10 signs that someone is monitoring or accessing your accounts – how to stop them
Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
- Strange email or social activity could mean compromise.
- There are common indicators you should be aware of.
- But there are ways for you to take back control.
Account compromise or monitoring can be a quiet affair, and there may be no glaring or immediate signs that your accounts are no longer completely under your control.
If someone has access to your social media, email account, shopping services, or worse — your banking and financial services — and you don't notice in time, the consequences can be severe. Your email account could be used to bypass two-factor authentication (2FA) and access other services, fraudulent purchases could be made, or you could face slander or reputational damage if they decide to post content from your social media while pretending to be you.
Also: 7+ phone privacy settings to check and turn off ASAP – to avoid exposing your personal data
Whether or not a freeloader is enjoying a film on Netflix with your credentials or a cybercriminal intends harm, there are subtle signs to watch out for that show something isn't right.
Below, you will find red flags to watch for that will help you identify when your online accounts are being monitored, along with solutions to take action.
1. Unknown login attempts, sessions
Many of our online accounts will record when they are accessed, complete with active sessions, timestamps, and potentially other data points such as IP address, device used, or user location. If you are a Google services user, for example, you can find sign-in activity on your dashboard.
There are two main areas to watch for: login attempts and active sessions. If someone is probing your account and is trying out different passwords, you will probably receive a security alert and the option to report the situation to your account provider.
Also: How to clear your Android phone cache – the 30-second routine every user should be doing
You should also pay particular attention to active sessions and whether another device is signed in to your account, as this likely indicates an intruder you need to deal with quickly.
Solution: Act fast. Change your password now, and then investigate further. Check that your recovery emails and telephone numbers haven't changed and still belong to you, and revoke all active device sessions by signing out of all other devices when you update your credentials.
If you're using a VPN, keep in mind that these services will change your IP address location, which can also affect which city or country your online connection appears to be from. For example, if you are based in the US but using a UK VPN server, an active session or login to your online account would show an IP address and a UK location. So check your VPN status, too, as this could explain why you think something strange is going on.
2. Unwanted and unexpected 2FA code requests, password changes
A red flag that your online account is being monitored or that someone is trying to gain access is a sudden influx of 2FA or multi-factor authentication (MFA) codes in your email inbox or via SMS. You may also spot password requests, changes, and account recovery emails.
Also: 7 ways to lock down your phone before heading to a protest
Unsolicited security-based messages are a warning sign that someone is trying to access your account. While many of us have experienced this situation as part of wider criminal campaigns, when cybercriminals send out spray-and-pray security email requests, the approach can also be individually targeted, and this tactic is what we have to watch out for.
Solution: Never reveal 2FA or security codes to anyone. If you didn't ask for them, delete them. It is also important for you to know about SIM-swapping, in which criminals can temporarily take control of your phone number to obtain 2FA codes and hijack your accounts. If you think this is a possibility, you will need to contact your telecoms provider immediately.
"It is worth remembering that a code request you were not expecting is itself a red flag," Javvad Malik, lead CISO advisor at security specialist KnowBe4, commented. "If your phone buzzes with an authentication prompt you did not initiate, someone may already have your password. The code is the last line of defense, and you should never hand it over."
3. A surge in spam calls or phishing emails
Are you suddenly experiencing an influx of phishing emails or spam calls? You might be on a cybercriminal's radar, and it might be that someone is trying to dupe you into granting them access to your online account.
Solution: You should report any suspected spam or phishing emails you receive, and it is also important to report any suspicious phone calls to your cellular service provider. We also suggest that you visit Have I Been Pwned to see whether you have been affected by a data breach, as this situation could explain why you are being targeted.
Cybercriminals often use stolen data and credentials to compromise user accounts or to send you emails in phishing campaigns. Never click links in these emails; instead, go directly to trusted websites or call if you're unsure whether an email is genuine.
4. Reports of strange email activity
Are friends, family, colleagues, and other associates telling you that you have sent them strange emails, such as messages containing suspicious links or requests for payment?
Your email account may have been compromised, and unauthorized parties may be closely monitoring what you say and who you say it to.
Also: How to enable Advanced Protection on Android 16 – and why you shouldn't skip it
At a basic level, scammers may be using your account to send spam and phishing emails. If you are involved in business or your corporate email account is in question, you might, in more serious cases, be a participant in a business email compromise (BEC) scam.
Solution: Change your password immediately, and if you have the option, sign out of all other devices.
Then, look for evidence that your email account has been tampered with and is being actively monitored or controlled. Check your sent and scheduled emails — even if an intruder may have deleted them — and ask recipients for screenshots. It is also important to check whether any unknown forwarding rules have been implemented in your account, which could mean your email content is being forwarded without your knowledge.
In corporate settings, in particular, this evidence can be crucial in damage limitation. If your email is associated with a company, inform IT of the situation. If your email is personal, make sure you warn friends and family not to open any strange links from your address.
"Attackers' habits are evolving," Lee Sult, chief investigator at digital forensics specialist Binalyze, told ZDNET. "They're focusing less on 'hacking devices' and more on accessing accounts. In many cases, if someone can get into your email, cloud storage, or social accounts, they don't need to install malware at all. […] Your accounts, especially your email, should be seen as some of your most valuable possessions. Not only in their utility, but because protecting these goes a very long way toward preventing larger issues."
5. Bizarre social media behavior
If comments, likes, profile visits, follows, or posts are published on your account, but weren't posted by you, this is a sign that someone else has gained access to your account.
This activity might also be a sign that all is not well if direct messages show as read even when you haven't viewed them.
Also: How to turn on Lockdown Mode on iPhone – so even the FBI can't get in
Cybercriminals and scammers hijacking Facebook, Instagram, X, and TikTok accounts are well-documented, and there can be a variety of reasons for this issue.
