How do I know if my email account has been compromised?
Key signs include login alerts from unknown locations, sent messages you didn't write, password reset emails you didn't request, and missing messages that may have been deleted.
Last reviewed: 10 June 2026
Explanation
Your email inbox is one of the most valuable targets for fraudsters because it is the recovery point for almost every other account you own — banking, shopping, social media, and more. A compromised email account often shows subtle signs that are easy to overlook.
Check your sent folder for emails you don't remember sending, particularly to contacts asking for money or containing suspicious links. Scammers who take over accounts sometimes use them as spam relays while leaving the rest of the inbox untouched to avoid detection. Also look in your trash and spam folders for messages that were auto-routed there — they may contain password reset confirmations for accounts the attacker was accessing.
Review your account's active sessions or 'recent activity' page (available in Gmail, Outlook, Yahoo, and most major providers). This shows IP addresses, device types, and geographic locations. A login from a country you haven't visited is a clear red flag. Also check your email's forwarding and filtering rules — attackers often set up silent forwarding to a secondary address or create filters that auto-delete security alerts.
If you find evidence of compromise, revoke all sessions immediately, change your password, enable two-factor authentication with an authenticator app (not SMS if possible), audit all accounts that use the email for password recovery, and notify important contacts that your account was compromised in case they received suspicious messages from you.
Common red flags
- Login notifications from locations or devices you don't recognise
- Emails in your sent folder that you didn't write
- Friends or colleagues report receiving strange emails from your address
- Password reset emails arriving for accounts you weren't trying to access
- Forwarding rules or filters you didn't create
- Missing emails, especially security alerts or bank notifications
- Your password no longer works even though you haven't changed it
What to do now
- Log in and immediately check 'recent activity' for unrecognised sessions — revoke all of them
- Change your password to a long, unique one you haven't used elsewhere
- Enable two-factor authentication using an authenticator app
- Check and delete any forwarding rules or suspicious filters
- Review connected apps and revoke access to any you don't recognise
- Change passwords for key accounts (bank, shopping, social media) that use this email for recovery
- Inform your contacts that your account was compromised so they can disregard any suspicious messages
Frequently asked questions
Can I tell if someone read my emails without logging them out?
Most providers show the last login time and IP address in the account activity page. If the most recent login time is not when you last checked, someone else may have accessed it.
My provider says my password is wrong — does that mean I've been locked out by a hacker?
Possibly. Use your provider's account recovery process immediately. Act fast because the attacker may also be working to take over your recovery phone number or backup email.