What steps should I take after a new device logs into my email to secure it?

[Noah.J]

I just got a notification that someone logged into my email from a new device in another state. I changed my password immediately, but I’m wondering if I should do more, like check for rules or filters that might have been set up to forward my messages.

[ChloeQG]

I’d definitely check for forwarding rules and filters. I once got a similar alert and found a filter that sent copies to another address. I deleted that rule, checked for any delegated accounts, and signed out of all devices I didn’t recognize.

[JerryWG]

I’d turn on two factor authentication if you haven’t already and revoke access for any apps you don’t recognize. Then review the security activity log and sign out of all sessions on other devices.

[Larry.L]

I remember feeling like I was overreacting, but the VPN I use can show up as a different location too. It helped me sleep a bit when I realized that could explain some of the odd entries.

[Matthew.J]

Do you think the alert is real or could it be a phishing email pretending to be your provider?