If you use email for either professional or personal reasons, you likely have a Gmail account. With more than 1.5 billion active users across the world, Gmail is only rivaled by Apple Messages for iPhone, whose market share is almost equal to Gmail’s.
But Gmail isn’t just popular with email users. Hackers tend to target the apps and devices the majority of the market is using. If you have a Gmail account, it’s important to know the security risks you face so that you can take measures to protect the information you share in emails each day.
Google gives you a head start when it comes to securing your email. The software does have some protections built in, and your emails are backed up. But since human error is one of the top reasons for security breaches, it’s easy to see how important it is to learn how to keep your information safe.
Here are some of the top risks your Gmail account faces:
- Phishing – According to Kaspersky, Google’s bundle of apps are the sixth most popular targets for phishing attempts. For the purposes of the study, Kaspersky bundled Gmail with YouTube and Google Drive, along with the rest of the G Suite. Kaspersky measured 1.5 million phishing attempts directed at Google solutions.
- Malware – Each week, Google monitors the 300 billion attachments that come across its servers. Those attachments are hotspots for malicious software. All you have to do is click, and you’ve downloaded a virus to your device. The company uses artificial intelligence to detect malicious downloads, but there will inevitably be some that slip through. According to Google, 56 percent of the malware Gmail users face comes from Microsoft Word documents, while only 2 percent comes from PDF files.
- DDoS attacks – Distributed Denial of Service attacks have become increasingly common, taking top websites out of commission for hours or even days. The June 2019 Google outage due to network congestion was an example of what users could go through if Gmail ever suffered a DDoS attack. Although there’s not much you can do to protect yourself against such an attack, since it’s deliberately directed at the service provider, it’s important to stop and think about what you’d do if Gmail went down for hours or days at a time. Do you have a backup of your important contacts? Is there an alternate way you can communicate with business associates?
- Brute-force attacks – With a brute-force attack, a hacker infiltrates a network by guessing passwords. The good news about Gmail accounts is that these attempts are generally unsuccessful. Gmail has made it tough for brute-force attacks to be effective due to the technology Google has going on behind the scenes. The service uses a variety of methods to determine whether to block a login attempt, including the location and IP address of the device and the number of failed tries.
- Stolen passwords – Phishing is only one way your password can be stolen. If a keylogger virus is downloaded to a device, for instance, the password could be lifted after you input it. Your password could also be stolen locally. If you write it down on a sticky note that you attach to your computer, it could be stolen. Logging into public Wi-Fi without using a VPN could also lead to password theft. Lastly, someone could simply be watching nearby as you type in your password while you’re in a public place.
Now that you know the risks, we’re here to give you some tips to help you stay safe. Scroll down to read our answers to some of the most frequently asked questions about Gmail security.
Is Gmail Safe and Secure?
The short answer is: “yes.”
Now for the details. Gmail uses a variety of state-of-the-art technologies to keep the data on its network safe. Transport Layer Security (TLS) encryption means your email is somewhat safe both during transport and while they are at rest on your server. If you enable two-factor authentication, your account is protected against unauthorized account logins. Google is also regularly tweaking things on its end to ensure that hackers can’t access your data.
The biggest issue with Gmail isn’t what outsiders can see. What can Google see? Some experts in recent years have voiced concerns with the access the company has to the many emails coming across its servers each day. Obviously, if you commit a crime, Google will comply with requests from law enforcement to go through your emails. However, you might be concerned with what the company is collecting from the information you’re receiving and sending. Carefully checking the privacy policy and keeping an eye on what experts are saying can help you stay on top of things.
How Do I Check My Security on Gmail?
If you haven’t recently, you should run a security checkup on your account. Google will take a quick look at your account and let you know of any issues you need to address. This tool is designed to look at the passwords you’ve saved in Chrome, inactive devices that have access to your accounts, and issues with your Gmail settings that need to be addressed. You can run a security checkup here: https://myaccount.google.com/security-checkup.
You can also manually check your security settings. In your Gmail window, choose Settings in the top-right corner. Check the following tabs:
- General – Do a quick check of your signature and vacation responder to make sure they say what you want them to say.
- Accounts and Import – Scroll down to “Send mail as” and make sure the address is the one you want to show when you send an email. Below that, you’ll see “Grant access to your account.” Verify that you’re okay with anyone who has been granted access to read your emails. Finally, click on the subtab at the top of that tab that reads “Check mail from other accounts (using POP3).” Make sure all the emails listed there are yours.
- Filters and Blocked Addresses – Review this list and make sure you aren’t forwarding emails anywhere you don’t want them to go. Also check filters that delete certain emails.
