Securing Gmail AccountsIf your Gmail/Google account has been accessed by unauthorised third-parties, use the following steps to lock it down: Invalidate Cookies- Log into https://www.gmail.com.
- Log out by clicking the profile icon in the top right and choosing Sign Out:
If an attacker has gained access to the account by stealing cookies, signing out invalidates those session identifiers. Change Password & Recovery Address- Log into https://www.gmail.com.
Your account name (email address) will be shown in the top right corner. - Click the down arrow and choose Account.
- Under Account, ensure the Recovery Email Address(es) are set appropriately. Delete any that are not required.
- Click Security.
- Click Change Password and change the password.
- Click Security.
- Click Update Recovery Options.
- Check that the various recovery options are set appropriately, such as mobile phone numbers and additional email accounts.
Also change the Security Questions.
Note that changing the main password also deletes any existing App Passwords. Remove Forwarding- Log into https://www.gmail.com.
- Click the “cog” icon in the top right hand corner and choose Settings.
This gives you a strip of options across the top of the screen. - Click Forwarding and POP/IMAP.
The first option is Forwarding. If there are no forwarders, it will simply say Add a Forwarding Address. If there is a forwarding email address, it will show two options, Disable Forwarding and Forward A Copy Of Incoming Mail To. - Ensure Disable Forwarding is selected. Optionally delete the existing forwarding addresses.
- Click Save Changes at the bottom of the screen.
Remove Filters- Log into https://www.gmail.com.
- Click the “cog” icon in the top right hand corner and choose Settings.
This gives you a strip of options across the top of the screen. - Click Filters.
- Delete any unrequired filters which may direct mail to other mailboxes.
Remove Third Party Email Access- Log into https://www.gmail.com.
- Click the “cog” icon in the top right hand corner and choose Settings.
This gives you a strip of options across the top of the screen. - Click Accounts And Import.
- Ensure Send Mail As is set appropriately (ie shows your own email address and not someone else's).
- Ensure Grant access to your account is set appropriately.
- Click Save Changes at the bottom of the screen.
Check Third-Party Access- Check https://security.google.com/settings/security/permissions.
|