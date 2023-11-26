Gmail is a valuable target for cybercriminals, has your account already been hacked? SOPA Images/LightRocket via Getty Images

With over 1.8 billion active accounts, Gmail is not only one of the most used services online, but also one of the most targeted by hackers. It’s not hard to see why, as Gmail absorbs almost half of all email client usage in the US market share. Compromise a Gmail account and a threat actor, whether their objective is criminal gain or surveillance-driven, can expect to obtain a lot of information to help their cause: from password reset notifications to online transactions. Everything down to the details.

That’s why it’s so important to take basic steps to secure your Google account.

Not all Gmail hackers will change your password

Not all Gmail hackers will change your password and instantly lock you out of your Google account. Although this gives them time to exfiltrate valuable data and potentially reset passwords for other online accounts and services, it is not the only option available to the threat actor. In fact, if the person is interested in surveillance a covert long-term approach may be far more beneficial. Such a tactic depends on the account holder not knowing that an unauthorized person is accessing their Gmail. Thankfully, there are some easy ways to check this. There are only three of them here.

Check Gmail Account Activity

Gmail account activity quick check Dewey Winder/Google

Scroll to the bottom of your Gmail inbox and find a feature called Last Account Activity. It will instantly inform you about the time of last access to Gmail and whether it is being accessed from a different location. However, you have to click on it to open the entire Activity Monitor to get the full access picture. It will then reveal all access dates and times as well as the user’s IP address and the device or application they are using. Get into the habit of checking it every time you use Gmail and you’ll be able to quickly identify any unauthorized access. Importantly, you can also log them out. You can then change your password and activate two-factor authentication to keep them away. Google will also send notifications about any unusual sign-ins to your account, new devices added to your account, or changes in security settings. These will also go to your recovery email, so make sure you keep it updated and access it regularly.

Click to get actionable details of Gmail user activity Dewey Winder/Google

Check for changes in Gmail forwarding

Go to your Gmail settings and click on the Forwarding and POP/IMAP tab. This will reveal all the addresses where the incoming email is being forwarded. An attacker could use this to obtain a ‘silent copy’ of all your incoming emails without changing your password and without alerting you to the compromise. Most users never go that deep into Gmail settings because it is too technical for them and Gmail is so popular because it is also very easy to use. However, like the Recent Account Activity feature, I would recommend that you get into the habit of checking your forwarding status regularly. This is also where someone can add access to a third-party email client using the POP or IMAP protocols, which, combined with your account password, also gives them secret access to your inbox.

Don’t forget to check forwarding options regularly Dewey Winder/Google

Check Google Account Security

Google provides a freely available and powerful tool to check the security of your account. Google Account Security Check brings together several valuable options for securing access to Gmail. Here, you can find out if there have been changes to account recovery options, applications and services that have been granted access to your account, whether you have activated 2FA and what system and sensitive Gmail settings you have set to provide it. are using it. The latter may also include reply-to addresses that are different from your account’s default, sent addresses that are different and any addresses that have been blocked and therefore go straight to your spam folder. For example, blocking security warning addresses would be an easy way to prevent unauthorized activity from going unnoticed.