This post if provided primarily for the benefit of parents. Students at St. Albert the Great cannot use their school-issued Google Account to send or receive email or chat messages to outside persons. Messages sent to a student email address that are sent from an account outside of the stalbert.org domain are Protecting your Google Account is critical, as it often acts as the central hub for your personal and work life, linking to email, documents, photos, and other important services. Google provides a Security Checkup tool that gives you personalized recommendations and helps you strengthen your account's defenses. It's a quick process that you should perform regularly.
To start, you need to access your Google Account's security settings:
Go to your Google Account: Visit myaccount.google.com or, if you're signed in, click your profile picture in any Google service (like Gmail) and select Manage your Google Account.
Navigate to Security: On the left navigation panel, select the Security tab.
Start the Security Checkup: At the top of the Security page, you'll see a section called "Security checkup." Click Review security tips (or a similar prompt) to begin.
The checkup will guide you through several important steps, including:
Recent security activity: Checking for new sign-ins or recent security-related changes you may not have noticed.
Third-party access: Reviewing which apps and services have access to your Google Account data. Remove access for anything you don't use or don't trust.
Sign-in & recovery: Ensuring your recovery phone number and email address are up-to-date, which is vital for regaining access if you're locked out.
2-Step Verification (2SV): Confirming that 2SV is enabled, one of the most effective ways to prevent unauthorized access.
A crucial part of account security is auditing the devices that currently have access to your Google Account.
How to Check Signed-In Devices
Go to the Security Tab: Navigate back to the Security tab in your Google Account settings.
Find "Your devices": Scroll down to the section labeled "Your devices" and click Manage all devices (or similar prompt).
Review the List: You will see a list of all phones, computers, and tablets that are currently signed in to your Google Account or have been in the last few weeks. Details usually include the device type, last activity time, and approximate location.
What to Do If You Don't Recognize a Device
If you see a device that is unfamiliar, is in an unexpected location, or is one you no longer own, follow these steps immediately:
Sign Out the Device:
Click on the unrecognized device in the list.
Click the Sign out button and confirm the action. This immediately revokes the device's access to your account.
Change Your Password: Immediately change your Google Account password to a strong, unique password that you have not used before. This is critical because an attacker likely obtained your password to sign in.
Check for Other Changes: After changing your password, review the rest of the Security page for any other unauthorized changes the attacker may have made, such as:
New recovery phone numbers or emails.
New third-party apps with access.
Changes to your mail filters (see the section below).
If your Security tab displays a "critical security alert" (often indicated by a red shield or exclamation point), it means Google has detected suspicious or potentially dangerous activity on your account. Do not ignore this.
Immediate Steps:
Review the Alert: Click the alert or the "Secure account" prompt to see the details of the event (e.g., a sign-in from an unusual location or on a new device).
Verify the Activity: Google will ask, "Do you recognize this activity?"
If No, secure account, you must immediately secure your account.
Change Your Password: The most crucial step is to change your password immediately to a strong, unique one. This severs the access of the unauthorized person.
Complete the Security Checkup: Google will walk you through a process to review all key settings, including devices, third-party access, and recovery information, to ensure the attacker is completely locked out.
Look for Other Compromised Accounts: If the critical alert was due to a password breach, assume that any other online account (like banking, social media, shopping) that used the same password is also compromised and change those passwords immediately.
A sophisticated tactic used by scammers after compromising an email account is to create filters to hide or delete security alerts and transaction confirmations. This is typically done to conceal purchases or transfers made from linked accounts like Amazon, banks, or financial apps (e.g., PayPal), keeping the user in the dark until it's too late.
How to Check for Malicious Filters
Filters are currently a desktop-only feature in the main Gmail interface, but you can access the desktop site on your phone (see the final section).
Access Gmail Settings:
Go to Gmail on a desktop browser.
Click the Settings gear icon ($\text{⚙}$) in the top right corner.
Select See all settings.
Navigate to Filters: Click the Filters and Blocked Addresses tab.
Inspect All Filters: Scrutinize every filter listed. Look for filters that:
Target financial institution emails (e.g., from Amazon, PayPal, a specific bank email).
Have actions set to Skip the Inbox (Archive it), Mark as read, Apply the label (to move it out of sight), or, most dangerously, Delete it.
Dealing with a Malicious Filter
If you find a filter designed to conceal or delete transaction or security emails:
Delete the Filter: Click Delete next to the malicious filter and confirm.
Check Trash and All Mail: Immediately check your Trash and All Mail folders for any missing financial emails or security alerts that the filter may have hidden or deleted.
Contact Financial Institutions: Review the recovered emails for unauthorized transactions. Contact the relevant companies (Amazon, bank, PayPal, etc.) immediately to report the fraud and secure those accounts.
Changing Passwords for Linked Accounts
Since the scammer used your Gmail to hide their activities on your other accounts, you must assume those accounts are also compromised or their passwords are known to the attacker.
Change the passwords for every account that was mentioned in the malicious filters (e.g., Amazon, PayPal, any banking apps).
Enable 2-Step Verification on all these financial and shopping accounts as well.
Check Transaction History: Review your activity history on those linked accounts to confirm the extent of the unauthorized activity.
Since filter management is a desktop feature, you'll need to use your phone's browser to access the desktop view of Gmail.
Open Your Browser: Launch a web browser on your phone (like Chrome, Safari, or Firefox).
Go to Gmail: Navigate to mail.google.com. You'll likely see the standard mobile view.
Request Desktop Site:
In Chrome (Android/iOS): Tap the three-dot menu ($\text{⋮}$) in the top right corner. Select Desktop site (or Request Desktop Site).
In Safari (iOS): Tap the $\text{aA}$ button in the address bar. Select Request Desktop Website.
Load the Desktop View: The page will reload, and you'll see the full desktop version of your Gmail inbox. You can then zoom in and navigate to the Settings gear icon ($\text{⚙}$) to access the Filters and Blocked Addresses tab.