address is already up for sale through a Dark Web spigot.
      🔦 Was your data exposed? Check for leaked passwords associated with your email address. Also receive a report of known breaches and what to do next using Aura's free Dark Web scanner.

      What Happens If Someone Hacks Your Gmail?

      Email services are pliable targets for scammers because they often give access to other linked accounts.

      Your email address is also the core of your digital identity — sending and receiving emails that could contain your passwords, login information, photos, and personally identifiable information (PII).

      Worse, a Gmail account gives access to your entire Google Account. If someone hacks your Gmail, they also have access to everything linked to your Google Account.

      Here are some of the things hackers can do with your Gmail account: 

      • Send phishing or scam emails to your contacts.
      • Request password resets to your other accounts.
      • Attempt to break into your linked accounts.
      • Track the physical location of your associated Android devices.
      • Access passwords stored in your Google Account.
      • Use your Google Wallet to make transactions using your linked credit card details. 
      • Find sensitive information about you that they can use for identity theft.
      • Blackmail you with personal photos or videos.

      How To Recover a Hacked Gmail Account

      1. Check to see if you can sign in to Gmail
      2. Enter your hacked Gmail account into the “Account Recovery” page
      3. Use Google’s “Security Checkup” feature
      4. Review which devices can access your account
      5. Check for and revoke any app passwords
      6. Run a full antivirus scan on your device
      7. Enable two-factor authentication
      8. Remove third-party app access
      9. Delete your Gmail account

      The first step to regain access to your hacked account is to lock out the attacker. After that, you can begin implementing new Gmail settings as security measures to protect yourself in the future.

      Here’s what you should do:

      1. Check to see if you can sign in to your Gmail account

      If you can still sign in to your Gmail account, it means that the hacker hasn’t locked you out (yet). This will make recovering your account (and blocking access to the hacker) much easier.

      If you can’t sign in to your Gmail account, skip to Step 2 for more recovery options.

      Here’s what to do:

      1. Open a web browser (like Google Chrome) and sign in to your Google Account.
      2. Select “Security” from the left-hand panel.
      Screenshot of a Google account settings page showing the Security page as one of the options on a menu
      1. Under “Recent security events,” select “Review security events to see your last account activity.
      Screenshot of the ‘Recent security activity’ tab showing two buttons; one of which is ‘Review security activity’
      1. If you see any suspicious activity that you think came from a hacker, select “See unfamiliar activity?
      Screenshot of more options under ‘Recent security activity’; a ‘See unfamiliar activity?’ button
      1. Follow the steps on-screen to secure your account. You will be asked to change your password — make sure to create a strong, unique, complex password that’s at least 12 characters long.
      Screenshot of a tab called ‘Let’s secure your account’ with a ‘Change password’ button

      2. Enter your hacked Gmail account into the “Account Recovery” page

      If you can’t sign in, you need to load the Google Account Recovery page to regain access to your email and eject any hacker that might be using it.

      The recovery page will ask you a series of questions. The more you answer, the more certain Google will be that you are the legitimate owner of your Gmail account. 

      Tips to recover your Gmail account:

      1. Use a familiar device and location. Google knows the devices, browsers, and locations from which you usually sign in. Using these will help convince Google that it’s really you.
      2. Provide answers to your passwords and security questions. Next, Google will ask you about your previous passwords and security questions. Answer these as specifically as possible — pay attention to typos and uppercase and lowercase letters. If you can’t remember the answer exactly, reply with something as close as possible — for example, “NY” instead of “New York.”
      3. Enter your recovery email address or recovery phone number. Google will prompt you to enter your connected email address if you had one set up. Once you input this account address, Google will send you a recovery email.

      3. Use Google’s “Security Checkup” feature

      Google’s built-in Security Checkup feature will take you through a checklist of actions to increase the security of your Google Account. It also enables you to learn what parts of your account were accessed by the hacker so that you can take extra steps to reduce the damage done.

      What to do:

      • Check whether your saved passwords were accessed. If you save your passwords using Google, Security Checkup will show you if they were used. If so, immediately change those passwords to new ones that are unique and secure.
      • Check if your contacts were downloaded. If they were, you can let your contacts know to look out for suspicious phishing emails.
      • See whether your Google Wallet was used. If you link your Google Wallet, you can check whether hackers made any unauthorized payments using your account. If they did, you can dispute the charges with Google to potentially get your money back.