A scammer may have used stolen credentials to hijack accounts to follow bots or to spread spam and phishing; someone close to you may have an ax to grind and want to destroy your reputation; accounts might be compromised to be sold on the black market (especially if they are valuable and coveted usernames), or blackmail and extortion might be involved.
Solution: If you notice activities you don't recognize but your password hasn't been changed yet, count yourself lucky. Check that the recovery email address or telephone number associated with your social media profile hasn't been changed without your knowledge, and then change your password as quickly as you can. Make sure you sign out of all other devices.
6. Your device is behaving strangely
Is your device overheating? Are you receiving strange pop-ups, or does your browser keep switching over to a website you didn't ask for?
Also: Your phone is sharing data without your knowledge – how to stop it ASAP
Solution: This problem is not necessarily due to malware or account intrusion. While both are potential answers, the strange behavior could be a hardware problem, an update issue, or even an environmental issue. Instead, consider which software might be causing the issue: are you receiving too many notifications? Is there an app that has permission to use your GPS 24/7, which is then draining your battery? Have you recently installed something new? Run a malware scan, but consider other factors, too.
7. You spot unknown apps, software, or devices
If an app or software has been granted access to your online account, it will typically be listed under settings, "authorized apps," or a similar section, depending on the service.
Apps you don't recognize could indicate an intruder or that your account is being quietly monitored. Permission must be granted to a third-party service to access an online account. If the intruder sits quietly — especially if sensitive permissions have been granted — this permission could put your privacy and security at risk.
This rule goes for devices, too, that suddenly appear to be connected to your online accounts.
Solution: Delete suspect apps immediately, and consider running an antivirus check for your security's sake. If you notice any apps you don't recognize are authorized to access other accounts or your data — such as an app granted permission to connect to your Google services — revoke access. You should also change the passwords for any accounts you think may have been compromised and sign out of all other devices to break any links.
8. Your bank statement shows purchases you didn't make
If you've been unfortunate enough to experience the compromise of a financial account, it won't take long before you know it.
Most banking and financial providers now have alert systems that flag suspicious transactions, and you may be warned via your mobile device, app, or push notification. However, smaller, test transactions may slip through the net.
Also: What is antivirus software and do you still need it in 2026?
When my card was cloned, the criminals behind it made small transactions to verify funds were available before making large purchases, giving me very little time to respond. If you spot strange transactions on your financial statements — no matter how small — you need to take action, and quickly.
Solution: Immediately contact your bank and discuss freezing your account or card. You will be advised on the best next steps by your financial services provider.
If you have received an email that appears to show unauthorized transactions, do not use the contact numbers, links, or email addresses in the message. Instead, visit your bank's official website for the right contact information, as this errant action could be a phishing attempt.
9. Online accounts are frozen, locked, or banned without warning
You may have violated the terms of service for an online account without realizing it, such as by using inappropriate language or because of your age. Or, you've been locked out of your account because someone else is in it.
Also: Treat your AI agents like eager but misguided human interns – before you lose control
Depending on the circumstances, the username and password combination to your account may have been leaked, you might have fallen for a phishing email, or your login details could have been stolen.
Solution: If your password has been changed, try to recover your account. When you signed up for the service, if you were asked to set a recovery email or phone number, you may be able to restore access this way — and if you do, change your password immediately.
You can also check Have I Been Pwned to see if your password was involved in a data breach. It's important never to reuse the same passwords across different services, as this approach increases the risk of you losing your online accounts.
Alternatively, you will need to reach out to your online service provider and find out why the ban occurred in the first place, and then you can try to appeal the decision in the hopes of having your account restored. However, depending on the severity of the situation — and how responsive the organization is — there's no guarantee that you will be successful. If the account in question has any stored payment details, refer back to step eight and take the same action to protect your bank balance.
10. You notice targeted advertising changes
Are the ads you are being shown seemingly far more personalized and relevant to you, your hobbies, interests, work, or search queries? Your online accounts are being monitored for profiling purposes.
Data is a valuable currency in business. Companies pay for our attention, our engagement, and our clicks. Data collected from us, including our online activities, social media usage, search queries, app usage, and more, can be used to create "shadow profiles" — detailed dossiers about who we are, our demographics, and topics that could mean purchasing decisions.
In a bid to create shadow profiles, organizations may monitor our email, social media, e-commerce accounts, and other online services.
Solution: While we can't stop online profiling, we can reduce the flow of information from our online accounts and devices, making it more difficult for organizations to collect, store, share, or sell records used to build detailed profiles of us and our interests. Consider using a VPN to encrypt and disguise your online traffic; audit your device's software and app permissions to reduce data collection; and turn off all personalized advert features in any software or online services you use (usually found in Settings).
Also: This silent Android feature scans your photos for 'sensitive content' – how to uninstall it
In addition, on smartphones, you can choose to delete or wipe your advertising ID, which will help break the link between you, your device, and marketers. Find this option in Privacy & Settings > 'Ads' tab in Android, and under Privacy & Security > Tracking in iOS.
Act now
The loss of an online account you only use casually, as long as it doesn't contain any sensitive or personal information such as your name, home address, or financial details, is more of an annoyance than a real risk — but this loss could also be a symptom of a bigger issue, especially if you are reusing the same username and password combinations across different online services.
If you are suddenly locked out of your main email address, social media profile, or banking app, you have a serious problem.
Don't wait. Acting quickly, as soon as you suspect your online account is being monitored or has been hijacked, can drastically reduce the damage a cybercriminal can do to you, your reputation, your privacy, your security, and potentially your financial status. If you need additional help, contact your account provider immediately.