Gmail's support site has a "security checklist" to help you make you Gmail secure. Here're some advanced tricks:
- "Check the list of websites authorized you've choosen to access your Account data. If your account has been compromised, it's possible that bad guys authorized their websites to access your account." Edit the list of authorized websites, here.
- "Check your browser for plug-ins, extensions, and 3rd-party programs/tools require access to your Account credentials. Google can't guarantee the security of these 3rd party services. If those services are compromised, so is your Gmail password."
- "Confirm accuracy of your mail settings to ensure that your mail stays and goes where you want it to. Sign in to your account and click Settings link to check following tabs:
- General: Check Signature, Vacation Responder, and/or canned responses for spammy content
- Accounts: Verify your Send Mail As, Get mail from other accounts, and Grant access to your account are all accurate.
- Filters: Check that no filters are sending your mail to Trash, Spam, or forwarding to an unknown account.
- Forwarding and POP/IMAP: Ensure your mail isn't sent to an unknown account or mail client."
- "Check for any strange recent activity on your account. Click Details link next to 'Last Account Activity' entry at the bottom to see the time, date, IP address and associated location of recent access to your account."
- "Use secure connection to sign in. In Gmail settings, select 'Always use HTTPS.' This setting protects your information from being stolen when you're signing in to Gmail on a public wireless network, like at a cafe or hotel."
Reference: Security Checklist