A. Google has two plans of action for compromised Gmail accounts, and the one you use depends on whether you can still sign in to the hacked account. Even if you suspect that your account has been hacked, try logging in anyway. Warning signs of a hijacked email account can include friends complaining of suspicious messages from your address, logins from unknown gadgets shown on the Recently Used Devices area of your account activity page, missing contacts or messages, or even Gmail’s own security alerts based on your last account activity.
If you can still get into your account, immediately change your Gmail password. While you are in your Gmail security settings, turn on two-step verification, which requires both a password and a code (sent to your smartphone) to log into your account — an extra step that stops those who merely crack your password. Google’s Gmail Help site has a security checklist that offers further suggestions, and the federal government’s site for Internet awareness,OnGuardOnline.gov, has a few safety tips as well.
If you cannot get into your account, fill out the account recovery form on the Gmail Help site. It may take a frustrating bit of time to regain control of your account, but once you do, visit your Gmail security settings to update the recovery options you can use (like an alternative email address or a mobile phone number) to regain access to your account if someone else tries to steal it. To avoid losing your address book from a compromised account, you should also consider exporting your Gmail contacts to a backup file for safekeeping.