Review your Google account for suspicious activity

After the massive phish targeting Google accounts this week, I’ve had some people ask me how to make sure their Google account is secure. Luckily, Google has built in some great features that help you assess your account security and keep it safe.

If you suspect someone has hacked your account, just changing your password is not enough. There are ways a hacker can maintain access to your account even after you change your password. Follow the below steps to review the state of your account.

Review your current account activity

Log into Gmail in a web browser. At the bottom right of the screen, you will see a link that says Last account activity. Click Details underneath it.

On the screen that comes up, you’ll see a list of the most recent logins to your account. Review the locations – are there any from other countries or cities where you haven’t traveled recently? At the bottom of the page it shows your current IP address – that can help you assess the logins in the list.

If there are any logins you don’t recognize, click on the Sign out all other web sessions button. This will invalidate all currently logged in sessions to your account and force reauthentication. Note that this is just a temporary way to kick a hacker out of your account – if they have your password, they can just log in again.

Use Google’s Security Checkup

Google has a handy Security Checkup feature that walks you through all the important things to check on your account to make sure it hasn’t been tampered with. To access it, click My Account from the top right menu of the Gmail screen.

Half way down the page in the left column, you will see Security Checkup. Click Get Started.

Depending on how you use your account and have it set up, you may have different screens to review. The below is what I see for one of my accounts. If anything looks suspicious, click Something looks wrong and Google will walk you through how to fix it.

Check your recovery information. Make sure the recovery phone and email address listed are ones you know and expect. If you don’t have these set, you should set them now. Click Done when you’re finished.

Next will be a list of any recent modifications to your account that could affect its security. In my case, I removed some old application passwords to tools I no longer use.

Next is a list of all the devices that are currently connected to your account. You can click on each of them to get more information. If someone else is currently signed into your account, their information will show up here.

Next is a list of any apps that are authorized to use one or more parts of your Google account. These could be apps on your smartphone, or they could be desktop based apps such as social media programs that want to access your contacts or other information. It could be read only access, or it could allow the app to take actions such as sending email on your behalf. If there are any apps you don’t recognize, you should remove their access. If you accidentally remove something you use, don’t worry! The app should prompt you to reauthorize the access next time you use it.

The last two checkups are specific to two-factor authentication on the account. If you do not use two-factor (you should!) these sections won’t come up.

First up is app passwords. Apps that need a password to access your Google account but can’t use two factor authentication, such as a desktop email client, will show up here.

Last is a list of the two factor authentication methods set up for your account. Make sure the currently setup methods are expected and that you have a backup method configured.

What else can you do?

Don’t use the same password on more than one website, or at the very least use a different, strong password for your email. You know those forgotten password links on websites? They all send you an email to change it. If someone hacks your email, they can use the password reset features to get into your social media accounts, your bank account, and any other account registered with your email. Your email is they gateway to all your other accounts – protect it the most.

To help keep track of these different passwords, use a password manager. Here’s a rundown of the benefits of password managers from my alma mater: https://www.rit.edu/security/content/benefits-using-password-manager

Lastly, set up two factor authentication. It’s really easy, and it provides the best protection for your account. Really, just do it!

One thought on “Review your Google account for suspicious activity”

  1. Hey, Dan! Thank you for updating us on how we review suspicious activities on our Google account. Not using the same password is a great way to save ourselves from the external attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *