What to do if your Google account is hacked

by | May 16, 2016 | Information Security | 1 comment

My Google account is hacked! Help!

Unfortunately once in a while we get a call like this. Spurious emails may have been sent or other things might be looking odd which leads you to the dreaded realisation that you’ve been hacked. Here’s how we go about helping out in situations like this.

This article we cover:

If you can login, check and secure your account

The absolute first thing you should do if you think your Google account is hacked is check to see if you can still log into it. This may seem like a wasted step, but you’d be surprised how many hackers neglect to change the original password right away. If you can log in, immediately change your password and check that your secondary email/secret question/mobile phone number have not been changed.

Go to https://myaccount.google.com/u/1/security#signin and try and login.

If you get in, click on Signing in to Google and change your password

Next scroll down a little on the same page and check your Account recovery options have not been changed. If they have, take a screenshot – this could be evidence – and then change them back.

Next click on Your personal info and check that the information is correct. Again if things are changed, take a screenshot and then correct them.

 

Click on Device activity & notifications review your Recently used devices and check there isn’t a device there that isn’t yours.

 

 

Now you’ve checked those details are correct click on Signing in to Google again and turn on 2-Step Verification.

This adds an extra layer of security requiring you to sign in with your password and a unique one-time passcode that is sent to your phone each time you want to sign-in which makes it much more difficult for all but the most determined hacker to get into your account.

Now check for potential spamming. Go into your Gmail inbox and find Settings (click on the cog wheel). Under General scroll down until you find your Signature and Vacation responder settings and double-check nothing has changed.

Check that your email isn’t being hijacked. In Settings choose Accounts and Import and find Send mail as and make sure this is your correct address.

Now check you haven’t got any filters deleting your email. In Settings choose Filters and Blocked addresses and look for any filters that are deleting incoming mail.

Now check you haven’t got your email being forwarded elsewhere without your knowledge. In Settings choose Forwarding and POP/IMAP and look at Forwarding which should be disabled or whatever address you assigned to it, POP Download which should be disabled (are you really still using POP?) and IMAP Access which should be disabled unless you are using it (for example to read gmail in your Mac Mail client).

You’re done and you should now be secure. To achieve total Gmail security, you should never use the same password from another site.

Warn others that you’ve been hacked

To protect your friends/family/business contacts associated with your account from phishing and other malicious attacks coming from your hijacked account, once you can login with your Gmail address, warn them that your account was hacked and that they should ignore suspicions communications from it until further notice. Post a similar message to any social networking sites you belong to.

Re-claim your account if you are can’t log in


Of course you might not be so lucky and be able to get in with your original password. All is not lost, go to https://www.google.com/accounts/recovery and reset your password, either through the secondary email address, mobile phone number, or your secret question.

Fast thinking and fast acting is your best bet for getting through this situation unscathed. However, you may not have been alerted to the problem until it was already too late. If the hacker has already changed your secondary address and/or your secret question you will have to start dealing with Google directly and prepare to fill out a form.

If you can’t remember your secret question and answer, or it has been changed, go to this page: https://www.google.com/support/accounts/bin/request.py?hl=en&contact_type=acc_reco&ara=2&ctx=acc_reco&rd=1 and choose “I’m having other problems signing in”. The form is relatively short and straightforward and will allow Google to establish that you are the correct and true owner of the account, and also pinpoint the exact time the account was taken over.

Unfortunately, this is the extent of your options to recover the account. It’s now a waiting game, which is often the most frustrating part of identify theft. If you don’t already have a secondary email address, now is probably a good time to set one up. If your Gmail password was the same as any of your others (bad idea – the hijackers are going to look for details of these accounts in your email) – online banking, Amazon, Facebook, Twitter, etc. – you should change all those passwords, as well as set them up with your new email address while Google is working on the old one.

Once you do regain control, follow all the steps above under Try and login.

Secure your account with two-factor authentication

If you’ve not been hacked and want to be more secure with your Google account, you should turn on two factor authentication (or as Google call it 2 Step verification). Go to http://accounts.google.com/SmsAuthConfig and follow the instructions there.

You should also make sure that your Account recovery options are setup; if these aren’t or you don’t know what they are then go to https://myaccount.google.com/u/1/security#signin and click on Account recovery options (as above) to set them now before it’s too late.

Monitor for suspicious activity

Gmail also has a new feature that monitors the activity in your account. From your inbox, scroll down to the bottom, just below where your account storage is displayed. It says Last account activity and a time.

Click on the details button and you will see all recent account activity, including IP addresses and methods of entry – browsers, POP3, etc.

Make sure that you have Show an alert for unusual activity turned on.

Now, the nifty part: if another user logs into your account while you’re in it, that status will change, and announce that another user is logged into the account, and display their IP address. Now you’ve got the power to potentially catch a hacker before your account is messed with. If this happens you still have someone in your account – repeat our first steps and change your password immediately. This is not a foolproof system, but in this world of account hijacking, every little bit helps.

1 Comment

  1. Zane Shah
    Zane Shah on November 28, 2021 at 3:50 am

    Whoah this weblog is excellent. I really like studying your articles.
    Keep up the great work! You realize, a lot of individuals are looking round for this info,
    you can aid them greatly.

    Reply

Submit a Comment

Your email address will not be published. Required fields are marked *