ARTICLE
8 November 2024

Using Gmail? Take This Step To Secure Your Account

BI
Buchanan Ingersoll & Rooney PC

Contributor

With 450 attorneys and government relations professionals across 15 offices, Buchanan Ingersoll & Rooney provides progressive legal, business, regulatory and government relations advice to protect, defend and advance our clients’ businesses. We service a wide range of clients, with deep experience in the finance, energy, healthcare and life sciences industries.
Google has made significant strides in enhancing security across its platform, with a particular focus on Gmail, which serves over 2.5 billion active users. However, cybercriminals are becoming more adept at bypassing...
United States Technology

Google has made significant strides in enhancing security across its platform, with a particular focus on Gmail, which serves over 2.5 billion active users. However, cybercriminals are becoming more adept at bypassing even the most advanced protections, such as two-factor authentication (2FA). Reports of session cookie theft and 2FA-bypass attacks targeting Gmail users are increasing, and while Google continues to improve its defenses, users must take proactive steps to protect their accounts.

One surprisingly simple action you can take right now to bolster your Gmail security involves creating a secondary Gmail account and setting up a forwarding rule. While this measure does not directly prevent 2FA-bypass attacks, it can significantly mitigate the impact should your primary account be compromised.

The Threat: 2FA-Bypass Attacks and Session Cookie Theft

The latest wave of cyber attacks against Gmail involves techniques that allow attackers to bypass 2FA, often using stolen session cookies. This means that even if you have 2FA enabled, a hacker may still gain access to your account. Although Google has implemented advanced security measures, including passkey authentication and safe browsing features in Chrome, cybercriminals continue to develop sophisticated methods to circumvent these protections.

What You Can Do to Protect Yourself

  1. Create a Second Gmail Account
    Setting up a second Gmail account is quick and easy. Google's account creation process is simple, and you can create as many accounts as you need. Here's how:
    • Sign out of your current Google account.
    • Visit the Google Account sign-in page and select "Create account."
    • Follow the prompts to create the new account.
  2. Secure the New Account
    To maximize security, ensure that the new account is protected by a passkey linked to a different device than your primary Gmail account, or enable 2FA using a standalone authentication app (rather than SMS, which may be vulnerable). Try to use unique information for the new account, such as a different password and recovery options.
  3. Set Up Email Forwarding
    Once the new Gmail account is created and secured, go to your original Gmail account settings and set up an email forwarding rule to send a copy of all incoming emails to the second account. This provides a backup in case your primary account is compromised.

Why This Works

While creating a second Gmail account won't prevent a hacker from bypassing 2FA on your original account, it does give you an additional layer of protection. If your original account is hacked, and emails are being forwarded to the second account, the hacker would need to compromise both accounts separately. Since these accounts are independent, this significantly reduces the likelihood that both will be breached in the same attack.

Conclusion

While Google's security measures are robust, the threat of increasingly sophisticated cyberattacks remains real. Taking proactive steps—like setting up a second Gmail account and email forwarding—can help mitigate the damage if your primary account is compromised. Along with other essential security practices, these measures can provide additional peace of mind.

As reports of the latest session cookie stealing, two-factor authentication bypassing, cyber attacks against Gmail users flood in; there's one surprisingly simple defensive action you can take right now to help protect your email. However, you need to do it now as otherwise it could be too late to help you if you fall victim to a 2FA-bypass Gmail attack: open a second Gmail account and add one rule to protect your data.

www.forbes.com/...

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More