- Forward and POP/IMAP – Check here to make sure emails aren’t being forwarded to an unwanted account. Also make sure your POP and IMAP settings are correct.
How Do I Secure My Gmail Account?
Google recommends taking the following steps to help protect your account:
- Make sure your recovery email and phone number are up to date. If your account is compromised, Gmail will use this information to confirm you are who you say you are. To check this information, go to https://myaccount.google.com/personal-info, and verify that your alternate email address and phone number are correct.
- Turn on two-step verification by going here: https://myaccount.google.com/signinoptions/two-step-verification. You’ll need to have the secondary device connected to your Google account – usually a cell phone – to verify that you are the person trying to log into your account.
- Manage third-party apps – In one click, you can check which third-party apps are accessing your Gmail account. Check this and turn off any unnecessary connections here: https://myaccount.google.com/permissions.
- Use complex passwords that are difficult to guess.
Can My Gmail Account Get Hacked?
Any internet-connected service can be hacked. The important thing is protecting your account, recognizing when suspicious activity has occurred, and taking quick action to make sure your account is protected.
What Happens If Someone Hacks Your Gmail Account?
In some cases, you won’t even know your account has been hacked. The best action you can take is to make sure your account is protected. NordVPN recommends checking the following if you suspect something might be going on with your account:
- In the very bottom right-hand corner of your Gmail web browser, you’ll see a small link that reads Details. Clicking on that link will open a window that will show you all the recent activity on your account, including logins from unknown devices.
- Click on your profile picture in the upper-right corner and choose Manage Your Google Account. Click on the Security tab and scroll down to see any recent security events on your account.
In addition, make sure you’ve conducted the security checkup steps mentioned above.
Can I Recover My Gmail Account?
If you’ve made sure your contact information is up to date, as described above, you’ll be able to recover your account whether it’s been compromised or you’ve simply forgotten your login information. Here are the steps for recovery for various scenarios:
- Forgotten password or email sign-in – You can recover your lost password or sign-in email here: https://accounts.google.com/signin/v2/recoveryidentifier.
- Hacked or compromised account – Google walks you through the process of recovering a hijacked account here: https://support.google.com/accounts/answer/6294825. If you can’t sign in, you’ll need to answer some questions to verify that you are the rightful owner of the account.
- Recover a deleted account – If your Gmail account has been deleted, Google can help you get it back. You’ll need to click here and answer some verification questions.
For best results, use the device you typically use with your Gmail account, at least temporarily. Once you’re back in, you can switch to the new device and use the old device to authenticate you.
How Is Gmail Backed Up?
Although Google backs up data on its own servers, it isn’t constant. The email you’re sending or receiving now is not backed up immediately. Also, the backups are done on Google’s servers, not your devices, which means that the safety of your data is 100 percent in Google’s hands. Chances are, your emails are safe, but if you want to be extra cautious, you should back up the most important emails.
Can I Back Up My Gmail Emails?
First, take a look at your inbox and ask yourself which emails you’d really want to save. Chances are, your contacts and communication history are the most important. You can easily back up your Gmail address book by going to your contacts, choosing the contacts you want to save, then choosing Export. You can download them as a CSV and save the file to your device or your favorite cloud backup service.
You may also find your attachments worth saving. Make it a practice to download every important document as soon as it arrives in your inbox. This will give you more control over how they’re backed up.
If you want to back up your entire Gmail account, there are apps that can help. Spinbackup and Cloudsync are two apps that can give you a hand with that.
How Do I Back Up My Gmail to Another Gmail Account?
You may feel overwhelmed by the size of your current Gmail account. Backing the important emails up to a separate account can be an option. Of course, this won’t help you if Google someday loses all the emails it’s holding for you, but it can be a great way to start over in a separate space. It can also be an easy way to only back up the most important messages.
To back up your Gmail account to another Gmail, create a new Gmail account or log into an existing secondary account where you want to send the emails. You’ll then need to download the Save Emails app from the Google Workspace Marketplace. Once you have that in place, follow these steps in the new Gmail’s browser window:
- Go to Settings and select the Accounts and Imports tab.
- Select Import Mail and Contacts.
- Type in the email address of the Gmail address with the emails you want to import.
- You’ll just need to sign in and follow the prompts to move your emails over.
Why Am I Getting a Google Security Warning?
One of the best things about Google is that its technology is always working behind the scenes to detect anomalies. If Google detects unusual activity on your account, you’ll get an email or text alert letting you know.
