A useful stopping point: secure your primary email, remove password reuse from high-impact accounts, and save the rest as a checklist. You do not have to fix your entire digital life in one sitting.

01

Verify the alert without using its link

Open the provider’s official app or type its address yourself. Check the security or recent activity page for the device, location, and time. Locations can be approximate, especially on mobile networks or VPNs, so compare the device and browser details too.

If the activity is yours, no emergency change is required. If it is not yours or you cannot tell, continue as though access may be compromised.

02

Change the key, then remove every other session

Change the password from a trusted device to one you have never used elsewhere. Then sign out all other sessions. Doing only one of these can leave an existing session active or let a reused password reopen the account.

Review connected applications, app passwords, delegated mailbox access, and remembered devices. Remove anything you do not recognize.

  • Create a completely new password or passkey.
  • Sign out all sessions, then sign your trusted devices back in.
  • Remove unknown connected apps and app-specific passwords.
  • Enable an authenticator or passkey and save recovery codes.
03

Look for quiet ways an intruder could stay informed

Check automatic forwarding, inbox rules, filters, blocked senders, and aliases. A malicious rule may hide security messages, delete replies from a bank, or forward copies to another address.

Also review sent mail, deleted mail, and account recovery settings. Replace any recovery address or phone number you do not control.

04

Repair accounts that depend on this inbox

Check important services for password-reset messages, security changes, new payees, or unfamiliar orders. Start with financial accounts, your mobile carrier, cloud storage, and work accounts.

Tell close contacts if the mailbox sent fraudulent messages. A short warning helps them ignore urgent payment requests or strange links that appear to come from you.

Quick answers

Questions people ask next

Can an unfamiliar login location be a false alarm?

Yes. Mobile networks, corporate gateways, and VPNs can show another city. Compare time, device, browser, and activity before deciding.

Is changing the email password enough?

Not always. Revoke sessions, inspect forwarding and inbox rules, remove unknown apps, and repair recovery settings so previous access cannot persist.

Should I contact the email provider?

Use the provider’s official recovery process when you cannot sign in, recovery details changed, or suspicious activity continues after securing the account.