A useful stopping point: secure your primary email, remove password reuse from high-impact accounts, and save the rest as a checklist. You do not have to fix your entire digital life in one sitting.
Verify the alert without using its link
Open the provider’s official app or type its address yourself. Check the security or recent activity page for the device, location, and time. Locations can be approximate, especially on mobile networks or VPNs, so compare the device and browser details too.
If the activity is yours, no emergency change is required. If it is not yours or you cannot tell, continue as though access may be compromised.
Change the key, then remove every other session
Change the password from a trusted device to one you have never used elsewhere. Then sign out all other sessions. Doing only one of these can leave an existing session active or let a reused password reopen the account.
Review connected applications, app passwords, delegated mailbox access, and remembered devices. Remove anything you do not recognize.
- Create a completely new password or passkey.
- Sign out all sessions, then sign your trusted devices back in.
- Remove unknown connected apps and app-specific passwords.
- Enable an authenticator or passkey and save recovery codes.
Repair accounts that depend on this inbox
Check important services for password-reset messages, security changes, new payees, or unfamiliar orders. Start with financial accounts, your mobile carrier, cloud storage, and work accounts.
Tell close contacts if the mailbox sent fraudulent messages. A short warning helps them ignore urgent payment requests or strange links that appear to come from you.
Quick answers
Questions people ask next
Can an unfamiliar login location be a false alarm?
Yes. Mobile networks, corporate gateways, and VPNs can show another city. Compare time, device, browser, and activity before deciding.
Is changing the email password enough?
Not always. Revoke sessions, inspect forwarding and inbox rules, remove unknown apps, and repair recovery settings so previous access cannot persist.
Should I contact the email provider?
Use the provider’s official recovery process when you cannot sign in, recovery details changed, or suspicious activity continues after securing the account.