Gmail Account Hacked? Here's How to Recover & Secure It
If your Gmail account was hacked, act fast: go to g.co/recover to regain access, then immediately change your password and sign out every other session. The step most people miss is checking filters and forwarding rules — attackers quietly auto-forward and auto-delete your mail to keep stealing password resets long after you change your password. If you're locked out or unsure it's truly clean, our team can remotely secure your account and the device that leaked it the same day.
What this guide covers
Signs your Gmail account is hacked
Most people find out their Gmail was hacked in one of a few ways. Sometimes it's obvious; sometimes it's a quiet detail you almost scroll past. Trust your gut — if something feels off, treat it as a breach until you've proven otherwise.
Watch for these red flags:
- Sent messages you didn't write — spam, phishing links, or money requests appearing in your Sent folder.
- Your password no longer works, or you got a "your password was changed" email you didn't trigger.
- Recovery email or phone number changed — a classic attacker move to lock you out permanently.
- Unfamiliar logins — a "new sign-in" alert from a city or device you don't recognize.
- Missing emails — password-reset or security messages vanish before you can read them (a sign of a malicious filter).
- Contacts replying to messages you never sent.
Even one of these is enough to act. The faster you move, the less the attacker can do — and the easier recovery becomes.
If you still have access: lock it down now
If you can still get into your account, you have a big advantage. Work through these steps in order, top to bottom, without skipping.
- Change your password immediately to something long and unique you've never used elsewhere.
- Sign out of every other session. Go to your Google Account → Security → Your devices, review the list, and sign out anything you don't recognize. This instantly kicks the attacker out.
- Review recent security activity under Security → Recent security events to see exactly what changed and when.
- Remove unknown recovery emails and phone numbers so the attacker can't claw the account back.
- Turn on 2-Step Verification or a passkey. This is the single biggest thing that stops a repeat attack, even if your password leaks again.
Once those are done, don't stop — the most dangerous damage is usually hidden in settings you've never opened. We cover those next.
If you're locked out: Google account recovery
If the password and recovery info have already been changed, you'll need Google's recovery process. Go to g.co/recover and follow the prompts. A few things dramatically improve your odds of getting back in:
- Use a familiar device and location — the same phone or computer and the same Wi-Fi you normally sign in from. Google weighs this heavily.
- Answer with your last password you remember, even an old one. Google accepts "close enough" history.
- Be patient and consistent. If the first attempt fails, try again from a trusted device rather than a brand-new one.
There's no secret backdoor and no phone number that resets your account for you — anyone claiming otherwise is a scammer. Google runs the actual reset. What a technician adds is speed and a second set of eyes: knowing which familiar-device trick to try, and then hunting down the forwarding rules and malware most people never find.
We connect remotely, lock the account back down, kill rogue sessions and forwarding rules, and check the device that leaked it; flat $149.99 USD; No Fix No Fee.
Book remote account recovery — $149.99The hidden traps attackers leave behind
Here's what separates a real recovery from a false sense of safety. Changing your password does not remove the persistence mechanisms an attacker plants. If you skip this section, they can keep reading your mail for months. Open each of these settings and clean them out.
Filters and forwarding rules
This is the big one. Attackers create filters that auto-forward and then auto-delete your incoming mail — especially anything containing "password," "verification," or "security." That's how they keep intercepting reset codes after you think you're safe. In Gmail, go to Settings → See all settings → Filters and Blocked Addresses and Forwarding and POP/IMAP. Delete anything you didn't create.
Third-party app access
In your Google Account → Security → Third-party apps with account access, revoke anything unfamiliar. A connected app can keep its access even after a password change.
"Send mail as" aliases
Under Settings → Accounts and Import, check the Send mail as list. Attackers add aliases so they can impersonate you. Remove any you don't recognize.
If reviewing these settings feels overwhelming, that's normal — they're buried on purpose. This is exactly the part our remote cybersecurity team checks line by line so nothing gets left behind.
Quick reference: symptom → action
Use this table to jump straight to the right fix for what you're seeing.
| Symptom | What to do |
|---|---|
| Sent mail you didn't write | Change password, sign out all sessions, check filters/forwarding |
| Password changed without you | Use g.co/recover from a familiar device immediately |
| Recovery email/phone changed | Run Google account recovery; remove unknown recovery info once back in |
| Reset emails keep disappearing | Delete malicious filters and forwarding rules |
| New-device sign-in alert | Sign out that device under Security → Your devices, change password |
| Contacts get spam from you | Secure the account, then warn contacts not to click |
Secure the device that leaked it — and warn your contacts
An account doesn't usually get hacked in a vacuum. If your password leaked, ask how. The two most common culprits are a reused password exposed in a data breach, or malware or a keylogger on a device you signed in from.
If you suspect malware, recovering the account isn't enough — you have to clean the machine, or the attacker simply steals your new password too. Run a full scan and remove anything suspicious; our guide on how to remove a virus and our virus & malware removal service walk through exactly that.
Then warn your contacts. While the attacker had access, they may have sent phishing or money-request messages in your name. A quick heads-up — "my email was compromised; ignore anything odd from me yesterday" — protects the people who trust you. If this happened while you were on the road, our notes on getting hacked while traveling cover the extra steps.
Protect everything linked to your Gmail
Your email is the master key to your digital life. Almost every other account — banking, shopping, social media — resets its password through your inbox. So a hacked Gmail can quietly become a hacked everything.
Once Gmail is secured, prioritize the accounts that share that address: change passwords on your bank, primary financial apps, and any account where you reused the same password. Turn on 2FA there too. If a social account looks compromised, our walkthrough on how to recover a hacked Facebook account follows the same logic. And if a strange message kicked all this off, learn to spot the next one with is this email a scam?
Most importantly, don't reuse passwords across accounts. A password manager plus 2FA turns a single breach into a contained incident instead of a domino chain.
Frequently asked questions
How do I know if my Gmail account was really hacked?
Look for sent messages you didn't write, a password that suddenly stops working, a changed recovery email or phone number, or new-device sign-in alerts from places you don't recognize. Disappearing password-reset emails are another strong sign, because attackers set up filters to hide them. Even one of these warrants acting immediately, since fast action limits the damage and makes recovery far easier.
Can I recover my Gmail if the hacker changed my password and recovery info?
Yes, often. Go to g.co/recover and complete Google's account recovery form from a device and location you normally use, since Google weighs familiarity heavily. Enter the most recent password you can remember, even an old one. There's no secret hotline that resets it for you. If the automated process keeps failing, a technician can guide you through the right trusted-device approach to improve your odds.
Why is checking forwarding rules so important after a hack?
Because changing your password doesn't remove them. Attackers create filters that automatically forward and then delete your incoming mail, especially messages about passwords and verification codes. That lets them keep intercepting reset links and breaking into your other accounts long after you think you're safe. Always check Filters and Blocked Addresses plus Forwarding settings and delete anything you didn't create yourself.
How did my Gmail get hacked in the first place?
Usually one of two ways: a password you reused was exposed in a data breach on another site, or malware such as a keylogger on a device you signed in from captured it. That's why recovering the account isn't always enough. If a device is infected, you should scan and clean it, otherwise the attacker can simply capture your new password and get back in.
Should I just create a new Gmail instead of recovering the old one?
Usually no. Your old address is tied to banking, shopping, and dozens of other logins that reset through it, so abandoning it can cause bigger problems. It's almost always better to recover and secure the original account, remove the attacker's hidden settings, and enable 2FA. Start fresh only if recovery truly fails after exhausting Google's process and getting expert help.