A few days ago, I saw a security notification when I logged into my Gmail account
Warning: We believe your account was recently accessed from Canada (IP address).
I use a Google Apps account as my work email and the first thing I did after seeing this message was to change the password of my email account from Google Apps email management panel. The security of an email account is critical because this email address is tied with majority of my online accounts which includes Facebook, Twitter and other social networking sites.
Imagine the situation when someone else gets access to your email inbox and downloads all email messages using POP /IMAP. That would mean disaster because the hacker would then be able to read all your archived email conversations and may leak out confidential data anytime.
Since this email is hosted on Google Apps, I was in a way sure that this is not the case of any human being accessing my Gmail inbox from another computer. I said “sure” because of the following reasons:
1. Google Apps users can never change their email password on their own. They must contact the domain administrator and get the email account password reset.
2. My Gmail address is not the domain administrator for this domain. I use a separate username as domain administrator and I never use that email address in any other website – it’s just made for the purpose of managing this domain and nothing else.
3. I never use someone else’s computer for checking email and neither I remember any username or passwords in my head. I don’t even save passwords in my browser, so chances of getting hacked by a keylogger program or someone sniffing my Gmail account username and password through the network is ruled out. This is because I never type the passwords in the first place, my password manager performs an autotype which cannot be tracked by any third party malicious software.
Be A Detective – Find Who Is Accessing Your Gmail Account
Before finding out the reason of third party activity on your Gmail account, be sure to take the following measures:
1. Reset your Gmail account password immediately.
2. Open your Gmail inbox, scroll to the bottom and click the “Details” link at the bottom of the page. This will open a new browser window with a list of IP addresses and computers that have recently accessed your Gmail account. Click “Signout of all other sessions” to ensure that no one else is logged into your Gmail account from any other computer. [#]
3. Go to Gmail settings > Filters and look for any suspicious filters being added to your Gmail account. Do not ignore this step because some Gmail filters may forward email to another account or trash them without your consent.
After doing all the above steps, you are sure that no one else has access to your Gmail account and it is safe from potential hackers and data theft. But my case was a little different.
I was again shown the same notification when I logged into my Gmail account this morning. This is highly suspicious!
Find Third Party Websites That Have Access To Your Gmail Account
There is one thing I missed – third party sites whom I have authorized to access data from my Google account.
There are a lot of websites who support creating an account with them using your Google account or with another service provider that supports open ID. I prefer creating accounts with OPENID as I don’t have to receive email notifications and neither I have to create another set of username and passwords.
Now the problem is that when these companies switch hosts or they are acquired by another company – they begin a new verification system for all their users. Either the domain name of the company had changed or they have migrated hosts, which may be one of the reasons why I was continuously getting the Gmail notification –“Your account is being accessed from another computer”
To find which websites are authorized to access your Gmail account, follow these simple steps:
1. Login to your Google account and click your username at the top right corner of the page. Then select “Account settings”
2. In the next page, click on “authorizing applications and sites” under personal settings.
3. Find the list of sites that are authorized to access your Gmail account. See whether these were the same sites whom you have authorized and if you find any site whom you haven’t authorized, click “Revoke access”
It is very much possible that the website with whom you had registered an account at an earlier point of time has been bought by another company and the new system has started account verification on all user accounts registered with them.
When you revoke the third party access, your account will be destroyed at that website so you should backup important stuff or change user account credentials at the third party site before revoking third party access from your Gmail.