There are two basic signs your e-mail  account has been hacked:

1. You can’t log in, even with a password you know is valid
2. Your account is sending e-mails that you never wrote

Those are obvious, but savvy e-mail hackers don’t often tip their hands with these sorts of  blatant clues anymore. They’d much rather hijack your account and use it without your ever knowing it. Serious hackers rarely change your password, and they don’t often resort to sending e-mail to recipients from your address book (who will quickly notice that you’re sending them Viagra ads or porn site signup links). The new breed of email hackers will simply hang out in your account until you get an online bank statement or similar sensitive message, then use that data to steal actual money from you.

That’s why Gmail adds a third method for sniffing out e-mail hackers: the account activity log.

Located at the bottom of your Gmail inbox, just below the “You’re currently using XXXX MB (XX%) of  your 7XXX MB” listing, is a line displaying your last account activity. This readout displays the last time someone logged into your Gmail account. If the time and date that follow last account activity don’t match up to a time you were actually using Gmail, that should be a red flag.

In any case, it’s a good idea to regularly click the details link that follows the last account activity timestamp. This will prompt a chart of your last dozen or so Gmail logins, organized by the login method (your web browser, your mobile phone, or a POP3/IMAP connection like that used by Outlook or Thunderbird). Each login will also be timestamped and associated with an IP address.

If you don’t ever log into Gmail from a mobile phone but the activity log says your Gmail has a history of mobile access, that’s a warning sign. The same goes for an IMAP or POP3 link if you don’t use a third-party program or service to sync or access Gmail.

Note that your regular Backupify backups will appear in this activity log as authorized logins, as will some other legitimate services you don’t immediately recognize, which is why checking the IP address of each login is a good idea. Simply copy the IP number and paste it into the lookup service at Domain Tools. You’ll instantly learn who owns the IP address that logged into your Gmail account. Your Backupify backups will typically look like IMAP logins from an IP address owned by Amazon.com; that’s our application backing up your data to our Amazon S3 storage account.

If there’s a sketchy looking IP address on the activity list, now would be a good time to change your Gmail password. Gmail does a good job of noting when a known hacker IP address (or even a suspected one) logs into your account and throwing up an alert. Gmail does the same thing when your account is logged into from two IP addresses simultaneously (like when I have my work VPN laptop and my personal PC on Gmail simultaneously). Follow the instructions in these alerts and change your Gmail password whenever your receive one.

If at any point you suspect your Gmail account has been compromised, notify Google here and follow their instructions. They’ll lock down your account from any further unauthorized access and help undo whatever damage was done — if possible. Whatever Google can’t recover, Backupify is here to replace.

Stay alert, don’t panic and — as always — have a good backup plan.

Some good tips here on keeping your Gmail safe.