I Got a Google Security Alert About My Account

First: Is the Alert Real or a Fake?

Before doing anything, confirm the alert is genuinely from Google — fake “security alert” emails are one of the most common phishing tactics used to steal account credentials.

Signs the alert is REAL:

The sender email is exactly no-reply@accounts.google.com (check the full address, not just the display name)
The same event appears in your Google Account under Security → Recent security activity when you log in directly (go to myaccount.google.com — do not use any link from the email)
The alert shows a specific device, location, and time

Signs the alert is FAKE (phishing):

The sender email is anything other than no-reply@accounts.google.com — for example security@google-accounts.net or noreply@google-support.com
The email asks you to click a link to “verify your account” or “confirm your password”
There is urgency language: “Your account will be deleted in 24 hours”
When you log in to myaccount.google.com directly, there is no matching event in Recent security activity

If the alert is fake: Do not click any links in it. Delete the email. You do not need to do anything else — your account is fine.

If the alert is real: Continue below.

If the Alert Was You

If you recognise the sign-in — you just got a new phone, signed in from a different computer, or were travelling — you can confirm it was you.

Either click “Yes, it was me” in the alert email, or simply ignore it. No further action is required.

However, if you do not have two-factor authentication enabled on your Google account, this is a good moment to add it. See the Prevention section below — it takes about two minutes and makes your account significantly harder to compromise.

If the Alert Was Not You

Someone else signed in to your account, or attempted to. Work through these steps quickly.

Step 1: Change your Google password immediately

Go directly to myaccount.google.com (type it into your browser — do not use any link from an email) and sign in.

Go to Security → Password and change it now. Use our password generator — choose something long (20+ characters) that you have never used anywhere else.

Step 2: Sign out all other devices

Still in your Google Account, go to Security → Your devices.

Review the list. If you see any device you do not recognise — or if you want to force the unauthorised person out immediately — click “Manage all devices” and sign out of each device individually, or use the option to sign out all devices at once.

Step 3: Enable two-factor authentication

Go to Security → 2-Step Verification and turn it on. This means even if someone has your password, they cannot sign in without also having access to your phone.

Use an authenticator app (Google Authenticator, Authy) rather than SMS codes if possible — SMS is more easily intercepted.

Step 4: Check for unauthorised changes

Attackers who accessed your account may have made changes to redirect your emails or maintain access later. Check each of these:

Gmail forwarding rules: In Gmail, go to Settings (gear icon) → See all settings → Forwarding and POP/IMAP. Check whether any forwarding addresses are listed that you did not set up. Remove any unfamiliar ones.

Connected apps: Go to myaccount.google.com/permissions. This shows every third-party app or service that has access to your Google account. Remove anything unfamiliar.

Recovery email and phone number: Go to Security → Ways we can verify it’s you. Confirm your recovery email and phone number are still yours. If the attacker changed these, change them back immediately.

2-Step Verification settings: Check that no unfamiliar phone numbers or authenticator apps have been added to your 2FA setup.

If You Are Locked Out of Your Account

If the attacker has already changed your password and you cannot sign in:

Go to accounts.google.com/signin/recovery
Enter your Gmail address and click “Forgot password?”
Google will offer verification options in this order of reliability:
- A prompt sent to a device you have previously used (most reliable)
- A code sent to your recovery phone number
- A code sent to your recovery email address
- Security questions (if set up previously)

Act within 7 days. Google’s recovery system works best when your account history is recent — the longer you wait, the harder it becomes to prove ownership.

If none of the above options work:

Try from a device and location you have regularly used to sign in before (home network, usual computer)
Google considers your login history when verifying identity
If recovery fails, submit a recovery request through the form Google shows you — describe your situation honestly

What to Check After Regaining Access

Once you are back in, go through this list:

Gmail: Look for emails sent without your knowledge (check Sent folder), and for any filters that delete or move incoming emails you would not have set up
Google Drive: Check recent activity for any files shared or downloaded you do not recognise
Google Pay / Play Store: Check for any purchases you did not make — dispute these through Google’s support if needed
YouTube: If you have a YouTube channel, check that no videos were uploaded or deleted and that the channel name has not been changed
Other Google services: Check Photos for sharing changes, and Contacts for any exported data

Prevention

The single most effective thing you can do is enable two-factor authentication. With 2FA on, a stolen password alone is not enough to access your account.

Enable 2-Step Verification at myaccount.google.com → Security → 2-Step Verification
Use an authenticator app (Google Authenticator, Authy) rather than SMS codes
Use a strong, unique password for your Google account — different from every other account (use our password generator)
Add a recovery phone and email so you can regain access if locked out
Review connected apps yearly at myaccount.google.com/permissions — remove anything you no longer use
Never enter your Google password on any site other than accounts.google.com