Skip to main content

This step-by-step guide will explain how to check the security of your email account for Gmail on your desktop.

Checking your email account security

Email is a common target for cybercriminal activity. If someone gains unauthorised access to your email account, they can access your private communications. A cybercriminal could steal your sensitive information, or even commit fraud and send emails pretending to be you.

After any email security incident you should review the security on your account, even if you are not sure that you have been hacked.

Reviewing your account security will help you to identify intruders, regain control of your account, and help prevent cyber attacks in the future.

Step 1: Change your password

If you are concerned that your email account has been hacked, it is important to login to your account as soon as possible. Once logged in, you will be able to disrupt the hacker’s access and regain control of your account.

If you have forgotten your email password, please skip to Step 1A to recover your account.

Changing your password is important when investigating the security of your email account. If a hacker knows your password, changing your password will slow them down and make it harder for them to get access to your account.

1. Once logged in, click on Profile icon (top right) and then click on Manage your Google Account.

Change your password on gmail

2. From the list on the left side of the screen, click Security.

Change your password on gmail

3. Scroll down and click Password. Enter your current password and select a new password.

When choosing a new password, consider creating a passphrase. A passphrase uses four or more random words as your password, which is hard for cybercriminals to hack but easy for you to remember. Find more information on creating strong passphrases.

After you have reset your password, skip to Step 2.

Change your password on gmail

Step 1A: Recover your account

Recovery of your account is only required if you do not remember your email password. Note that this recovery process will require you to confirm your identity by providing either your phone number or recovery email address.

1. Visit www.gmail.com and enter your email address.

Recover your account for gmail

2. Click Forgot password?

Recover your account for gmail

3. One option to recover your password is to enter the last password you remember using. If you cannot remember a password, click Try another way. Carefully follow the account recovery process and instructions.

Please note that this process will be different from person to person depending on what security measures you have set up. Some account recovery methods may include:

• Providing a code from your MFA app
• Providing a verification code sent to your alternative recovery email address
• Providing a code sent to your mobile phone via SMS
• Inputting the last password you remember

 

Recover your account for gmail

Step 2: Update your account recovery details

In some cases, a cybercriminal might change the recovery details of hacked accounts. They can use this as a back door to regain access to the hacked account even after you have changed your password. Be sure to check your account recovery details are linked to either a recovery email address or recovery mobile phone.

1. From the home screen, click on the Profile icon (top right) and then click on Manage your Google Account.

Update your account detail for gmail

2. From the list on the left side, click Personal info.

Update your account detail for gmail

3. Scroll down to the section labelled Contact info.

You can now change your Recovery Email and your Recovery Mobile.

It is important these are changed to new or known email accounts or devices you can access. To change your email, click on Email.

Update your account detail for gmail

4. Click Recovery email. You will be prompted to re-enter your password for Google to ensure it is you making the changes. You will only be able to choose your Recovery Email once your password has been re-entered.

Update your account detail for gmail

5. Google will use your recovery email to reach you if unusual activity is detected or you are accidentally locked out. Click the pencil icon. A prompt will open where you can add or update your recovery email.

Update your account detail for gmail

6. Go back to the Email recovery page (Step 4), and click Advanced.

Update your account detail for gmail

7. From the options that have appeared, click Alternative emails. It is important you check no unknown or suspicious accounts are listed, as a criminal may use these to access your account. Remove all alternative email accounts to ensure that an alternative email account has not been hacked and is being used to access your email account.

Update your account detail for gmail

8. To change your phone number, click Phone. You will be prompted to re-enter your password for Google to ensure it is you making the following changes. You will only be able to choose your Recovery Phone number once your password has been re-entered.

Update your account detail for gmail

9. Google will use your recovery mobile number to reach you if unusual activity is detected or you are accidentally locked out. Click the pencil icon. A prompt will open where you can add or update your recovery mobile number.

Update your account detail for gmail

Step 3: Sign out of all other sessions

Cybercriminals may be logged in to your email account. By signing out of all sessions, you will remove the cybercriminal from having access to your emails.

To sign out of all sessions, you will need to change your password. If you have already changed your password in Step 1, then you have already completed this step.

If you have not yet changed your password, instructions on how to do this can be found in Step 1.

Step 4: Enable Multi-factor Authentication

Turning on multi-factor authentication (MFA) is the most important defence against hackers gaining access to your Google account.

MFA makes it harder for criminals to gain initial access to your device, account and information by making them jump through more security hoops and additional authentication layers, requiring extra time, effort and resources.

For a more detailed set of instructions, see the ACSC’s Step-by-Step guide Turning on Two-Factor Authentication – Gmail

Step 5: Check account mail settings

Hackers will sometimes set up forwarding rules to send themselves a copy of emails coming in or leaving your account. You should check your account to see if anyone has set up forwarding rules and delete any you don’t recognise.

