Gmail is — and has been for years — one of the most popular free email services, with around two billion active users around the world. Access comes via a Google account, which also includes Google Ads, YouTube and Google Play. And because of this, a compromised Google account can give the hackers access to a wide range of data, including emails, documents, photos and even financial details. Using this information, they can scam your contacts with spam, phishing emails or malicious attachments or even extort you. But don’t despair: if your Google account is hacked, it’s possible to regain it and keep it secure in future.
Is Your Google Account Compromised?
While Google implements powerful security measures, there are still ways for hackers to gain access to your account, most commonly by using credentials stolen in data breaches or through phishing emails, as well as malware or insecure wifi connections.
There are a number of signs that your Google account may have been hacked. You might find that your password no longer works, for example, or that other personal information relating to the account has been changed. You may receive a security alert from Google warning that there has been a sign-in to your account from a new device, or of other behaviour that it deems unusual or suspicious. Other warning signs include a tip-off from friends or family who may be receiving strange messages purportedly from you.
Sign 1: Changes To Security Settings
It’s a sure-fire sign that your Google account has been hacked if you see changes to your security settings that you didn’t make.
You could find that there’s a different recovery phone number or recovery email address, for example, or alternative or contact email address. The name on your account may have been changed, or your security question, and you might find that two-factor authentication has been turned off without your knowledge. All these are signs that a hacker has gained access and is now controlling the account.
Sign 2: Suspicious Activity
You may spot odd activity in Google products that you use: missing or deleted emails, or sent emails that you didn’t write.
Similarly, if you have a YouTube channel you may see videos that you didn’t upload or unauthorized changes to your profile. Google Drive, too, could show activity that’s nothing to do with you, Photos may be sharing your pictures without permission, and Blogger users may see posts appearing that they didn’t write. You may spot any of these events yourself, or be alerted by bemused contacts.
Sign 3: Unauthorized Financial Activity
Perhaps the most alarming sign that your Google account has been hacked is discovering unauthorized financial transactions.
You may find that unknown purchases have been made with Google Pay, or that new payment methods such as bank accounts, credit cards, debit cards or gift cards have been added. The same thing can happen with Google Play too.
Sign 4: A Security Alert From Google
Google sends out security alerts when it thinks it’s detected suspicious behaviour from a Google Account. These will be sent to your recovery phone or email address.
This can include a sign-in from a new device, or unusual activity such as a big increase in the number of emails being sent. The company will also issue an alert if it needs to block someone from taking an important action, such as viewing stored passwords. Be warned, though: sometimes fraudsters issue false security alerts themselves; you can check if it’s genuine here.
What Should You Do If Your Google Account Is Hacked?
As we’ve seen, a hacked Google account can cause no end of damage, particularly if the hackers are able to gain access to financial information. This means you’ll need to act fast.
Your first move should be to sign in to your account if you can, select Security and then Review security events to check that you have actually been hacked. You should turn on two-step verification to make sure the hackers don’t just get straight back in, check for and delete any malware, and check other apps and services to see whether they have been hacked too. It’s a good idea to contact your bank or other financial services to let them know what’s happened. And it’s also worth informing all of your contacts, in case the hackers try to make a move on them too.
Step 1: Turn On 2-Step Verification
With two-step verification turned on, anyone signing into your account will need to go through a second step to get access or else use a passkey.
When you create a passkey — the simplest option — you’ll no longer need a password. If you choose to continue using a password instead, there are various options for the second step such as receiving Google prompts or using a verification code. You can check out the options and sign up by going to Security, followed by How you sign in to Google.
Step 2: Check For And Delete Any Malware
There’s a fair chance that the hackers have gained access to your Google account by persuading you to unwittingly download malware.
You can check whether this is the case by going to myaccount.google.com/security-checkup. Install and run a trustworthy anti-virus package, which should identify and remove any suspicious software. You may want to install a more secure browser too.
Step 3: Check Other Apps And Services
Hackers often try to use a hacked account to access other services where you may have used the same password.
This might include online banking, financial platforms and social media. You should take a look at all of them, change all your passwords to something unique and hard to guess, and enable two-factor authentication.
Step 4: Contact Your Bank
You should obviously contact your bank if you find that the hackers have been accessing your cash — but even if you’ve seen no signs of this, it’s not a bad idea.
Your Google account could contain all sorts of information that could allow the criminals to gain access to your bank account or other financial services or start using your identity to impersonate you.
Step 5: Warn Your Contacts
Hackers frequently use a compromised account to target friends and contacts with phishing scams or malware-laden links.
And while it may be embarrassing to have to admit that you’ve been hacked, it’s the decent thing to do. Warn everybody in your contacts list to be on the lookout for suspicious messages from you, and to delete anything that could be suspicious.
How Can You Recover Your Google Account?
As we’ve seen, regaining control of your Google Account isn’t usually too problematic as long as you can still log in. But what if the hackers have changed your account information, such as your password or recovery phone number, so you can’t?
The good news is that it’s still generally perfectly possible, and that you’ll just need to jump through a few extra hoops tyo get back in control of your Google Account. You should start by visiting the account recovery page. It makes things much easier if you do this from a device and location that you’ve used before, as this helps reassure the company that you are who you say you are. Here, you’ll find a series of questions designed to make sure that you really are the owner of the account. You’ll be asked for your recovery email address or recovery phone number, as well as previous passwords and answers to security questions — even if you can’t get these exactly right, it will help to make your case.
How Can You Protect Your Google Account From Hackers?
Protecting your Google Account from hackers is a question of basic cyber hygiene — and if you’ve been hacked already, now is the time to make sure it doesn’t happen again. First, make sure your recovery email address and phone number are up to date — and then remember which ones you’ve used.
It’s important to use a strong password, with upper and lower case letters, numbers, symbols and so on. And if you haven’t already turned on two-step verification, do it now. Other good practices for keeping your account safe include making sure that your anti-virus package, apps, browser and operating system are all up to date, so that you always have the latest security updates. Get rid of any apps and browser extensions that you aren’t actually using. And finally, be very, very wary of any unsolicited messages asking you to click on links, or that seem suspicious in other ways.
Bottom Line
Discovering that your Google Account has been compromised can be alarming — and for good reason. However, it’s usually not too difficult to regain control, though the process can sometimes be time-consuming. And a few simple measures should help keep it safe in future.
