If Google has detected suspicious activity on your account, it may have been compromised (hacked or accessed without your permission). Here’s a step-by-step guide to secure your account and regain control:
Securing a Compromised Google Account
Step 1: Go to the Account Recovery Page
- Visit: https://accounts.google.com/signin/recovery
- Enter your email and follow the prompts to verify your identity.
Step 2: Change Your Password Immediately
- If you can still access your account:
- Go to https://myaccount.google.com/security
- Under “Signing in to Google”, click Password and set a new, strong password.
- If you can’t access your account, complete the recovery process first.
Step 3: Check for Unauthorized Activity
- Go to: https://myaccount.google.com/security-checkup
- Review:
- Devices that have accessed your account
- Recent security events
- Third-party apps with access
Remove any unfamiliar devices or apps immediately.
Step 4: Update Recovery Options
- Add or update:
- Recovery phone number
- Recovery email address
- This helps you recover your account faster in the future.
Step 5: Enable 2-Step Verification
- Go to: https://myaccount.google.com/security
- Under “How you sign in to Google”, click 2-Step Verification and follow the setup process.
Step 6: Scan for Malware
- Run a full antivirus scan on all devices you use to access your Google account.
- Remove any suspicious software or browser extensions.
Step 7: Notify Contacts (if needed)
- If spam or phishing messages were sent from your account, let your contacts know not to click on any suspicious links.
Step 8: Review Account Settings
- Check:
- Forwarding rules in Gmail
- Filters that might redirect or delete emails
- Account permissions for any changes made by the attacker
