Gmail Blog - Detecting Suspicious Account Activity

Google is implementing a new policy to help you know if your account may have been compromised. It uses the general location and timing information to see if it is likely someone else is signing on. It will not help if the hacker locks you out of your account, but could save you if the person is 'ghosting' under the radar.

http://gmailblog.blogspot.com/2010/03/detecting-suspicious-account-activity.html

"You may remember that a while back we launched remote sign out and information about recent account activity to help you understand and manage your account usage. This information is still at the bottom of your inbox. Now, if it looks like something unusual is going on with your account, we’ll also alert you by posting a warning message saying, "Warning: We believe your account was last accessed from…" along with the geographic region that we can best associate with the access.



To determine when to display this message, our automated system matches the relevant IP address, logged per the Gmail privacy policy, to a broad geographical location. While we don't have the capability to determine the specific location from which an account is accessed, a login appearing to come from one country and occurring a few hours after a login from another country may trigger an alert.

By clicking on the "Details" link next to the message, you'll see the last account activity window that you're used to, along with the most recent access points.



If you think your account has been compromised, you can change your password from the same window. Or, if you know it was legitimate access (e.g. you were traveling, your husband/wife who accesses the account was also traveling, etc.), you can click "Dismiss" to remove the message."