      ⛳️ Related: How To Get Your Money Back if You’ve Been Scammed Online

      4. Review which devices can access your account

      Even if you regain control of your Gmail account, hackers may remain signed in to your account on their devices. To ensure that they can’t log in to your account again (and kick you out the same way), you need to forcefully sign out of their devices.

      What to do:

      1. Sign in to your Google Account.
      2. Select “Security from the left-hand panel.
      3. Under “Your devices,” select “Manage all devices.”
      Screenshot of the ‘Your devices’ page showing three connected devices — Windows computer, Android phone, unknown device
      1. Check for unrecognized devices and strange device activity. If you see any, click on the device and then select, “Don’t recognize something?
      Screenshot showing the ‘Don’t recognize something’ button under a Windows device last signed in on November 16
      1. Follow the on-screen steps to sign out on the device and change your password (if you haven’t already).
      Screenshot of the ‘Let’s secure your account’ page with a button to sign out on a device
      1. Remove every device that isn’t yours from the list to prevent hackers from regaining access to your account.

      5. Check for and revoke any app passwords on your account

      App passwords offer a feature that allows users with devices that don’t support 2FA to create passwords that are specific to their devices.

      If hackers create app passwords for your Gmail account, they’ll still be able to gain access even if you reset your main password.

      How to remove app passwords:

      • Sign in to your Google account and go to the app passwords page.
      • Check for any app passwords that you didn’t create. 
      • Click on the trash icon 🗑 (or “Remove”) to revoke access to your account using that password.

      6. Run a full antivirus scan on your device

      If your device was hacked, there’s a chance that it has been infected with malware. If this is the case, hackers may have access to your entire device — not just your Gmail account. 

      Even worse, a hacked device can give cybercriminals an easy way to discover your new passwords. Some malware (called keyloggers) captures everything you enter on your device and sends it to scammers. 

      This doesn’t just apply to Android devices — your account could have been compromised on any device running macOS, iOS, or Windows.

      What to do:

      • Sign up for a reputable anti-malware and antivirus program. Aura’s digital security solution provides powerful antivirus software that can help discover and quarantine malware immediately.
      • Run a deep scan and delete the malware. Run a scan on every device you use to ensure that you are completely safe.

      7. Enable two-factor authentication (2FA)

      Enabling 2FA is essential after you’ve been hacked; it can prevent hackers from signing into your account — even if they have your password. With 2FA enabled, you’ll be asked to submit a verification code as proof that it’s actually you.

      What to do:

      • Enable 2FA on your Gmail account. Sign in to your Google Account and select “Security from the left-hand panel. Scroll down and click on “2-Step Verification.” Click “Get started and then complete the on-screen instructions to set up 2FA for your account.
      Screenshot of the ‘Signing in to Google’ page with 2FA and signin via phone listed as being disabled
      • Enable 2FA on other key accounts. Add 2FA to other key accounts — especially your bank accounts and social media. This is an additional safeguard that protects your accounts in case hackers manage to steal your login credentials.
      • Use a reliable authenticator app. Using SMS to receive 2FA codes can be intercepted via SIM swapping and other hacks. For Gmail, the Google Authenticator app is one of the safer methods.

      ⛳️ Related: How To Protect Your Bank Account From Identity Theft

      8. Remove third-party app access

      Malware occasionally masquerades as a benign app that has permission to access your Google Account. In extreme cases, a third-party app is given complete access to your account and may send spam emails or log your personal information.

      To protect yourself against these apps, you should remove their access.

      What to do:

      1. Sign in to your Google Account and select “Security from the left-hand menu. 
      2. Scroll down to where it says “Third-party apps with account access” and select “Manage third-party access.”
      Screenshot of the ‘Third-party apps with account access’ page; Clearscope, CloudMounter, Trello are listed as being connected
      1. Click on each app and scan its access permissions.
      2. If there’s anything suspicious, click on the app and select “Remove access.” 

      9. Delete your Gmail account

      If you’re unable to regain full control of your Gmail account or can’t remove the hacker’s access, deleting your account is the last resort. However, once your account is deleted, you won’t be able to access “Security Checkup” or any of your old data.

