TL;DR
Someone is trying to guess passwords for your email account. This guide shows you how to check if this is happening and what to do about it.
1. Check Your Recent Login Activity
Most email providers (like Gmail, Outlook, Yahoo) keep a log of recent logins. Look for anything unusual:
- Location: Logins from places you haven’t been.
- Device: Devices you don’t recognise.
- Time: Logins at odd hours when you weren’t using your email.
Gmail Example: Go to My Account > Security, then scroll down to ‘Recent security activity’.
Outlook Example: Go to Account Activity.
2. Look for Suspicious Emails
Check your sent items and deleted items folders for emails you didn’t send. Attackers might use your account to spam others.
3. Change Your Password Immediately
This is the most important step! Create a strong, unique password:
- Length: At least 12 characters.
- Complexity: Use a mix of uppercase and lowercase letters, numbers, and symbols.
- Uniqueness: Don’t reuse passwords from other accounts.
Don’t use easily guessable information like your birthday or pet’s name.
4. Enable Two-Factor Authentication (2FA)
2FA adds an extra layer of security. Even if someone gets your password, they’ll also need a code from your phone to log in.
- Gmail: My Account > Security > 2-Step Verification
- Outlook: Account Security > Advanced security options > Two-step verification
You’ll usually need an authenticator app (like Google Authenticator or Authy) or a phone number for 2FA.
5. Review Account Recovery Options
Make sure your recovery email address and phone number are up-to-date. Attackers might try to take over your account by changing your recovery information.
6. Scan Your Devices for Malware
Malware on your computer or phone could be stealing your passwords. Run a full scan with a reputable antivirus program.
7. Check App Permissions (Mobile)
Review the apps that have access to your email account. Revoke permissions for any apps you don’t recognise or no longer use.
8. Consider Email Filtering Rules
If you suspect ongoing spam from your account, create filters to block suspicious emails automatically. This won’t stop the brute force attempt itself but can limit damage.
9. Report the Incident (Optional)
Contact your email provider’s support team if you believe your account has been compromised. They may be able to provide further assistance and investigate the issue.