Today, Google accounts are used for everything: to connect to YouTube, to use the brand’s services and even to connect to other sites. It is therefore tempting to also use them for emails, to make life easier. But between phishing attempts and the fact that Google can obtain information from the emails you receive and send, it’s important to take extra precautions to protect your security and privacy.
Good news, for this, you don’t necessarily need to change your email provider, just to slightly modify your habits. We’ll explain it to you.
See the ExpressVPN offer
Improve account protection
Enable two-factor authentication
Before looking at the more advanced improvements, there are a few very simple steps to complete to secure your Gmail account. The first, ensure that the password used for the account is strong and unique. The second, enable two-step validation. Google offers several methods for this second authentication: SMS, Google Prompts sent to the phone you are connected to, backup codes, Google Authenticator and security key. The choice of method will depend on your needs and the security/ease of use ratio you prefer.
The least secure method is sending SMS messages. Even if this type of attack is not yet very widespread in France, we have seen in other countries that attackers, with the help of a little social engineering, manage to obtain SIM cards linked to a phone number that is not theirs and regain access to many accounts and personal information this way. Without going that far, a malicious application can intercept your SMS and obtain the security code sent.
For maximum protection, security keys are the best choice. You have two options: a physical security key or the one built into your phone, found in most modern smartphones. For the latter, your phone and the device to which you are connecting will need to be able to activate Bluetooth so that they can check their proximity. Using the Google Authenticator app is also a good option. It is less secure than security keys since someone who has gained physical access to your phone will be able to log into your account remotely, but it is generally a good compromise between ease of use and security.
If you decide to no longer use SMS as a verification method, it is important to delete it from your Google account for added security. To do this, go to the settings, in the “Security” menu → “Two-step validation” → “Voice message or SMS” → click on the trash can.
Monitor your account activity
In the security menu, Google provides access to many options for monitoring your account. You can see which third-party apps have access to them or which sites you signed in to using your Google account and revoke their access. The menu also tells you which devices your account is connected to, allowing you to check if a connection took place from an unknown device and to indicate that you do not recognize it if so.
See the ExpressVPN offer
Know how to recognize phishing
One of the most common causes of account takeovers is phishing. You’ve probably seen them before: emails that pretend, with varying degrees of success, to be a brand, a public service or a person you know to try to convince you to enter your credentials or download an infected file. If Google has protections in place against spam and phishing attempts, it is not impossible that some emails slip through the cracks of their virtual net.
Generally, it is quite easy to recognize a phishing attempt. The email address used to send the email is strange, spelling mistakes or visual anomalies are present in the body of the message, the subject of the email uses unconventional characters… But other attempts are much harder to detect and it is necessary to take some precautions when you receive a document or a link by email.
If you receive a document from someone you know, make sure they sent it. Likewise, if the document appears to come from a company or public service, you will generally be able to find it on your account. It’s best to go directly to the entity’s website and log in to retrieve it rather than downloading the attachment. You will need to have the same reflexes for links received by email. It’s common to receive messages that appear to come from PayPal or a package delivery company, indicating that a problem is present to push you to click on the email link and thus retrieve login or payment information. Here too, going directly to the site in question rather than clicking on the link is more prudent. If a problem is actually present, it will be reflected on the company’s website.
In any case, if the message promises you unrealistic things (a large sum of money, having won an important competition, etc.) and/or asks you for sensitive information, it is probably a malicious email and be careful is appropriate.
Encrypt your emails
By default, Gmail uses TLS for email encryption. Your messages are encrypted during transit, that is to say while they are transported from your mailbox to that of your recipient and vice versa, to prevent third parties from being able to intercept them. But this means that once in your mailbox, they are vulnerable to hackers who have gained access to your account. But also to Google, which has bots checking emails both for your security and to obtain information.
If the simplest solution is to switch to an encrypted email service, other solutions exist to keep your current Gmail address. Several browser extensions allow you to add a layer of encryption to messages you send. The best known of them is probably Mailvelope but it is also the most technical. It requires the use of OpenPGP keys between the sender and the recipient and therefore to successfully convert your interlocutors to the practice.
For an easier-to-use alternative, the FlowCrypt extension allows you to use OpenPGP keys as well as add a password, to be communicated securely to your contact, to encrypt your message on Gmail. This way, even less technical users will be able to read your messages and they will be protected from prying eyes.
See the ExpressVPN offer
Pay attention to your Internet connection
Another important component of your security is where and how you connect to the Internet. If you connect to public Wi-Fi, your traffic may be intercepted by a third party. Reading your emails over such a connection can pose a security risk to your Gmail account. Whenever you connect to public or unknown Wi-Fi and need to access sensitive information, be sure to use a VPN.
Among the various solutions on the market, ExpressVPN stands out with support for multiple platforms and a neat interface. The company, which has more than 3,000 servers in 94 countries, now has a promotional offer not to be missed with 3 free months for the annual subscription.
See the offer
9.2
- Very high and linear connection speeds
- Wide geographic coverage
- Unblocks foreign streaming catalogs including Netflix US and Amazon Prime Video
ExpressVPN offers a top-notch level of service. It’s difficult to fault it, both regarding its confidentiality policy and the performance and security of its servers, the quality of its applications and even its multiplatform coverage. Its ability to unblock streaming sites abroad, including Netflix and Amazon Prime Video, makes it an ideal travel companion, especially as it boasts impressive connection speeds and minimal latencies, regardless of the server selected. The only downside: high prices which could push Internet users to turn to more economical offers of equivalent quality, such as CyberGhost or NordVPN.
ExpressVPN offers a top-notch level of service. It’s difficult to fault it, both regarding its confidentiality policy and the performance and security of its servers, the quality of its applications and even its multiplatform coverage. Its ability to unblock streaming sites abroad, including Netflix and Amazon Prime Video, makes it an ideal travel companion, especially as it boasts impressive connection speeds and minimal latencies, regardless of the server selected. The only downside: high prices which could push Internet users to turn to more economical offers of equivalent quality, such as CyberGhost or NordVPN.
Article proposed and designed by Clubic in partnership with ExpressVPN.
Read the trust charter
Sponsored by
ExpressVPN