1. 8
    1. 5

      Google will never tell you this, but another technique that works well is to avoid webmail. My email login flow never, under any circumstance, involves entering a password into a browser. Ergo, if a web page requests my email password, it is not legitimate.

      1. 2

        Even if you use native clients to read email, you can still be phished.

        1. 1

          And if you hook your phone number to your google account, you can be worse than phished. https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124