Have you received a suspicious email from someone you know? Before you click that link, be warned: it could be a scam. And that scam could put you and your entire contact list at risk.

While phishing scams are uncommon – with just nine in around 1 million accounts being compromised each day – it pays to keep your account safe and secure.

But what is a Google phishing scam and what can you do to reduce your risk?

How do Google email scams work?

Let’s imagine you receive an email from your colleague Jan. It looks like an innocent email, except the wording is weird and the link seems odd. But you click on it anyway.

That one click could compromise your entire Google account – your password is changed so you can’t access your account; your old emails and contacts are suddenly deleted; and all your contacts receive the same mass email that you did from Jan. Some of them may click on the same link in your email and so the phishing scam cycle continues.

It’s the oldest trick in the online book, and it’s back with a vengeance. And it can happen to any online account and any email user. In fact, a Google statement released recently says your account is 36 times more likely to get hacked if your contacts’ accounts have been attacked.

Even more alarming, it’s not just emails from your colleague Jan that could trick you. Phishing emails can be masked as legitimate requests for information from your bank – or even Google!

How can I protect my account from the phishing scam?

Google is a tough cookie that takes your account security seriously, using sophisticated tools and technology to spot scams, reduce the risk of hacking and mop up the mess if it does occur.

That being said, there are some simple steps you can take to avoid a phishing scam:

  1. Take care when opening up emails that seem strange, especially if they come from someone you know whose account may have been hacked.
  2. While opening an email is OK, clicking on a link or attachment is where the damage is done. Never open anything you’re unsure about. If it looks suspicious, hover your mouse over the link; if the link is different to what it should be, don’t click on it. Instead, delete the email and immediately call the person or organisation that sent the email.
  3. Never respond to an email that asks you to send your Google login details. Check the web address in the URL box to ensure you’re at the official Google website.
  4. Sign up for an alert to receive a message on your phone when your username and/or password are changed.
  5. Clean out your inbox. Scammers will search your emails for bank and other information. Run the same search yourself and permanently delete any old emails that could help scammers access your financial details.

What should I do if my Google account was hacked?

If your account was hacked and you can re-access it, you should take steps to secure it. Try these tips:

  1. Change your password
  2. Choose new password recovery settings
  3. Enable a two-step verification process
  4. Check your email signature and vacation reply haven’t been amended
  5. Disable forwarding and POP/IMAP settings and access
  6. Go to Settings, Accounts, Send Mail As and check that only your email address is listed

For more account security tips, get in touch with our team today.