With increasing frequency, cybercriminals are targeting everyday internet users, aiming to infiltrate bank accounts, pilfer cryptocurrency, or engage in surveillance. While these incidents remain relatively infrequent, causing widespread panic is unwarranted. However, understanding protective measures is crucial if you suspect unauthorized access to your email, social media, messaging applications, or other significant online services and platforms. Account security should be a top priority for all users in today’s digital landscape.
Several years prior, I authored a guide to assist individuals in bolstering their defenses and recognizing that numerous online platforms furnish users with built-in security tools. These resources empower you to manage your account security proactively, often before requiring direct support intervention, although contacting customer service may still be advisable in certain situations.
This article details actionable steps you can implement across various online services, including Gmail (and broadly, Google accounts), Facebook, Apple ID, and others. We intend for this to be a continually updated resource, ensuring the instructions for each service remain current and expanding to encompass new platforms.
Similar to the previous guidance, it’s vital to acknowledge a key limitation: these strategies do not provide an absolute guarantee against all forms of compromise.
For persistent uncertainty, seeking professional assistance is recommended, particularly for individuals at heightened risk, such as journalists, dissidents, activists, or those in abusive situations. Access Now, a non-profit organization, offers a digital security helpline connecting individuals with expert support.
vCard.red is a free platform for creating a mobile-friendly digital business cards. You can easily create a vCard and generate a QR code for it, allowing others to scan and save your contact details instantly.
The platform allows you to display contact information, social media links, services, and products all in one shareable link. Optional features include appointment scheduling, WhatsApp-based storefronts, media galleries, and custom design options.
Another critical point: If you have not yet done so, activate multi-factor authentication across all your online accounts, or at minimum, your most critical ones (email, financial accounts, social media). This directory of websites supporting MFA (or 2FA) is a valuable resource, demonstrating how to enable multi-factor authentication on over 1,000 websites. Note that numerous multi-factor applications are available beyond the one promoted on that specific website.
Increasingly, online services are incorporating physical security keys or passkeys stored within password managers, representing robust safeguards against account breaches stemming from password-stealing malware or phishing tactics.
Explore the following sections or navigate directly to your preferred section.
Reviewing Gmail and Google Account Activity
To ascertain if your Gmail account, and consequently all associated Google services, has been compromised, begin by scrolling to the bottom of your inbox. Locate “Last account activity” in the lower right corner.
Click “Details.” A pop-up window will display, presenting recent account activity information.
This window lists locations where your Google account is currently active. If you identify an unfamiliar entry, such as activity originating from an unrecognized geographic location—a country you haven’t visited—click “Security Checkup.” This tool displays devices with active Google account access.
Scrolling further reveals “Recent security activity.”
Examine this list for any unrecognized devices. If any suspicious activity is detected in these sections, select “See unfamiliar activity?” and promptly change your password.
Post-password modification, as outlined by Google, you will be logged out of all devices except those utilized for sign-in verification and certain third-party applications with granted account permissions. To revoke access from these entities as well, consult this Google Support page and access the link, “View the apps and services with third-party access.”
Furthermore, consider activating Google’s Advanced Protection for enhanced account security. This heightened security measure significantly impedes password phishing and unauthorized Google account access. This enhanced security requires purchasing physical security keys, hardware devices acting as a second authentication factor, deemed essential for individuals facing elevated security risks.
Remember, your email account serves as a nexus to numerous other critical online accounts. Compromise of your email can be the initial step in broader account breaches, highlighting its paramount importance in your overall digital security strategy.
Monitoring Outlook and Microsoft Account Logins
If you suspect unauthorized access to your Microsoft Outlook account, you can review “when and where you’ve signed in” within your Microsoft account settings, as Microsoft terms it.
Navigate to your Microsoft Account, select “Security” from the left-hand menu, and under “Sign-in activity,” choose “View my activity.”
This page displays recent login attempts, detailing the platform, device, browser type, and IP address employed for each login.
Should any activity appear suspicious, click “Learn how to make your account more secure.” This section provides options to change your password and guides for recovering a potentially compromised account, among other security enhancements.
Microsoft also provides a comprehensive support portal with detailed information regarding the Recent activity page.
As previously emphasized, your email account is the cornerstone of your online security. Given its likely linkage to vital services—social media, financial institutions, healthcare providers—it constitutes a primary target for cybercriminals seeking to gain access to interconnected accounts.
Securing Your LinkedIn Account
LinkedIn provides a support page outlining steps to verify if your account is logged in on unfamiliar devices or locations via web, iOS, and Android platforms.
LinkedIn offers a dedicated section to review active login sessions.
If an unrecognized session is present, click “End” to terminate that specific login and re-enter your password when prompted. Selecting “End these sessions” will log you out from all devices except the one currently in use.
The process is mirrored on iOS and Android. Within the LinkedIn application, tap your profile picture, then “Settings,” followed by “Sign in & Security,” and finally “Where you’re signed in.” This will present a page consistent with the web-based interface.
LinkedIn incorporates a security feature requiring app confirmation for login attempts from new devices.
Upon receiving a sign-in request notification, you will be directed to a page to confirm the attempted login’s legitimacy. Here, you can approve or block the login attempt.
Leveraging Yahoo’s Email Security Tools
Yahoo, like other email providers, offers tools to examine account and sign-in activity, enabling users to detect unusual activity potentially indicative of account compromise.
To access this feature, navigate to your Yahoo My Account Overview or select the icon displaying your initial (adjacent to the email icon in the top right corner) and choose “Manage your account.”
