If your Gmail has been hacked, act immediately. Your Gmail account is the master key to your entire digital life. Every password reset for your bank, social media, shopping, and government services goes through your email. The longer a hacker has access, the more accounts they can take over. Follow this guide right now.

Why Gmail Is the #1 Target for Hackers

Your Gmail account isn't just email. It's the single point of failure for your entire online identity. Think about what's connected to it: your bank sends password reset links there. Your social media accounts use it for login recovery. Your myGov, ATO, Medicare, and Centrelink accounts are tied to it. Google Pay, Google Drive, Google Photos, YouTube — all accessible through one login.

If a hacker takes your Gmail, they don't just read your emails. They own everything. They can reset your banking password, lock you out of Facebook and Instagram, access your cloud files, and intercept every recovery email you try to send yourself. That's why Gmail is the most targeted email service in the world — it's not just an inbox, it's the skeleton key to your digital life.

We see this every week at our shop. Someone comes in because their bank account was drained or their Facebook was stolen. When we trace it back, it almost always started with a compromised Gmail account.

Signs Your Gmail Has Been Compromised

You don't need to be tech-savvy to spot the warning signs. If any of these apply to you, your account may already be under someone else's control:

Security alerts from Google Google sends emails with the subject "Critical security alert" when someone signs in from a new device or location. If you got one and it wasn't you, someone else is in your account right now.
Sent messages you didn't write Check your Sent folder and Trash. If there are emails you didn't send — especially to your contacts asking for money or containing links — a hacker is using your account to target people you know.
Forwarding rules you didn't set This is the most dangerous sign because it's invisible. Hackers add a forwarding rule so every email you receive is silently copied to their address — even after you change your password.
Recovery options changed If your recovery phone number or backup email has been changed to something you don't recognise, the hacker is locking you out permanently. Check this at myaccount.google.com/security.
Unfamiliar devices in security checkup Go to your Google account's device activity. If you see phones, computers, or locations you don't recognise, someone else has active access to your account.
Password suddenly doesn't work If you're completely locked out of your Gmail, the hacker has already changed your password. This is the most urgent scenario — skip ahead to the recovery steps below.

URGENT: Check your forwarding rules FIRST. This is the step that catches most people off guard. Hackers set up a forwarding rule that silently sends a copy of every incoming email to their own address. You won't notice anything wrong — your emails still arrive normally. But they're getting a copy of everything, including password reset links. Even after you change your password, they keep receiving your emails. Go to Gmail Settings > Forwarding and POP/IMAP right now and delete any forwarding address you don't recognise.

Step-by-Step Gmail Account Recovery

Follow these steps in order. Don't skip ahead, and don't stop halfway. Each step builds on the last.

  1. Go to Google's account recovery page. Open accounts.google.com/signin/recovery in your browser. Enter your Gmail address and follow the prompts. Google will try to verify your identity through your phone number, backup email, or security questions. Use a device and network you've previously used to sign into this account — Google checks this as part of verification.
  2. Use Google's account recovery options. Google will offer different verification methods: a code sent to your recovery phone number, a code sent to your backup email, or security questions you set up previously. If the hacker has changed your recovery options, try answering from a device and Wi-Fi network you've used before — Google uses location and device history to help verify your identity.
  3. Change your password immediately. Once you're back in, change your password before doing anything else. Make it at least 16 characters, use a mix of letters, numbers, and symbols. Do not reuse a password from any other account. Do not use anything guessable — no pet names, birthdays, or favourite teams. Consider using a password manager like Bitwarden or 1Password to generate and store it.
  4. Check and remove forwarding rules. Go to Gmail > Settings (gear icon) > See all settings > Forwarding and POP/IMAP. If there's a forwarding address you don't recognise, select "Disable forwarding" and save. Also check Settings > Filters and Blocked Addresses for any filters that automatically forward, delete, or archive emails. Hackers use these to hide their tracks.
  5. Review and revoke third-party app access. Go to myaccount.google.com/security and scroll to "Third-party apps with account access." Remove anything you don't recognise or no longer use. Compromised third-party apps are one of the most common ways hackers maintain access even after you change your password.
  6. Remove unknown devices from your account. On the same security page, click "Manage all devices" under "Your devices." You'll see every phone, computer, and tablet currently signed into your Google account. Sign out any device you don't recognise. If you're unsure about any of them, sign out everything — you can sign back in on your own devices.
  7. Enable two-factor authentication. Go to myaccount.google.com/security > 2-Step Verification and turn it on. Use Google Authenticator or another authenticator app rather than SMS codes. SMS codes can be intercepted through SIM swapping — where a hacker convinces your phone provider to transfer your number to their SIM. An authenticator app is tied to your physical device and can't be intercepted remotely.
  8. Check your connected accounts. Many websites and apps let you "Sign in with Google." If a hacker had access to your Gmail, they may have accessed these too. Go to myaccount.google.com/security > "Signing in to other sites" to see what's connected. Revoke access to anything suspicious and change passwords on any important connected services.
  9. Update passwords on every site that uses this email. This is the painful but necessary step. Every account that uses your Gmail for login or password recovery needs a new, unique password. Start with the most critical: banking, superannuation, government services (myGov), social media, shopping sites with saved payment details. A password manager makes this manageable.

