What to Do If Someone Logs in to Your Gmail Account from a Strange Location
What would hackers do if they steal or guess your Gmail password? Well, we have discussed the topic on these pages, but it must be said that we've mostly touched upon the scenario of a really noisy attack that wreaks as much chaos as possible in as little time as possible.
Indeed, if attackers break into your inbox, they'll probably first lock you out of your email and will then reset the passwords for the rest of your accounts, leaving you without access to your online personality. Depending on their motives for hacking you, however, they might take a different approach. They might, for example, sit silent and spy on you.
Security experts the world over have warned time and again that relaying sensitive information with the help of emails is far from a good idea, but many people continue to do it, and if you're one of them, a sneaky hacker can make life for you and the people you communicate with very difficult indeed. Fortunately, you have some tools that, provided you pay close enough attention to them, will help you detect the unwanted presence. Google has also given you a way of kicking the bad guys out.
Finding out that someone is snooping around
If the hackers are smart enough, you can be pretty certain that they'll do everything they can to ensure that you don't notice them. They will log in only during unusual hours when you're supposed to be asleep, for example, and they'll make sure that they don't do anything that might give them away. After they read a message, they'll likely mark it as unread so that you don't get suspicious, and if they decide that they don't want you to see something, they'll be sure that it's permanently deleted, not just thrown in the trash.
Even so, they can't hide the fact that they're in, and they can do nothing about the fact that you can see them. First of all, there's a system that is supposed to alert you every time Google thinks that there's suspicious activity on your account. It's on by default, but it can be disabled quite easily, and on the whole, it might not be 100% reliable, especially when the crooks know what they're doing. Fortunately, there's a better way of finding out whether someone's been spying on you.
Open your Gmail inbox and scroll down to the very bottom. In the right-hand corner, under the last email on the list, you have a line of text indicating your Last account activity, and below it, you have a link labeled Details. Clicking on it will open a popup that will give you information on all the devices that have accessed your account over the last few days, including IPs, estimated location, date and time, and types of browsers. If there's anything you don't recognize, it's time to act.
Kicking the intruders out
First, locate the Sign out all other web sessions button in the Details popup. Clicking it will automatically sign all other devices out of your account. It won't prevent them from signing in again, however, so the next step on your agenda should be changing your password.
Needless to say, if you've reused the same password on other accounts, you should change it there as well, and you might want to consider using a password manager like Cyclonis Password Manager which will help you secure all your online accounts with strong, random, and unique passwords.
To be extra sure that nobody is able to tamper with your Google account, go to the Recently used devices section at https://myaccount.google.com/. Again, if you see anything you don't recognize, click on it, and hit the Remove button.
You might think at this point that your work is done, but unfortunately, this is not the case. Far from it, in fact.
Reviewing your email settings
You've kicked the bad guys out, but this, unfortunately, doesn't necessarily mean that they can't read your emails. Gmail, like many other email providers, gives users the option of forwarding all messages to a different address, and although this has a number of legitimate advantages, it can also be abused by attackers. To see if the hackers have enabled forwarding for your emails, open your inbox, and click on the sprocket icon above the list of messages. Select Settings and go to the Forwarding and POP/IMAP tab. If you see an address that you haven't put in there, you need to remove it as quickly as possible.
Keeping the intruders out
As you can see, recovering from an attack on your email is not exactly a two-minute job, and you probably wouldn't want to do it again. Let's see what can be done to avoid this.
First, make sure the bad guys haven't left the back door open. You've already changed your Gmail password, but if the crooks have the mechanism to reset it again, they can still cause a lot of damage. It's important to review your Account recovery options in the Sign-in & security section at https://myaccount.google.com/. If you see a phone or an email address that can be used for recovering access to your email, you must make sure that it's removed as quickly as possible.
And while you're still here, you might as well set up two-factor authentication or, as Google calls it, 2-Step Verification. As we recently learned, it's by no means invincible, but it does provide an extra layer of security, and in this day and age, leaving it off just doesn't make sense.
Regardless of whether you use your email for important communication or just as a way to register for your favorite website, you don't want other people nosing around in your inbox. It's important to check for suspicious activity every now and again, and it's even more important to know what to do if you spot something unusual.