Gmail Security Checkup — 10-Minute Account Security Audit

Run This Gmail Security Audit Right Now

Most Gmail accounts have never been security-audited. After a data breach at any other service where you reused your password, after clicking a suspicious email link, or simply as a periodic checkup — a 10-minute audit can reveal compromised settings you did not know existed.

Work through this checklist in order. Each step links to the exact Google settings page.

Step 1: Verify Your 2FA Status

Go to myaccount.google.com → Security → How you sign in to Google. Check whether 2-Step Verification is on. If it is off, enable it now — see our separate guide on Gmail 2FA setup. If it is on, check which method you are using: if it is SMS-only, consider upgrading to an authenticator app or passkey, which are significantly harder to bypass.

Step 2: Review Connected Third-Party Apps

Go to myaccount.google.com → Security → Third-party apps with account access. This page shows every app that has been granted access to your Google account. Review the list carefully. Remove any app you do not recognize, no longer use, or did not intentionally authorize. Pay particular attention to apps with broad Gmail permissions ("read, compose, and send email") — these have significant access to your data. Many people find 5-10 forgotten apps from years of granting access without thinking.

Step 3: Check Gmail Forwarding Rules

Open Gmail → Settings (gear icon) → See all settings → Forwarding and POP/IMAP tab. Under "Forwarding," check whether any forwarding address is listed. A forwarding rule silently sends a copy of every email you receive to another address. Attackers who compromise accounts routinely add forwarding rules so they continue receiving your emails even after you change your password. If you find a forwarding address you did not add, remove it immediately and change your password.

Step 4: Review Gmail Filters for Auto-Forward Rules

In Gmail Settings → Filters and Blocked Addresses, review every filter listed. Look specifically for any filter with "Forward to" as an action. Attackers sometimes create filters rather than account-level forwarding rules because filters are less visible. Delete any filter you did not create.

Step 5: Check Recent Account Activity

Go to myaccount.google.com → Data & Privacy → My Google Activity, or scroll to the bottom of any Gmail page and click "Details" next to "Last account activity." This shows recent sign-in locations and device types. Look for unfamiliar countries, IP addresses, or device types. If you see something suspicious, click "Sign out of all other web sessions" to revoke any active sessions you did not initiate, then change your password.

Step 6: Review Trusted Devices

Go to myaccount.google.com → Security → Your devices. This shows all devices currently signed in to your Google account. Remove any device you do not recognize or no longer own. Old phones, tablets, or computers you have replaced should be removed even if they were not compromised — fewer trusted devices means a smaller attack surface.

Step 7: Verify Recovery Phone and Email

Go to myaccount.google.com → Personal info → Contact info. Check that your recovery phone number and recovery email address are current and belong to you. These are used to verify your identity if you lose access to your account. If an attacker has changed these, they control your account recovery path. Update them if they are outdated.

Step 8: Search Your Inbox for Password Reset Emails

In Gmail, search for: subject:(reset your password) OR subject:(verify your email) OR subject:(confirm your email) — filter by the past 30 days. Look for password reset emails from accounts you did not initiate. These are the most reliable indicator that someone has been attempting to access your accounts. A suspicious reset email means an attacker knows your email address and is targeting your other accounts.

Step 9: Check Your Sent Emails

Open your Sent folder and scroll through the past few days. Look for emails you did not send. Attackers who gain account access often send phishing emails to your contacts from your account — your contacts are more likely to trust email coming from you. If you find unfamiliar sent emails, your account was compromised. Change your password immediately, revoke all active sessions, and notify your contacts about the breach.

Step 10: Monitor Continuously with Gorganizer

A one-time security audit is good. Continuous monitoring is better. Gorganizer scans your inbox with 1,300+ detection signals every time you run it — identifying phishing attempts, social engineering lures, suspicious sender patterns, and spoofed brand emails. Running Gorganizer regularly means the phishing emails that reach your inbox are flagged before you open them. It also surfaces suspicious account-related emails that might indicate ongoing targeting. Think of it as a recurring security audit running automatically alongside your inbox cleanup.