With the disturbing news that hackers could breach Gmail with a 92 percent success rate, Gmail users are wondering how to tell if they’ve been hacked, and what to do if their account has been compromised. While this particular style of Gmail hack was done by security researchers, rather than malicious hackers, it is still disturbing. Here’s a quick primer on how you can tell if someone has hacked your Gmail, and some good advice about protecting yourself online.
1. Take Stock of Your Digital Life
The best way to ensure that you catch any hacking activity related to your Gmail account is to take a regular look at every aspect of your digital life that’s connected to your email. If your account password for Gmail has been cracked, and you use that password elsewhere, you are at risk for further security threats. It’s also worth checking with your friends periodically to see if they have received any spammy-looking emails from you lately. If they are getting emails from your account that you never sent out, there may be something wrong with your Gmail.
InfoWorld has a great list of 11 common signs of being hacked. Among them are frequent pop-ups, unexpected password changes, and redirected Internet searches.
2. Check Your Email Address Against a Registry of Compromised Addresses
There are several services that will let you enter your email into a search box, and then cross-reference that address against addresses that are known to have been compromised by hackers. Two of these sites are BreachAlarm and Have I been pwned?, the latter of which also lets you check other online accounts like Gawker or Snapchat. If you get a red flag, you will get more details about when and how your Gmail account was compromised.
3. Check Your Last Account Activity
The video above Kaspersky offers an overview of Gmail’s security settings.
Google offers a tool that lets you check your last account activity. This is a quick way to expose whether someone has accessed your email without your knowledge. To see activity for your entire Google Account, go to security.google.com. From there, just click Recent activity under “Security,” and you can see the IP addresses of the last 10 people who accessed your Gmail account.
4. Take Action to Secure Your Account
This Google page has directions for securing your account if you believe your Gmail has been hacked. There are different options available to you, depending on whether you can still log in to your account. You may need to fill out Google’s account recovery form.
5. Make Your Gmail Harder to Hack
Matt Cutts, the head of Google’s Webspam team, has a number of suggestions for making your Gmail account more secure. In addition to enabling two-factor authentication, he suggests checking your inbox for any changes to your forwarding filters:
“If hackers get into your Gmail, sometimes they’ll create a rule that forwards all your email to them. To check your filtering rules, in Gmail click on the gear icon in the top right, then select Settings from the drop down. Click on the link for “Filters” and just check whether there’s any rules that look suspicious to you.”
6. Regularly Update Your Password
Check out the video above from Sophos to get some tips on creating stronger passwords.
You should change your Gmail password on a regular basis. This article from Lifehacker suggests that changing your password every 30 and 180 days is the security industry standard recommendation. This is particularly important for Gmail users who have opted not to use two-factor authentication.