How To Check if Someone Else is Using Your Gmail Account
‘I think someone has been reading my emails and using my Gmail account. How do I find out and what can I do?’ This was the question I was asked the other day and not for the first time. Using the biggest name around for web services is great, but it makes you a target. This tutorial will show you how to check if someone else is using your Gmail account and what to do if your account has been compromised.
Gmail is everywhere. I don’t know anyone who doesn’t have a Gmail account. Google provides a popular email service, but it’s also great for Google Docs, Google Drive, and other useful software.
Having a single sign-in for all these apps is very convenient but it also provides a single point of failure. If someone can log into your Gmail, they can log into everything.
Let’s find out how to see if someone else is using your Gmail account.
Is someone using your Gmail account?
There are often signs that your Gmail account has been hacked. Emails that you didn’t send, complaints from contacts that you sent them spam or malware, emails from organizations you never heard of confirming account creation or something else entirely.
While indicative of something going on, they are far from definite. Fortunately, Google is way ahead of us and has provided a tool with which to check your account’s activity.
- Open Gmail and log in.
- Scroll to the bottom of your Inbox page and find the Details link in the bottom right.
- Select that to see Recent security events.
In recent security events, you will see all your logins. The page will show what browser was used, the IP address and the date and time. Check through this to see if you notice anything suspicious. As far as I know, this data is collected and stored by Google on every login so cannot be faked.
You can also check the Google Security page, scroll to Your Devices and see what has logged in and where.
If you don’t see the Details link at the bottom of your Gmail inbox, use this link instead. Some Gmail users don’t seem to have the Details link while others do.
If you’re still not convinced that your account isn’t jeopardized, there are a few more things to look out for:
- Has any of your security settings been updated? – Things like contact information, 2-Factor Authentication, recovery email.
- Have other accounts been hacked? – If your online bank account or some other account has been accessed it’s possible the hacker gained access through your Gmail if that’s the account that’s used for logins.
- Check your “deleted” folder – You may find emails that the hacker used to gain access to other accounts in the deleted items folder.
What to do if your Gmail has been hacked
If you find anything obviously wrong within the Security check and someone else is using your Gmail account, you need to act quickly. The longer you wait, the more spam or malware they could be sending and the more photos or files they may be downloaded from your Google Drive.
There are a couple of simple things you can do to lock your Gmail account down.
Change your Gmail password
The first step is obviously to change your login password for Gmail. This will stop any hackers from being able to log back into your Gmail account to continue their nefarious work.
- Log into the Google Security page here.
- Select “Sign in to Google” and select “Password.”
- Enter your current password.
- Select to change that password and enter a new one.
- Confirm the change.
Aside from your Gmail password, it may be a good idea to change the passwords of any related accounts. For example; if you use this Gmail to login to your bank account, update that password as well.
Enable two-factor authentication
Once you have control of your Gmail account; it’s time to increase security to prevent it from happening again. Gmail, like many cloud services, offers two-factor authentication (2FA) which can seriously enhance your security.
It requires you to enter a password and then receive an email or SMS code to verify. The email gets sent to a different address, or you could use your phone.
- Log into the Google Security page here.
- Select Signing in to Google and select “2-Step Verification.”
- Select Get Started and follow the wizard.
You have the option to select an SMS or call, use a hardware security key or simply enter your phone number. I would suggest the SMS option. You’re never without your phone and it means you can log into Gmail from anywhere, at any time as long as you have your phone with you.
Ensure that you have a recovery email for any login alerts. If someone tries to access your Gmail account again it should trigger a login email. It is a good idea to contact your local authorities if any of your banking or financial information has been compromised.
Run a full antivirus and malware scan of your devices
If someone does gain access to your Gmail account, you won’t necessarily know how they did it. They could have used brute force on the Gmail server or hacked your device. It’s too much of a risk to not check so next you should perform a full antivirus scan of all your devices.
Then run a malware scan as a secondary measure. Most antivirus isn’t as thorough at checking for malware as Malwarebytes so run your existing virus scanner and then run a Malwarebytes scan.
Let everyone know
Now you have regained control and further secured your Gmail account, now would be a good time to let everyone know your email was hacked. Tell them they can safely ignore and delete any suspicious-looking email that was sent from your account and that everything is fine now.
That’s how to check if someone else is using your Gmail account and what to do about it if they have been using it. Two-factor authentication should go a long way to stop it from happening again so you should now be able to rest easy.
If You Can’t Sign-In
If the hacker has taken over your account you might not be able to log in. Google does offer support so that you can take your account back. Visit the Google Account Recovery Page.
Once you’ve typed in your Gmail address (be sure it’s the right one for the account you’re trying to get back), you will be prompted to enter the last password that you remember. Follow the steps, including verifying necessary information to regain access to your Gmail account.
When setting up your Gmail, it’s important that you add a recovery email and phone number. It’s also a good idea to remember which month and year you set the account up. Google may ask when you originally set the account up as a security verification question.