A Defensive Computing Checklist    by Michael Horowitz
HOME | About | Domain Names | VPNs | Rules of the Road | DC Presentation | ChangeLog | Stats |

GMAIL

Consider your Gmail password critically important. Never tell it to anyone. Do not use your Gmail password for anything else. If there is a chance you might forget it, write it down on paper twice and store each copy in different secure places.

TECH SUPPORT

To me, the biggest issue with Gmail is that it is free. Any free service comes at the price of no technical support. If something goes wrong with Gmail (or your Google account) tough luck. In my opinion, email is important enough that it is worth paying for, just to get technical support.

AUDIT YOUR ACCOUNT LOGINS

Every now and then, you should audit the logins to your Gmail/Google account to insure that no one else has logged on to your account. You can do this at the Gmail website:

  1. Click on your profile photo in top right corner (this might instead be your initial, if you never gave Google a photo)
  2. Then click Manage your Google Account
  3. Then click Security in the vertical stripe on the left
  4. Review the Recent security activity

BEWARE THIS SCAM

September 8, 2024: Gmail Account Takeover: Super Realistic AI Scam Call by Sam Mitrovic. The story of a super realistic AI scam phone call that could trick a vast number of people. The scam starts with a fake notification to approve a Gmail account recovery attempt. This was shortly followed by a missed phone call where the number showed as being a valid Google phone number. Never forget, callerid can be faked. A week later, another fake notification to approve the potential victims Gmail account recovery. Again, this was shortly followed up with a phone call that the victim, this time, answered. Scammer on the phone says there is suspicious activity on the account. Note that this is a very common claim in the world of scams. Scammer on the phone says someone logged in to the victim account from Germany (victim is not in Germany). Scammer on phone says that someone has had access to the victims account for a week and that they have downloaded the account data. Scammer sends an email, and I note again, that spoofing an email address is possible. Turns out the voice on the phone was an AI. Bad guys were using Salesforce CRM which allows you to set the sender to whatever you like and send email using Gmail/Google servers. Had the victim approved the account recovery notification, the bad guys would have gained control of the account. Note that Google does not call Gmail users if you don’t have Google Business Profile connected. Also know that you can verify if someone else has logged into your account: click on your Gmail profile photo in top right corner -> Manage your Google Account -> Security -> Recent security activity.

ASSORTED

CONFIDENTIAL MODE

What: It is an attribute of individual messages that lets you set an expiration date for sent messages, revoke access to sent messages, and optionally set a password for a sent message. In addition, recipients of confidential Gmail messages are prevented from forwarding, copying, printing and downloading the message. Invoke it while composing a message by clicking on a very small image of a padlock and a clock. The recipient does not need to use Gmail.

But: The recipient can take a screen shot. Message passwords require that you provide a cell phone number for the recipient because the password is texted to them. So, arguably less confidential than normal. Google does not say whether they can read the messages, which means they can.

  1. Watch out for Gmail's new Confidential Mode by Mike Elgan for Computerworld (May 2018). Elgan says that this is neither secure nor email.
  2. Send & open confidential emails from Google

AVOIDING GMAIL

  1. I moved my Gmail to a less creepy email. It was surprisingly easy. by Shira Ovide in the Washington Post (June 27, 2023). Ovide describes how she easily moved 15 years of email messages from Gmail to Proton Mail. Proton offers an Easy Switch feature with instructions on how to move your messages from Gmail, Yahoo or Microsoft’s Outlook. She considers Proton trustworthy and I agree.
  2. 5 Reasons to Ditch Gmail for ProtonMail by David Nield for Gizmodo (March 2021). The article is wrong about End-to-end encryption. It only applies to messages between two ProtonMail users.
  3. How to Migrate from Gmail to ProtonMail by ProtonMail (undated). The steps: Transfer existing emails, Set up email forwarding, Transfer contacts, Inform your contacts and Update online accounts.
  4. Privacy-Conscious Email Providers from PrivacyTools.io
  5. These 4 Gmail alternatives put your privacy first (Fastcompany Aug 2019)

 This page: 5 views per day (over 883 days)   Total views: 4,588   Created: August 27, 2022
This Page
Last Updated

January 4, 2025
Site Page
Views TOTAL

 1,080,372
Site Page
Views TODAY

  332
Website by
Michael Horowitz
@defensivecomput
top
Copyright 2019 - 2025