Google classifies sensitive Gmail actions into several categories, each of which could potentially compromise a user’s account if exploited by threat actors or criminals. These categories include:
- Filters: Creating a new filter, editing an existing filter, or importing filters
- Forwarding: Adding a new forwarding address from the Forwarding and POP/IMAP settings
- IMAP access: Enabling the IMAP access status from the settings
When any of these actions are triggered, users will receive a verification check, often in the form of a two-step verification process, such as approving a notification on a paired device or entering an SMS code. In the event of a failed verification challenge or incomplete verification, users will receive a “Critical security alert” notification on their trusted device, which allows them to secure their account.