'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
What to do if…
you find a new device listed as “trusted” on your Apple, Google, or Microsoft account
Short answer
Treat it as a possible account takeover: from a device you control, change the password and remove/sign out the unknown device and sessions right away.
Do not do these things
- Don’t click “security alert” links from email/text to fix this—go directly to your Apple/Google/Microsoft account settings instead.
- Don’t assume “trusted” means safe; attackers can add their device as trusted.
- Don’t remove the device but leave your password, recovery email/phone, or MFA methods unchanged.
- Don’t do account recovery on a shared/work-managed/public computer if you can avoid it.
- Don’t rush into wiping your phone/laptop if it’s your only MFA device—you can lock yourself out.
What to do now
-
Switch to a safer login situation (30 seconds).
Use your personal phone/computer on a trusted network. If you’re worried that device is compromised, use a different device you control and a fresh browser session. -
Lock the account down first (password + MFA).
- Change the password to a long, unique one.
- Turn on (or re-check) multi-factor authentication (MFA). If available, prefer authenticator apps or passkeys over SMS.
- Before removing any sign-in methods, make sure you still have at least one method you control (so you don’t lock yourself out).
-
Remove the unknown “trusted” device and sign out sessions.
- Apple: review your Apple Account device list/trusted devices and remove anything you don’t recognize.
- Google: in Google Account Security, review Your devices and sign out anything unfamiliar.
- Microsoft: remove/unlink unfamiliar devices from your Microsoft account devices list, and use “sign out everywhere” if you suspect unauthorized access (it may take up to about a day to fully apply—keep going with the steps below in the meantime).
-
Confirm recovery details and trusted methods are yours.
Check and correct: recovery email(s), phone number(s), backup codes, passkeys/security keys, and remembered/trusted browsers/devices. Remove anything you didn’t add. -
Check for “keep access” settings and connected apps.
In the affected email/account settings, look for: forwarding addresses, rules/filters, and third-party app access you don’t recognize. Remove them. -
Quickly check for financial or identity impact.
- Review recent sign-ins/security events.
- Review purchase/subscription history tied to the account.
- If any card/bank info was used, contact your bank or card issuer using the official number on your card or statement.
-
Preserve a small amount of evidence (without spiraling).
Screenshot the unknown device entry and recent login/security event details. Note dates/times. -
If there’s fraud or loss, report through the common U.S. channels (type the official site address yourself).
- For cyber-enabled fraud/scams or money loss connected to the takeover, you can report to the FBI’s IC3.
- For consumer recovery steps for hacked accounts, use the FTC guidance (and if you suspect identity theft, follow the pathway from there to IdentityTheft.gov).
If you’re in immediate danger or a local crime is actively in progress, call 911.
What can wait
- You don’t need to reset every password you’ve ever used right now—start with the affected Apple/Google/Microsoft account and any email it can reset.
- You don’t need to contact everyone immediately unless messages were sent from your account.
- You don’t need to factory reset devices unless there are strong signs of malware; focus first on account access control.
Important reassurance
This is fixable. Unknown “trusted” devices often come from password reuse, phishing, or automated credential-stuffing attempts. A careful sequence—secure access, remove sessions/devices, then lock down recovery and MFA—usually stops the takeover.
Scope note
These are first steps to prevent immediate harm. If this account is tied to work, school, or a family organizer role, involve the appropriate IT/admin support next and secure any linked accounts.
Important note
This is general information, not legal or professional advice. Account settings and labels vary by platform and update over time; type official site addresses into your browser instead of using links from alerts.
Additional Resources
- https://support.apple.com/en-us/102649
- https://support.google.com/accounts/answer/3067630?hl=en
- https://support.microsoft.com/en-us/windows/manage-devices-used-with-your-microsoft-account-d4044995-81db-b24b-757e-1102d148f441
- https://support.microsoft.com/en-us/account-billing/how-to-sign-out-of-your-microsoft-account-everywhere-58da4a74-a719-43a6-9dd0-74a7e613229f
- https://consumer.ftc.gov/how-recover-your-hacked-email-or-social-media-account
- https://www.ic3.gov/
- https://www.cisa.gov/topics/cybersecurity-best-practices/multifactor-authentication