Check if Your Gmail Account is Hacked with Activity Monitor
Back in February Mark wrote an article, Are You Sure Your Email Isn’t Being Hacked. It provided step by step instructions on how to setup “electronic tripwire” in your email. When someone opens it the account owner gets alerted.
This time I want to go over one new Gmail feature. It watches your account and displays a notification when someone else logs into your account. Basically a nice little feature from Gmail team that lets you check if someone has hacked into your Gmail account.
When you’re in Gmail go all the way down to the bottom of the page. There you should see something starting with “Last account activity …”, that’s the feature I am going to tell you about.
As you can see above it shows the last time someone logged in into your account and the IP address of that person. If you have logged in just now you should see it right there.
Last account activity: 2 minutes ago at this IP (xx.xx.xxx.xx)
Now here comes the cool part, if at some point while you’re logged in someone else logs into your account the bottom line will change to something like:
This account is open in 1 other location at this IP (xx.xx.xxx.xx)
This basically tells you that there is someone else in your account,unless you have it also opened in other browser or left it open on other PC (at home and you are at work).
As you have probably noticed there is also a ‘Details’ link. This one gives you a bit more than just who is logged in right now but also recent account access times, the IP addresses and the way account was accessed (i.e. using Browser, via POP3, etc.)
Here are 3 things you should pay attention to:
1. IP Address – If you usually signin to Gmail using a single computer then your IP address should be the same. Or at least have identical first two sets of numbers (ex. 212.10.xx.xx).
2. Access Type – This column displays the way your account was accessed. For instance if you read your email from browser (Firefox, IE, Safari etc.) but one of the entries showing POP access, there is a good chance your account is compromised.
3. Concurrent Sessions – If your mail is currently being accessed from another location, you’ll see it here.
However, as I mentioned earlier if you have your Gmail account open in some other browser (or PC), those sessions will appear here as well. If you want to sign out these other sessions you can do so using ‘Sign out all other sessions’ button. This won’t affect your current session.
If at one point you notice that something is not right and feel that your account is compromised the first thing you should do is change your password.
That’s about it. Did you find this useful? Let me know what you think about it in comments.