Lessons from the Gmail Hack

6 Lessons from the Gmail Hack

Imagine receiving an email in your Gmail inbox from a friend. The subject line pertains to something you’ve been discussing recently, and there’s an attachment you’ve been expecting. So you click on the attachment and for some reason a new tab opens up, prompting you to sign in again to your Gmail account. Must be some sort of glitch, you think, so you re-enter your username and password.

You’ve just been hacked. And now that the hackers have your email login information, they can steal all the private information contained in all the emails you’ve ever sent or received.

This particular hack has been hitting Gmail users for months, and it’s just one example of many increasingly sophisticated phishing scams in which criminals use highly believable emails to steal people’s identity, credit card details, and other private information.

Fortunately, there are six quick and easy steps you can take right now to strengthen your email security and make sure you don’t become a victim.

Tip #1. Set Up Multifactor AuthenticationMost people log in to their email by entering a username and password. It’s fast, it’s easy … and it’s not safe because hackers only need those two pieces of relatively easy-to-acquire information to break into your account.

Multifactor authentication is far more secure because, in addition to entering your usual login information, you’re asked to confirm your login, typically by entering a code sent to your mobile phone. Every major email provider offers a form of multifactor authentication, including Gmail, which offers a simple description and setup process that takes about one minute.

Tip #2. Check Your Login HistoryDo you think someone may be logging in and using your email account? Outlook, Gmail, and other email providers make it easy to find out by viewing your account history, where you can see when users have logged in to your account and from what IP addresses.

Gmail also allows you to set up alerts that will show up on your inbox screen when unusual account activity occurs, such as simultaneous logins from different IP addresses.

Tip #3. Update Your BrowserThe latest browser versions contain the latest security updates, so it is vital that you keep your browser up-to-date.

To find out if you’re using the latest version, go to whatbrowser.org, and the page will either tell you “This is the most current version”—meaning you are all set—or “There is a newer version.” To begin downloading the new version, simply click on the “Update your browser” link.

Tip #4. Recognize Bad URLsThe Gmail hack wouldn’t work if people didn’t enter their username and password on a fraudulent website. To avoid doing that, always check the location bar in your browser to make sure the URL is valid and secure.

Secure website URLs—sites where you log in or enter payment information, for instance—should begin with “https://.” (In the Gmail hack, the URL begins instead with “data:text.”) Depending on your browser, the “https://” may be green and there may be a padlock symbol, which provides added assurance the site is trustworthy.

Tip #5. Explore What’s PossibleEvery email provider offers slightly different security protocols, and the protocols are updated over time. To make sure you’ve implemented all the latest measures, simply run a web search such as, “Gmail security tips” or “Outlook security settings,” and click on the official provider web page that lists all the security measures you can take right now.

Tip #6. Don’t Assume Your Email Is SafeFinally, and perhaps most importantly, it is important to realize that our emails are not completely secure no matter what actions we take. As hackers become more sophisticated, and their phishing emails more believable, the best we can do is to take every step possible to make it extremely difficult for them to break in—while also making ourselves as informed as possible so we don’t let them in accidentally.