      What to do:

      • Review and download your data. You should review the information in your account by using the Google Dashboard, and download any information that you want to keep (like your contacts). 
      • Update your recovery information. If you haven’t already, update your recovery information to prevent the hacker from bringing your account back online without your permission. 
      • Delete your account. Sign in to your Google Account and go to the “Privacy & Security” section. Scroll down to the “More options” section, and select “Delete your Google Account.”
      Screenshot of the ‘More options’ page; ‘Make a plan for your legacy’ and ‘Delete your Google Account’ are options

      Was Your Gmail Hacked? Do This Right Away

      As soon as you regain access to your Gmail account, you need to act quickly to secure it and protect yourself from further damage.

      • Change passwords for your email and other accounts immediately. With access to your Gmail account, scammers can uncover other information to hack you further. Changing your passwords immediately will prevent them from accessing other accounts. 
      • Update your security questions. Change your security questions to ensure that scammers won’t be able to discover the answers online. Hackers can learn many things about you via social media and your digital footprint; use unique questions that only you know the answers to.
      • Check your account settings. Make sure there are no “rules” that you didn’t set up. If there are, delete them so that messages aren’t forwarded to another address. Also, check your signature for unfamiliar links that the hacker may have added.
      • Freeze your credit with all three credit bureaus. If you think hackers gained access to your financial accounts, you should freeze or lock your credit immediately. This will prevent them from taking out any lines of credit or loans in your name. Here’s how to freeze your credit with Experian, Equifax, and TransUnion.
      • Check your “Sent” folder for any scam messages that were sent from your account, and inform the recipients. The hacker may have targeted your contacts with social engineering scam emails. If so, you should send follow-up emails to those contacts to inform them of the scam, and recommend that they delete those emails.
      • File an official fraud and identity theft complaint with the Federal Trade Commission (FTC) and local law enforcement. If the hacker has used your information to commit fraud in your name, you should report this to the FTC at IdentityTheft.gov. Also file a police report.
      ⛑️ Take action: Protect your online accounts, devices, and finances from fraudsters by signing up for Aura’s digital security app. Try Aura free for 14 days.

      How To Protect Your Gmail Account From Hackers

      • Use unique and strong passwords for all of your online accounts. Your passwords should be 12–15 characters long and contain a combination of symbols, uppercase and lowercase letters, and numbers. Every password should be unique
      • Add a secure recovery email and phone number to your account. The more recovery methods that you have in place, the safer you are if your account gets hacked. You can add recovery methods in your Google Account’s security settings. 
      • Set up a secure password manager to protect you against data breaches, phishing sites, and more. Aura’s password manager, which is included in all Aura plans, safely encrypts your passwords and remembers them so that you don’t have to worry.
      • Learn to recognize the signs of phishing, and beware of any links or attachments. Phishing attacks and hidden malware are two of the main methods by which scammers gain access to people’s accounts. Knowing what these attacks look like can prevent you from falling victim. 
      • Reduce the amount of personal information that you share online. Hackers and scammers are constantly on the lookout for personal information that they can use to access your accounts or steal your identity. Practicing effective cyber hygiene can protect you against this risk.
      • Scan the Dark Web for compromised account passwords. Use Aura’s free Dark Web scanner to check whether any of your passwords have been compromised in data breaches. If they have, update them immediately.
      • Consider an all-in-one digital security solution to protect your accounts and identity. Aura’s top-rated identity theft protection monitors your sensitive information and finances for signs of fraud. If a hacker tries to access your accounts, Aura will help you take action before it’s too late.
      Keep scammers out of your email account. Try Aura free for 14 days

      Award-winning identity theft protection with AI-powered digital security tools, 24/7 White Glove support, and more. Try Aura for free.

      Related Articles

      Text message scams
      Fraud

      10 Text Message Scams You Didn't Know About (Until Now)

      Scammers are everywhere — even in your text message inbox. Here are the 10 latest text message scams to be aware of (and how to avoid them).

      Read More
      May 31, 2023
      An illustration of an upright phone with an exclamation for a shadow
      Fraud

      How To Identify a Scammer On The Phone [With Examples]

      Scam phone calls cost Americans $39.5 billion last year alone. Learn how to identify a scammer on the phone quickly so you don’t get scammed.

      Read More
      July 7, 2023

      Try Aura—14 Days Free

      Start your free trial today**