If you notice unfamiliar activity on your Google Account, Gmail or other Google products, someone else might be using it without your permission. If you think your Google Account or Gmail have been hacked, follow the steps below to help spot suspicious activity, get back into your account and make it more secure.
Step 1: Sign in to your Google Account
If you can't sign in
Go to the account recovery page and answer the questions as best you can. These tips can help.
Use the account recovery page if:
- Someone changed your account info, like your password or recovery phone number.
- Someone deleted your account.
- You can't sign in for another reason.
Tip: To make sure that you're trying to sign in to the right account, try recovering your username.
Step 2: Review activity and help secure your hacked Google Account
- Go to your Google Account.
- On the left navigation panel, select Security.
- On the 'Recent security events' panel, select Review security events.
- Check for any suspicious activity:
- If you find activity that didn't come from you: Select No, it wasn't me. Then, follow the steps on the screen to help secure your account.
- If you did the activity: Select Yes. If you still believe that someone else is using your account, find out if your account has been hacked.
- Go to your Google Account.
- On the left navigation panel, select Security.
- On the 'Your devices' panel, select Manage devices.
- Check for any devices that you don't recognise.
- If you find a device that you don't recognise: Select Don't recognise a device? Then, follow the steps on the screen to help secure your account.
- If you recognise all the devices, but still believe that someone else is using your account: Find out if your account has been hacked.
Step 3: Take more security steps
Two-step verification helps keep hackers out of your account. With two-step verification, you sign in with:
- Something that you know (your password)
- Something that you have (your phone, a security key or a printed code)
That way, if your password is stolen, your account is still secure.
Make sure that someone else didn't give your bank or government instructions, like to open an account or transfer money. This is important if you:
- Have banking info saved in your account, like credit cards saved in Google Pay or Chrome.
- Have personal info like tax or passport info saved in your account. For example, you might have personal info saved in Google Photos, Google Drive or Gmail.
- Think that someone is using your identity or impersonating you.
If you think that your account has suspicious activity, you might need to remove harmful software. To improve your account's security, install and run trusted anti-virus software.
You can also reset your computer to its factory settings and reinstall the operating system.
- If access for less secure apps is turned on, we strongly suggest turning it off since it may make your account less secure.
- Use your device's screen lock option if it has one.
- Gmail: Review these security tips and remove any labels, filters or forwarding rules that you didn't set up.
- Chrome: Uninstall extensions that you don't recognise and update Chrome to the latest version.
- Google Drive: Review your activity and file versions for anything unusual.
- Google Photos: If you see album sharing that you don't recognise, stop sharing the album.
- Location: Turn off Location Sharing that looks unusual.
Find out if your Google Account has been hacked
If you notice any of these signs, someone else may be using your Google Account.
Important: If you think that someone else is signed in to your Google Account, change your password immediately for:
- Your Google Account, if you didn't change it already
- Apps and sites:
- That you use the same password you used for your Google Account
- That contact you through your Google Account email address
- Where you sign in with your Google Account email address
- Where you saved passwords in your Google Account
You can then check for and remove any unfamiliar devices signed in to your account.
Suspicious account activity
Correct the setting immediately if you see unfamiliar changes to these settings:
- Your security question.
- Tip: Additional security questions are no longer available.
- Apps with access to your account.
- If this setting was turned on or off without your knowledge:
- Two-step verification methods.
- Location Sharing.
Your financial activity might be suspicious if:
- On Google Pay
- You don't recognise purchases: To request a refund, report unauthorised charges.
- You don't recognise one or more bank accounts, credit cards, debit cards or gift cards: Remove a payment method that you don't recognise.
- On Google Play, you don't recognise purchases: Report unauthorised charges.
- On Google Chrome, payment info that you don't recognise is set up: Delete unfamiliar payment info.
- On Google Ads, you notice unauthorised charges or ads: Ask the Google Ads team to review your account for unusual activity.
- On Google AdSense, you notice that payments aren't going to the correct bank account: Check your AdSense payment method.
Tip: To tell you about suspicious activity, we'll use your recovery phone number and email address.
We'll inform you of unusual activity through:
- A notification about an unusual sign-in or a new device on your account.
- A notification that there was a change to your username, password or other security settings, and you didn't make the change.
- A notification about some other activity that you don't recognise.
- A red bar at the top of your screen that says, 'We've detected suspicious activity in your account'.
- Your 'Device activity and security events' page.
Suspicious activity in Google products that you use
Gmail settings
Correct the setting immediately if you see unfamiliar changes to:
- Mail delegation: People with access to your Gmail
- Automatic mail forwarding
- Scheduled emails
- Your name in Gmail
- Automatic reply: Out of Office AutoReply
- Address on outgoing mail
- Blocked email addresses
- Remote access to your Gmail: IMAP or POP
- Filters that manage your incoming mail
- Labels that organise your incoming mail
Gmail activity
Your Gmail activity might be suspicious if:
- You no longer receive emails.
- Your friends say that they got spam or unusual emails from you.
- Your username has been changed.
- Your emails were deleted from your inbox and aren't found in 'Bin'. You can report missing emails and possibly recover them.
- You find 'Sent emails' that you didn't write.
Your YouTube activity might be suspicious if:
- Your YouTube channel has videos that you didn't upload, comments you didn't make or unfamiliar changes to your:
- Channel name
- Profile photo
- Descriptions
- Email settings
- Sent messages
Your Google Drive activity might be suspicious if:
- You find Google Drive activity that you don't recognise.
- Files were deleted from your Drive without your knowledge. You can try to recover your files.
Your Google Photos activity might be suspicious if:
- Your photo albums are shared without your permission.
- Your photos are shared with a partner, and you didn't add a partner account.
Your blogger activity might be suspicious if:
- Posts that you didn't publish appear on your blog.
- You get comments on posts that you didn't publish.
- Your mail-to-blogger address has changed, but you didn't change it.
- Your blog disappeared or was blocked.
Your Google Ads activity might be suspicious if you find unfamiliar:
- Ads that point to unknown links or destinations
- Increases in your ad spend
- Changes to account owners, managers or users