How To Check if Someone Else is Using your Gmail Account
‘I think someone has been reading my emails and using my Gmail account. How do I find out and what can I do?’ This was the question I was asked the other day and not for the first time. Using the biggest name around for web services is great, but it makes you a target. This tutorial will show you how to check if someone else is using your Gmail account and what to do if your account has been compromised.
Gmail is everywhere. I don’t know anyone who doesn’t have a Gmail account, either for email or Google Docs, Google Drive or something else. Having a single sign-in for all these apps is very convenient but it also provides a single point of failure. If someone can log into your Gmail, they can log into everything.
Let’s find out how to see if someone else is using your Gmail account.
Is someone using your Gmail account?
There are often signs that your Gmail account has been hacked. Sent emails you didn’t send, complaints from contacts that you sent them spam or malware, emails from organizations you never heard of confirming account creation or something else entirely.
While indicative of something going on, they are far from definite. Fortunately, Google is way ahead of us and has provided a tool with which to check your account’s activity.
- Open Gmail and log in.
- Scroll to the bottom of your Inbox page and find the Details link in the bottom right.
- Select that to see Recent security events.
Within Recent security events you will see all your logins. The page will show what browser was used, the IP address and the date and time. Check through this to see if you notice anything suspicious. As far as I know, this data is collected and stored by Google on every login so cannot be faked.
You can also check the Google Security page, scroll to Your Devices and see what has logged in and where.
If you don’t see the Details link at the bottom of your Gmail inbox, use this link instead. Some Gmail users don’t seem to have the Details link while others do.
What to do if your Gmail has been hacked
If you find anything obviously wrong within the Security check and someone else is using your Gmail account, you need to act quickly. The longer you wait, the more spam or malware they could be sending and the more photos or files they may be downloading from your Google Drive.
There are a couple of simple things you can do to lock your Gmail account down.
Change your Gmail password
The first step is obviously to change your login password for Gmail. This will stop any hackers from being able to log back into your Gmail account to continue their nefarious work.
- Log into the Google Security page here.
- Select Signing into Google and select Password.
- Enter your current password.
- Select to change that password and enter a new one.
- Confirm the change.
If the hacker has changed your password already and you cannot log in, you can try to recover your Gmail account from this page.
Enable two-factor authentication
Once you have control of your Gmail account once more it’s time to increase security to prevent it happening again. Gmail, like many cloud services offer two-factor authentication (2FA) which can seriously enhance your security. It requires you enter a password and then receive an email or SMS code to verify. The email gets sent to a different address, or you could use your phone.
- Log into the Google Security page here.
- Select Signing into Google and select 2-Step Verification.
- Select Get Started and follow the wizard.
You have the option to select an SMS or call, use a hardware security key or to simply enter your phone number. I would suggest the SMS option. You’re never without your phone and it means you can log into Gmail from anywhere, at any time as long as you have your phone with you.
Run a full antivirus and malware scan of your devices
If someone does gain access to your Gmail account, you won’t necessarily know how they did it. They could have used brute force on the Gmail server or hacked your device. It’s too much of a risk to not check so next you should perform a full antivirus scan of all your devices.
Then run a malware scan to make double sure. Most antivirus aren’t as thorough at malware as Malwarebytes so run your existing virus scanner and then run a Malwarebytes scan.
Let everyone know
Now you have regained control and further secured your Gmail account, now would be a good time to let everyone know your email was hacked. Tell them they can safely ignore and delete any suspicious looking email that was sent from your account and that everything is fine now.
That’s how to check if someone else is using your Gmail account and what to do about it if they have been using it. Two-factor authentication should go a long way to stop it happening again so you should now be able to rest easy. Hope it helps!