PanicStation.org
UK USA
us Technology & digital loss apple id new device • apple account device added • google account new device • google account device setup • unknown device signing in • sign-in alert right now • someone logging into my account • account takeover in progress • suspicious login notification • new phone added to account • new laptop added to account • my account is being used • device added message • unexpected security alert • someone has my password • remove unknown device • sign out of all devices • change password immediately • two factor authentication prompt • google security checkup device

What to do if…
your Apple ID or Google Account shows a new device being set up right now

Short answer

Assume someone is trying to take over your account: deny the sign-in (if possible), change your password immediately from a trusted device, then remove/sign out unfamiliar devices and lock down recovery options.

Do not do these things

  • Don’t approve any prompt you didn’t personally start.
  • Don’t tap links in alert emails/texts to “secure your account” — go directly to Settings (Apple) or your Google Account security page.
  • Don’t enter your password into pop-ups or lookalike pages.
  • Don’t reuse an old password or a slightly modified one.
  • Don’t stop after changing the password — persistence often happens through recovery info, sessions, forwarding, or connected apps.

What to do now

  1. Use a trusted device and a trusted connection.

    • Use your main phone/computer (one you recognize and control).
    • If you’re on public Wi-Fi, switch to cellular or a trusted network before making changes.

  2. If you see an on-screen sign-in alert, deny it.

    • Apple: tap “Don’t Allow” on any sign-in notification you don’t recognize.
    • Google: tap “No, it’s not me” / “Deny” on the security prompt.

  3. Change your password immediately (trusted device only).

    • Apple Account: change your password from Settings on your iPhone/iPad/Mac (menu names vary by version).
    • Google Account: change your password from your Google Account security settings.
    • Make it brand-new and unique (not used anywhere else).

  4. Do the “lockdown trio” immediately: devices/sessions, recovery info, stealth access.

    • Devices/sessions
      • Apple: review your Apple Account device list and remove anything you don’t recognize.
      • Google: Security → Your devices → Manage all devices and sign out of anything you don’t recognize.
    • Recovery info
      • Apple: confirm your trusted phone number(s) and trusted device(s) are yours.
      • Google: verify your recovery email and recovery phone are yours; remove anything unfamiliar.
    • Stealth access checks
      • Gmail: check for unfamiliar forwarding and filters/rules.
      • Review connected third-party apps/services and remove anything you don’t recognize.

  5. Check for account detail changes you didn’t make.

    • Look for unfamiliar email addresses, phone numbers, or sign-in methods added to Apple/Google.
    • If your phone suddenly lost service or you got SIM/number change messages, contact your mobile carrier promptly — treat it as potentially related.

  6. If finances could be exposed, do a quick damage check.

    • Check recent purchases/subscriptions and saved payment methods tied to Apple/Google.
    • If you see unauthorized charges, contact your card issuer/bank immediately.

  7. If you can’t regain control quickly, use official recovery/support paths (avoid fakes).

    • Use Apple/Google’s official account recovery steps from a trusted device.
    • Be cautious with search results: scammers imitate recovery pages. Prefer typing known official addresses or using in-app Settings routes.

  8. If identity theft or cyber-enabled fraud is involved, report and document.

    • Use IdentityTheft.gov if your identity was misused.
    • Consider reporting to the FBI’s IC3 if money was stolen/attempted or you have a significant cyber-enabled fraud incident.
    • Keep a simple note now: when you got the alert, what changed, and screenshots if safe.

What can wait

  • You don’t need to figure out how they got in before you secure the account.
  • You don’t need to contact the unknown device/user.
  • You don’t need to factory reset your phone right now unless official support specifically tells you to.
  • You don’t need to make big decisions immediately — the priority is stopping access and preventing re-entry.

Important reassurance

Seeing “a new device is being set up right now” can trigger instant panic — that reaction is normal. You’re not trying to solve everything today; you’re trying to stop access and prevent a quick repeat.

Scope note

This covers first steps to interrupt an in-progress sign-in and prevent immediate harm. If you see repeated re-entry, multiple accounts impacted, or financial loss, you may need deeper recovery with Apple/Google and your financial institutions.

Important note

This is general information, not legal or professional advice. If you’re unsure whether a prompt is legitimate, the safest move is to deny/close it and go directly to account settings on a trusted device.

Additional Resources
Support us