How to Tell If Your Gmail Has Been Compromised

Warning Signs Your Gmail Is Compromised

• You receive a Google security alert about a sign-in from an unfamiliar device or location
• Your password no longer works or was changed without your knowledge
• Your recovery phone number or email has been altered
• You find emails in your Sent folder that you didn't send
• Contacts report receiving spam or phishing messages from your address
• Your Gmail settings (filters, forwarding rules) have been changed
• You notice unfamiliar apps with access to your Google account
• Two-factor authentication has been disabled without your consent

How to Check for Unauthorized Access

1. Review Recent Security Activity

Go to myaccount.google.com/security and scroll to Recent security activity. Google logs every sign-in and security-related event. Look for logins from locations or devices you don't recognize.

2. Check Active Sessions

At the bottom of your Gmail inbox, click Details under "Last account activity". This shows all currently active sessions including IP addresses, browser types, and access times.

3. Review Third-Party App Access

Visit myaccount.google.com/permissions to see which apps and services have access to your Google account. Remove any apps you don't recognize or no longer use.

4. Check Gmail Filters and Forwarding

In Gmail on your browser, go to Settings → Filters and Blocked Addresses and Settings → Forwarding and POP/IMAP. Attackers often set up forwarding rules to silently copy your emails to another address.