Do these steps from a clean device. If you suspect your phone or computer has malware, don't use it to change passwords — the hacker will capture your new passwords as you type them. Use a family member's device, a different computer, or visit a library.

What to Do If Google Won't Give You Access Back

Sometimes Google's standard recovery process fails. The hacker may have changed your recovery phone, backup email, and security questions. If you're completely locked out, try these steps:

  • Try from a familiar device and location — Google is more likely to verify you if you're using a device, browser, and Wi-Fi network you've previously used to sign in
  • Answer recovery questions precisely — Google compares your answers against historical data, so be as exact as possible with dates, old passwords, and security answers
  • Submit Google's account recovery form multiple times if needed — each attempt gives you a slightly different set of questions; persistence can work
  • Check if you're still signed in anywhere — an old phone, tablet, or browser session might still be logged in, giving you a way to change recovery options before the hacker does
  • Contact IDCARE — Australia's national identity and cyber support service can help you navigate the recovery process and document the theft for authorities. Call 1800 595 160
  • File a report with ReportCyber — report the hack at cyber.gov.au/report for the official record; this is important if the hacker uses your identity for fraud

Don't give up after one failed recovery attempt. Google's system improves its confidence in your identity with each attempt if you're providing consistent, accurate information from a trusted device.

Check If Your Email Was in a Data Breach

Your Gmail might have been compromised because your credentials were leaked in a data breach — not because you clicked a bad link. Companies get hacked all the time, and if you reused your Gmail password on any of those sites, attackers can walk right in.

Have I Been Pwned Enter your email to see every data breach it appeared in. If your password was leaked, change it everywhere you used it.
haveibeenpwned.com
Google Security Checkup Reviews your Google account for compromised passwords, suspicious sign-ins, and third-party access. Run this after recovery.
Google Security Checkup
Google Password Manager If you saved passwords in Chrome, Google can tell you which ones appeared in known data breaches and need changing.
passwords.google.com

If your email appears in breaches, assume every password you've reused is compromised. Attackers use automated tools to try leaked email/password combinations across thousands of websites in minutes. This is called credential stuffing, and it's how most Gmail accounts actually get hacked — not through clever hacking, but through password reuse.

Prevention: Stop This From Happening Again

Once you've recovered your account, take these steps to make sure it doesn't happen again:

Use a unique password for Gmail Your Gmail password should not be used anywhere else. Ever. If one site gets breached, your email stays safe. Use a password manager to handle the complexity.
Use an authenticator app, not SMS SMS codes can be intercepted via SIM swapping. Google Authenticator, Authy, or Microsoft Authenticator generate codes on your device that can't be remotely intercepted.
Consider Google Advanced Protection For high-risk users — journalists, activists, business owners, anyone with sensitive data — Google's Advanced Protection Program uses physical security keys and blocks most phishing attacks entirely.
Keep recovery options up to date Make sure your recovery phone number and backup email are current and accessible. If you change your phone number, update it in Google immediately. These are your lifeline if you get locked out.
Review account activity regularly Check myaccount.google.com/security monthly. Look at recent sign-ins, connected devices, and third-party app access. Catching something early limits the damage.
Never click email links to "verify" accounts Google will never ask you to verify your account by clicking a link in an email. If you get a suspicious email, go directly to accounts.google.com by typing it in your browser instead.

Australian Resources for Reporting and Recovery

If your Gmail hack led to identity theft, financial loss, or fraud, these are the official Australian channels for help:

ReportCyber — Australian Cyber Security Centre The official government channel for reporting cybercrime including hacking, account takeovers, and online fraud. cyber.gov.au/report
Scamwatch — ACCC Report scams and check current scam trends. If your Gmail was compromised through a phishing scam, report it here. scamwatch.gov.au
IDCARE — Identity & Cyber Support Free case management if your identity has been stolen. They'll guide you through the recovery process step by step. Call 1800 595 160. idcare.org
Have I Been Pwned Check if your email and passwords have been exposed in known data breaches. Free, trusted, and run by an Australian security researcher. haveibeenpwned.com

Need help recovering your Gmail or securing your accounts?

We help Central Coast residents recover from hacked accounts, remove malware, and lock down their digital security every day. Book a session and we'll assess the damage and walk you through recovery.

Book a Security Assessment