As the FBI takes the unusual step of warning users of webmail platforms, including Gmail, to enable 2FA in the light of a dangerous new ransomware threat campaign, more mundane hacking threats also continue to be on the minds of Google email users. Take a quick dive into any of the online forums offering support to Gmail users, be that the official ones from Google or the very active Gmail subreddit, and one topic dominates the conversation: my account has been hacked and I’m locked out. I mean, I can’t say I’m surprised that this is the case. Gmail is by far the most popular free email platform on the planet, not just with email users but also for assorted threat actors, scammers and hackers as well. If a Gmail account hacker has taken full control, including changing your telephone number, email address, password and second authentication factor method, then all may seem lost. Irrevocably lost. Hold on though, Google has some good news for you as it is possible to recover your account as long as you act within 7 days. Here’s what you need to do.
How To Recover A Hacked Gmail Account
The most important thing to do when it comes to recovering a hacked and compromised Gmail account is, according to Google spokesperson, Ross Richendrfer, to act quickly. Obviously, acting so quickly as to prevent the attacker from being able to lock you out in the first place would be best, and that means employing a phishing-resistant authentication methodology like a passkey, would be ideal. But if you have found yourself in the account lockout situation it’s too late for that. Do bear it in mind once you have recovered your Gmail account though.
Google recommends that all Gmail users ensure they have a recovery telephone number, alongside the recovery email address, attached to their Google account. “These can be used in cases where users forget their own passwords,” Richendrfer said, or just as critically, “if an attacker changes the credentials after hijacking the account.” This is where the time limitation comes in though. Richendrfer advised that Gmail users have a seven day grace period following any recovery phone number change during which they, as the original account holder, can regain control of the account.
This number should, of course, ideally be for a smartphone that belongs only to the Gmail account holder, is used regularly by them and kept on their person. “When you change your recovery email,” Richendrfer said, “you may be able to choose to get sign-in codes sent to your previous recovery email for one week.” Google has provided more help with Gmail account recovery online, including step-by-step recovery instructions.