The absolute first thing you should do if your Gmail account is hacked is check to see if you can still log into it. This may seem like a wasted step, but you’d be surprised how many hackers neglect to change the original password right away. If you can log in, immediately change your password and check that your secondary email/secret question/mobile phone number have not been changed.

In Gmail, go to:

Settings –> Accounts and Imports –> Google Account Settings. From there, look under personal settings; you can change your password, as well as your password recovery options. You should change everything.

If you are unable to log in, go to:

https://www.google.com/accounts/recovery

and reset your password, either through the secondary email address, mobile phone number, or your secret question.

Fast thinking and fast acting is your best bet for getting through this situation unscathed. However, you may not have been alerted to the problem until it was already too late. If the hacker has already changed your secondary address and/or your secret question you will have to start dealing with Google directly and prepare to fill out a form.

If you can’t remember your secret question&answer, or it has been changed, go┬áto this page:

https://www.google.com/support/accounts/bin/request.py?hl=en&contact_type=acc_reco&ara=2&ctx=acc_reco&rd=1

and tic the box that says “No” indicating that you were unable to regain access to your account using the above methods. The form is relatively short and straightforward and will allow Google to establish that you are the correct and true owner of the account, and also pinpoint the exact time the account was taken over.

Unfortunately, this is the extent of your legitimate options. It’s now a waiting game, which is often the most frustrating part of identify theft. If you don’t already have a secondary email address, now is probably a good time to set one up. If your Gmail password was the same as any of your others (which is a bad idea) – online banking, Amazon, Facebook, Twitter, etc. – you should change all those passwords, as well as set them up with your new email address while Google is working on the old one.

Send an email to friends/family/business contacts associated with your Gmail address and warn them that your account was hacked and that they should ignore suspicions communications from it until further notice. Post a similar message to any social networking sites you belong to.

Once the situation is resolved, and you are once again in possession of your account, repeat the steps above and log into your security settings. Check absolutely everything – including what name and address your mail is sent as. A brief overview of what you should be checking on:

Account Security:
Settings –> Accounts and Import –> Google Account Settings –> Change Password [change your password]
Settings –> Accounts and Import –> Google Account Settings –> Change Password Recovery Options [verify every security measure, then change them]

Spam:
Settings –> General -> Signature [double check nothing has changed]
Settings –> General -> Vacation Responder [be sure it hasn't been turned on]

Hijacking:
Settings –> Accounts and Import –> Send Mail As [make sure this is your correct address]
Settings –> Filters [you don't want filters that delete mail]
Settings –> Forwarding and POP/IMAP –> Forwarding [disabled or whatever address you assigned]
Settings –> Forwarding and POP/IMAP –> POP Download [disabled]
Settings –> Forwarding and POP/IMAP –> IMAP Access [disabled]

To achieve total Gmail security, you should never use the same password from another site. It is recommended that you change your password on a bi-monthly basis.

Gmail also has a new feature that monitors the activity in your account. From your inbox, scroll down to the bottom, just below where your account storage is displayed. It now says “Last account activity” and a time, as well as an IP address (hopefully yours). If you click on the “details” button you will see all recent account activity, including IP addresses and methods of entry – browsers, POP3, etc.

Now, the nifty part: if another user logs into your account while you’re in it, that status will change, and announce that another user is logged into the account, and display their IP address. Now you’ve got the power to potentially catch a hacker before your account is messed with. Now repeat our first step – change your password immediately. Not a foolproof system, but in this world of account hijacking, every little bit helps.