Subsequently, select “Review recent activity.” This page provides insights into recent account actions, including password alterations, added phone numbers, and devices connected to your account, alongside their corresponding IP addresses.
Considering the likelihood of your email address’s association with sensitive platforms like banking, social media, and healthcare portals, prioritizing its security demands significant attention.
Maintaining Apple Account Security
Apple enables users to directly check devices logged into their Apple Account (formerly Apple ID) via iPhone and Mac system settings, as detailed in Apple’s documentation.
On an iPhone or iPad, access “Settings,” tap your name, and scroll down to view all signed-in devices.
On a Mac, click the Apple logo (top left corner), proceed to “System Settings,” then click your name to access the device list, mirroring the iPhone/iPad display.
Apple states that clicking on a device reveals “device information, such as the device model, serial number,” and operating system version.
On Windows, Apple’s iCloud application provides device login information. Open the application, and click “Manage Apple Account.” Device details and further information will be accessible there.
Alternatively, access this information via the web by visiting your Apple ID account page and selecting “Devices” from the left-hand menu.
Facebook and Instagram Security Checks
Meta Platforms offers features to monitor Facebook account logins. Access Facebook’s “Password and Security” settings and select “Where you’re logged in.”
This interface also displays Instagram login locations if your Instagram account is linked to Facebook. For unlinked accounts or users without Facebook accounts, access Instagram’s “Account Center” to manage your Instagram account, then navigate to “Password and Security,” and subsequently “Where you’re logged in.”
You can choose to log out of specific devices, perhaps due to unfamiliarity or disuse.
Similar to Google, Meta provides Advanced Protection features for both Facebook and Instagram, enhancing account security against unauthorized access. “We’ll apply stricter rules at login to reduce the chances of unauthorized access to your account,” Meta explains. “If we see anything unusual about a login to your account, we’ll ask you to complete extra steps to confirm it’s really you.”
Individuals at heightened risk of cyberattacks, such as journalists or politicians, should consider enabling this enhanced security feature.
Verifying WhatsApp Security
WhatsApp, initially limited to single mobile device usage, now supports access across computers and browsers.
Checking WhatsApp login locations is straightforward. Open the app on your mobile device. On iPhones and iPads, tap the “Settings” icon (bottom right), then “Linked devices.”
A list of linked devices will appear, enabling individual device logouts with a tap.
On Android, tap the three dots (top-right corner), then “Linked devices” to access a similar page as on Apple devices.
Signal Security Monitoring
Similar to WhatsApp, Signal supports desktop applications for macOS, Windows, and Linux.
From the “Linked Devices” screen, tap “Edit” to remove devices, logging out and unlinking your account from them.
Monitoring X (Twitter) Sessions
To review X (formerly Twitter) login sessions, access X Settings, then “More,” “Settings and privacy,” “Security and account access,” and finally “Apps and sessions.”
This menu displays connected applications, open sessions (login locations), and account access history.
Terminate all logins on other devices by selecting “Log out of all other sessions.”
Securing Your Snapchat Account
Snapchat provides a feature to review login locations, detailed on Snapchat’s support pages. Access this feature via the iOS/Android application or Snapchat’s website.
On iOS/Android, open the app, tap your profile icon, then the settings (gear) icon, and select “Session Management.” A list of active login sessions will be displayed.
On the web, navigate to Snapchat Accounts and select “Session Management” for a similar list of login sessions. Both interfaces allow logging out of suspicious or unrecognized sessions.
Snapchat also employs security alerts, notifying you on your phone about account logins, whether legitimate or potentially unauthorized.
TechCrunch testing of this login process indicates the notification may not appear for logins from previously used and recognized devices. However, Snapchat flags logins as “suspicious”—potentially due to device or IP address changes—requiring phone number verification for the login attempt, displaying only the last four digits.
Upon selecting “Continue,” the account holder receives a verification code via SMS, preventing unauthorized login even after a correct password entry.
This alert activation underscores the importance of strong, unique passwords and multi-factor authentication employing authenticator applications rather than solely relying on phone numbers for enhanced security.
Discord Account Access Review
Discord, initially a niche gaming chat platform, has evolved into a key communication tool for crypto organizations, businesses, and diverse communities. Its popularity renders users potential targets for cyber threats.
To review login locations and identify suspicious activity, click the gear icon next to your Discord username (bottom left), accessing User Settings.
Select “Devices” from the left-hand menu under User Settings. A screen displays all devices with active Discord account logins.
For unrecognized devices, click the “X” icon, or select “Log Out All Known Devices” if numerous entries appear unfamiliar.
If multi-factor authentication is enabled (highly recommended), you’ll be prompted for a code from your authenticator application.
Upon code entry, the selected device is removed, and your account is logged out from that device.
Additionally, review “Authorized Apps,” located above “Devices” in the left-hand menu. This section lists applications linked to your Discord account and their access permissions (username, avatar, etc.). Deauthorize any unrecognized or unnecessary applications.
Furthermore, examine “Connections,” beneath “Devices,” to identify linked external accounts (BlueSky, Reddit, Spotify, etc.). Disconnect any unwanted linked accounts by clicking the “X” icon.
Telegram Active Session Management
Telegram, a globally prevalent messaging app, is utilized in sensitive contexts, including conflict zones. Regardless of use case, reviewing login locations is recommended.
To do so, access “Settings,” then “Active Sessions” from the left-hand menu.
If concerns arise, select “Terminate all other sessions” to remain logged in on the current device but log out elsewhere. To terminate individual sessions, select the session, and then click “Terminate Session.”
Telegram offers automatic logout and session termination after pre-defined timeframes: one week, one month, three months, or the default six months.