1. From your inbox, click the Settings icon (cog) and click See all settings.

Check your account mail settings on gmail

2. Click the Forwarding and POP/IMAP tab to the right at the top of the page. 

POP and IMAP are protocols that allow emails to be accessed through other applications like Apple Mail and Mozilla Thunderbird. Cybercriminals sometimes use these as another method of accessing your account, as it can allow them to bypass some security controls like MFA.

Check your account mail settings on gmail

3. Make sure there are no forwarding rules, that POP is disabled, and that IMAP is disabled. This will prevent the criminal who may be forwarding incoming emails, or accessing your account from an app that is logged in. Click Save changes when finished.

Check your account mail settings on gmail

4. From the tabs at the top, click the Filters and blocked addresses tab.

Check your account mail settings on gmail

5. Check that no unfamiliar filters being applied to incoming emails, or that there are any unusual email accounts that are being blocked. Delete any of these unfamiliar filters or email accounts.

A criminal may have set these up to hide emails from you, especially if customers or contacts have become suspicious and tried to reach out to you.

Check your account mail settings on gmail

Step 6: Check third party application access 

Have you ever logged into another application or website using your email account, sometimes without needing to put in your password? Many websites and applications opt for this method to create a new user account without having to directly request this information from the user. However, the connection this creates between your email account and the website/application is a common way for hackers to gain access to your email account, without needing your login credentials.

Check if there are any apps or services that have access to your account and remove any that you don’t recognise.

1. Once logged in, click on Profile icon (top right) and then click on Manage your Google Account.

Check third party app access on gmail

2. From the list on the left side of the screen, click Security.

Check third party app access on gmail

3. Scroll down to Third-party apps with account access and click Manage third-party access.

Check third party app access on gmail

4. Scroll down and click Google Account sign-in prompts to ensure the toggle is turned off. Then click the apps listed.

Check third party app access on gmail

5. It is important to reduce the access by third-party apps to your email account. If a criminal has hacked a third-party app, they may be able to use it to enter your email account.

Click REMOVE ACCESS for each app listed that you didn’t configure yourself. If you’re not sure what apps that might be, remove those you’re not sure about as
they can be reconfigured later if required.

Check your account mail settings on gmail

Step 7: Check login activity 

Your login activity is a history of when and where someone has logged into your email account. As a good practice, regularly review your login activity to check if your email account has been accessed at unusual times or from unusual locations. By doing so, you will be able to pick up on anything suspicious.

1. From your inbox, go to the bottom right hand corner and click Details.

Here you can check the time and location of the logins into your account to verify that your email account has not been accessed at unusual times or from unusual locations. 

If you see any suspicious activity since the last time you changed your password, change your password to a unique strong passphrase immediately.

Here are some things to consider to help you identify suspicious activity:
• The Access Type – is this a device/ browser/application you are familiar with, use or own?
• The Location (IP address) – was the login from a country you are familiar with?
• The Date/Time – does the login date and time seem out of the ordinary?

Check login activity on gmail
Check login activity on gmail

 


Step 8: Check your email folders, devices and other accounts

Check email folders

Once you have made sure only authorised persons have access to your email account, you may want to consider checking your email folders, specifically your sent and deleted items. This will help you assess what actions a cybercriminal has taken if they accessed your account.

1. From your inbox, click Sent (triangle icon) to view your sent emails.

Search for emails that you did not send and take note of the recipient, whether attachments were included, what the email was requesting, and when it was sent.

Compare any unusual activity times with the time the email was sent. Verify login records every time you become aware that a criminal contacted someone from your email account.

Check your email folders on gmail

2. Under the Sent folder on the right, click More to make more folders visible.

Check your email folders on gmail

3. Undertake the same steps taken for your other folders, especially Drafts, Spam and Bin folders. Verify login records every time you become aware that a criminal
contacted someone from your email account.

Check your email folders on gmail

Run a malware scan

Malware is any software that is specifically designed to disrupt, damage or gain unauthorised access to a device. Use a malware scanning tool to find and remove any malware detected.

1. Do this using the malware scanning tool on your device. You may already have a malware scanning tool that came with your device. If you don’t know the name of your malware scanning tool, you can search for it.

2. Type the name of the malware scanning tool. Or press the Windows key on your keyboard for Windows 10 and start typing. Suggested search terms: Antivirus, Microsoft Defender.

3. Once you have found your malware scanning tool, follow the instructions to run a scan and delete any malware identified.

While in progress, take notes or photos of any suspicious software applications, files, pop-ups or other key details you encounter.

For more information for Windows 10 users, read the ACSC’s Step-by-Step guide Performing a malware scan using Microsoft Defender Antivirus for Windows 10 

Check other linked accounts

If someone has hacked into your email account, they may have tried to reset passwords for other online accounts that are linked to that email address. These could be banking and finance, social media, or other accounts.

If you used the same password or passphrase for your email account and any other accounts, these may be no longer secure. Enable multi-factor authentication where possible on these accounts, and consider changing the passwords to unique strong passphrases.