Have you ever had your Gmail account hacked? If not, you’re lucky. But it happens, 1 out of 4200 emails sent in 2020 was a phishing activity.
Considering that 306 billion emails were sent in the same year, it means a whopping 72 million were phishing-related.
Keeping your Gmail secure isn’t a request anymore. You don’t want anyone to access your personal information or compromise important company conversations and files. That said, here are our top eight tips on keeping your Gmail secure and avoiding email spoofing:
Enable Gmail's Spam Filters and Phishing Warnings
Enabling spam filters and phishing warnings is critical because Gmail doesn't allow them by default. So if you haven’t enabled them, your email security is currently vulnerable to phishing attacks.
Phishing is a method in which bad actors attempt to trick people into sharing sensitive data via fake messages. This is through impersonating legitimate companies or trusted individuals in their emails.
These scammers often prey on fear and anxiety to get recipients to comply with their requests. For example, someone might send an email pretending to be from PayPal saying that your account has been breached and asking for personal information.
Or they might send an email pretending to be your employer claiming that you're about to lose your job if you don't follow particular instructions first (like clicking a link or downloading a file).
To avoid becoming prey, enable the spam filters and phishing warnings designed by the tech giant. Moreover, to stay safe and secure, run a DMARC report analyzer and protect your mailing activities. Also, check any suspicious attachments with a file virus scanner for an added layer of phishing protection.
Most private users will be fine with Gmail, but Gmail could also be used as a company email address. This will allow you to professionally send through your own domain and have a bigger inbox. It is even possible to send newsletters through Gmail (on small scale, it isn’t advised to send bulk email through Gmail).
Check the Sender's Email Details
Simply checking the sender’s name and email address can save you and your email security from incoming danger.
An email can be spoofed so that it appears to come from a legitimate address. But if you hover the cursor on the sender's name or click on their name, you can see the actual address used for sending the message.
Spoofed emails may come from a very similar-looking sender, but not the same. For instance, if you have a particular podcast that you love, the podcaster may send you weekly or bi-weekly alerts of new episodes. With a smaller presence like this, a spoof email may be sent. We’ll use Joe Rogan as an example.
The emails you usually get may be:
But email spoofing would come from:
“Joe@JoeRogan.co” or “Joe@JoeRogan.net”
It all depends on how many domains the podcast owner has purchased associated with their brand.
Plus, you should check whether the content of an email is consistent with previous emails from this sender. The tone could be different; for example, a personal mail may suddenly seem more formal or didactic than usual. If there is anything that makes you feel suspicious about an email, do not open it!
Check the spelling and grammar of an email as well. Spamming robots are known to make mistakes when generating text that seems human-like.
Review Login History
Google collects data on all of your account activity. You can see which devices you have used for logging into Gmail. This includes the location and time you logged into your account.
If you notice any strange or scary activity such as logins from an unfamiliar geographic location or device you’ve never used before, it could be a sign that someone is trying to access your account without your knowledge.
If that happens, change the password for your Gmail and Google accounts immediately. This will prevent further unauthorized access to all information stored in both accounts.
Don't Reveal Personal Information Via Email
Your email can contain sensitive information like address, social security number, bank account, or credit card details. But you should only share the information you are comfortable with.
For example, providing your shipping address for an online order or providing a bank account for automatic payments is okay.
Sometimes it's not apparent what personal information you share in an email. When signing up for something online, be aware of what information you are sharing and whether that could threaten your Gmail account security. Make sure to follow all other smart online safety practices as well.
Use Strong Passwords
It may seem obvious, but it can't hurt to start with the basics. It would be best to choose a strong password that's not easy for others to guess or figure out. Your best bet is to use a password manager that generates and stores hard-to-break passwords.
Passwords long (at least 12 characters), random, and unique (not used anywhere else) are significantly more complex to crack than those short and familiar.
If remembering a complicated password seems like a challenge, consider using a passphrase instead of just one word.
A simple way to create a strong password is by stringing three or four familiar words together as an easy-to-remember phrase. Don’t forget to mix in capitalized and lowercase letters, numbers, and symbols!
For example, if your favorite series on Netflix is the Designated Survivor, your password can be DesiSurv@12345 or something on that line.
Also, keep in mind that your name or username should not be part of your password. Why? usernames are usually available for anyone who knows the email address associated with them. But don't worry, there are a lot of username generators out there.
And don’t use any personal information either. If you do, this could open up an avenue for hackers who have access to information about you on social media networks and websites like LinkedIn or Facebook.
Lastly, make sure you change your password regularly! Most experts recommend changing passwords at least once every 30 days, but given how high the risk is today, it never hurts to change them more frequently.
Protect Your Computer with Antivirus Software
An anti-malware software provides real-time protection against incoming threats. It detects malware or viruses and blocks them before they can sneak in through links on websites or email attachments.
Once it has flagged down any suspicious files, you can remove them immediately to avoid causing more damage to your computer. You also need to keep updating the software as new releases come out. Whether you have to get rid of malware from MacBook, Linux another operating system, a reliable anti-malware tool is a must to have.
Use Two-Factor Authentication
Two-factor authentication 2FA is a process in which you'll be required to log in with both your password and the second piece of information that only you should have.
This could mean entering a PIN sent to your phone or scanning a physical security key for authentication. It's an extra step that will make it more difficult for hackers to get into your account, even if they've stolen the password.
Once it's been set up on your account, you'll need to enter the password and the second factor to sign in. If you don't have this information handy when logging in from an untrusted device (like a public computer), you won't be able to access your email or email security settings at all.
To activate two-factor authentication for Gmail, follow these instructions:
- Visit myaccount.google.com and sign in as prompted
- Click "Signing into Google" under "Sign-in & Security"
- Click the 2-step verification button under “Password & Sign-in Method”
- Follow the onscreen instructions that appear
Always Log Out of Gmail After Use
When you log out of Gmail, you are effectively erasing any trace of your email account from the device. It’s also a necessary precaution if you’ve accessed Gmail from a public or shared device or if you're using Gmail as a mail client.
If there are many other people in your household, it’s best to have an individual account and set up two-step verification for each account. That way, no one will be able to access their emails without their unique password and phone number.
Bonus Tip: Use a Fake Email Generator!
To keep your Gmail inbox completely free from endless spam and reduce risk of phishing to virtually zero, use a fake email generator.
Also known as a temporary email, a fake email generator creates a disposable email address and inbox disappears after a couple hours of inactivity. Basically, it's an anonymous email service use can use instead of using your real Gmail account and it's perfect for contacting shady sites or people yo don't know.
Be Safe on Gmail!
You deserve to feel safe using your account—and it's easier than you think, as long as you've got a little know-how.
Ensure your password is secure in the same way you ensure your grammar using an online grammar checker to write your emails. Update your recovery options and security questions, and turn on two-factor authentication.
And remember, if you do see something suspicious in your account, don't panic! Strong email security isn’t rocket science. Just take it slow, watch where you click, and report it as spam.