PanicStation.org
UK USA
uk Technology & digital loss unknown trusted device • new trusted device apple id • apple account trusted device • google account unfamiliar device • microsoft account unknown device • device you dont recognise • someone added a trusted device • signed in on another device • account takeover warning • account security alert device • strange device in account • new login device listed • security settings changed • 2fa device added • passkey device added • trusted computer added • i think my account is hacked • unexpected device in devices list • new phone in trusted devices • new laptop in trusted devices

What to do if…
you find a new device listed as “trusted” on your Apple, Google, or Microsoft account

Short answer

Assume your account may be compromised: secure access from a device you control, change your password, and sign out/remove the unknown device right away.

Do not do these things

  • Don’t “test” by messaging the attacker, replying to alerts, or clicking links in emails/texts about the device.
  • Don’t remove the unknown device only and stop there (it may reappear if the attacker still has access).
  • Don’t reset your password on a device you don’t fully trust (shared, work-managed, or one that might be infected).
  • Don’t ignore small changes (new recovery email/phone, forwarding rules, new passkeys) just because nothing has been stolen yet.
  • Don’t factory reset your phone/laptop as your first move if you rely on it for sign-in codes—you can lock yourself out.

What to do now

  1. Move to a safer login setup (30 seconds).
    Use a device you control (your phone or personal computer). If you’re unsure it’s clean, use a different trusted device, and avoid public Wi-Fi.

  2. Secure the account first (password + 2-step).

    • Change the account password to a long, unique one you’ve never used before.
    • Turn on (or re-check) two-factor authentication / 2-step verification. Prefer an authenticator app or passkeys if available.
    • Before removing any sign-in methods, make sure you still have at least one method you control (so you don’t lock yourself out).

  3. Remove the unknown “trusted” device and sign out sessions (do this even if it looks “offline”).

    • Apple: check your Apple Account device list/trusted devices and remove anything you don’t recognise.
    • Google: in Google Account Security, review Your devices and sign out anything unfamiliar.
    • Microsoft: go to your Microsoft account Devices list to remove/unlink devices; also use “sign out everywhere” if you suspect unauthorised access (this can take time to fully apply).

  4. Check (and fix) recovery options so the attacker can’t get back in.
    Look for changes you didn’t make to: recovery email(s), phone number(s), backup codes, passkeys, security keys, and “remembered/trusted” browsers. Remove anything suspicious.

  5. Check for “silent access” changes that let them keep control.
    In email settings for the affected account(s), look for:

    • auto-forwarding addresses
    • mailbox rules/filters you didn’t create (e.g., “mark as read”, “archive”, “delete”)
    • new connected apps / third-party access you don’t recognise
      Remove anything suspicious.

  6. Check for money/identity impact quickly (10 minutes).

    • Review recent sign-in activity and recent security events.
    • Check purchase history/subscriptions (App Store/Google Play/Microsoft/connected payment methods).
    • If any bank/card was used or exposed, contact your bank/card provider promptly using the number on the back of your card or official banking app.

  7. If you might be locked out soon, capture evidence without going deep.
    Take screenshots of the unknown device entry, recent sign-ins, and any changed recovery details. Keep brief notes of dates/times.

  8. If you lost money or there’s clear fraud, report it to the right UK place.

    • England, Wales, Northern Ireland: report via Report Fraud.
    • Scotland: contact Police Scotland (101 for non-emergency).
      If a crime is occurring now or there’s immediate danger, call 999.

What can wait

  • You do not need to decide today whether you’ll change every account you own—focus on the affected Apple/Google/Microsoft account and anything it can reset (especially your email, banking, shopping).
  • You do not need to post publicly, warn everyone immediately, or write a long explanation.
  • You do not need to wipe devices unless there are strong signs of malware; it’s usually better after you’ve secured access and backed up essentials.

Important reassurance

Seeing an unknown “trusted” device is a common sign of account takeover or credential reuse—it’s often automated and not personal. Acting quickly and methodically (secure access → remove device/sessions → lock down recovery) is usually enough to stop it.

Scope note

These are first steps to stabilise the situation and prevent immediate harm. If this account controls work systems, family accounts, or significant money, you may need specialist IT support or your organisation’s security team next.

Important note

This is general information, not legal or professional advice. Platform screens and names can change; when you need to sign in, type the official site address into your browser rather than using links in messages.

Additional Resources
Support us