Typically, you’ll see these alerts when you’re logging into a new device. Even if that’s the case, though, make sure you take a second to review the alert and confirm everything looks okay. You can respond within the alert if the device, login name, time, location, or other details look suspicious. Just let Google know by answering. You may have to change your password. You can manage your security settings at any time by going to https://myaccount.google.com/.
How Do I Protect My Privacy on Google?
As with security, Google has a quick way to do a checkup on your account for privacy. This relates more to Google Chrome than Gmail and other apps, but you’re automatically logged into your Google account when you log into your Gmail. To run a privacy checkup, go to https://myaccount.google.com/privacycheckup and take action on any issues that are found.
If you’re concerned about your privacy, you can go to https://myactivity.google.com/activitycontrols and manage what data is collected on you while you’re using any of Google’s apps. Although you can lock down your settings so that information isn’t being gathered, it’s important to note that Google uses this to personalize your experience. By toggling it off, you may not get recommendations of videos that might interest you the next time you visit YouTube, for instance.
One area you may want to target is the Ad Personalization section. Google uses the information gathered on you to deliver ads that are geared toward your interests. You can turn this off altogether, but first it can help to go to https://adssettings.google.com/authenticated and view the data that’s being used to send ads your way.
For Gmail specifically, you may simply want to turn off the automatic Google login that happens every time you log into Google. If you routinely log into Gmail on other devices, this is a great way to make sure your Gmail account isn’t automatically logged in wherever you go. To turn off automatic Google login, click on the three dots in the upper-right corner and choose Settings, Sync and Google Services, and then toggle off Allow Chrome sign-in.
How Do I Send a Secure Gmail Attachment?
Concerned about keeping your attachments secure? Google’s confidential mode will help protect your attachments and messages against prying eyes. To send emails in confidential mode, look in the bottom taskbar of your Compose form when you’re writing or responding to an email. You’ll see an icon of a clock over a lock. Clicking this will toggle on Confidential mode, which will let you add an optional passcode and expiration date to the email. You’ll need to input the recipient’s phone number so that the passcode can be sent via text message.
What Is Gmail Phishing?
Phishing occurs when a fraudster tries to steal your credentials by posing as a legitimate provider. So, in the case of Gmail, you might get an email or text asking you to reset or verify your username and password. The message could look as though it was sent by Google, but in reality, it’s a third party.
How Does Gmail Detect Phishing?
Gmail uses its own software to identify suspicious messages. In many cases, this content will be moved directly to your spam folder. This technology isn’t perfect, though. To help refine it, if you see an email that appears to be a phishing attempt, reporting it can help improve the technology. You should also glance at your spam folder every now and then to make sure legitimate messages aren’t being moved there.
How Do I Stop Gmail Phishing?
If you receive a message about one of your accounts requesting you click over and give sensitive information, the best thing to do is close the message and go directly to your account to see if there are issues you need to address. If a phishing email appears to have come from a Gmail address, you can report the violation here: https://support.google.com/mail/contact/abuse.
Does Gmail Have Two-Factor Authentication?
Two-factor authentication is an integral part of Gmail’s security precautions. If it isn’t already enabled, you should set it up right away to protect your account against phishing and unauthorized logins to your account.
Google offers two forms of two-factor authentication:
- Security keys – This is the most secure option. You’ll be issued a security key, usually through your account-connected phone. Someone who doesn’t have that key wouldn’t be able to log into your account.
- Google prompts – If you have an Android phone, you can use this to log into your account.
How Do I Enable Two-Factor Authentication in Gmail?
To turn on two-factor authentication in Gmail:
- Go to https://myaccount.google.com/.
- Click on the Security tab.
- Scroll down to Signing in to Google and toggle 2-Step Verification to “on” if it’s off. Follow the steps to get started.
How Can I See What Apps Have Access to My Gmail?
Over time, a Gmail accountholder will often allow third-party access to items like your calendar and contacts. While this can make it easy to interact with friends on these apps, you’ll want to check periodically to ensure only apps you’re currently using have access.
To view third-party access to your account, go to https://myaccount.google.com/security and view the apps that have access. If you want to move or adjust the rights of these apps, click on Manage third-party access. Here, you’ll see what access these apps have. You can also click on any of the apps to remove access.
Pulling It All Together
If you have multiple accounts, keeping up with them all can be challenging. Shift brings all your accounts together in one place, from Gmail to Slack to Trello and more. Best of all, you can quickly toggle between Gmail accounts without logging in. Shift keeps your data private and secure while freeing up time that you would normally spend fumbling around on your desktop.
Take a look at Shift’s integrations and see how we can help you bring all your apps together in one convenient dashboard.