(This discussion may have lived on the previous forum.)
In light of recent events, it's a good time to revisit how we address some online security tips.
Google provides a 2-Step Verification option for increased account protection.
I use this for both my work and personal accounts. Whenever I use my account to log in, I am prompted to provide a code that is sent via text to my phone. This verification can be done via text, call, and app to your device. There are other options as well but the previous are most common. Google also provides you with a list of one-time use codes in the event that you are not able to receive the verification.
UPDATE: Google has made this process even easier. Once your verify your personal device, verification with the device is as simple as clicking YES/NO on your device. All other devices will still require a code.
NOTE: 2-Step verification wouldn't prevent the phishing/email scam that happened as it works behind this process. In this event, you have already gone through verification. So the scam has the user granting access to their account once they are logged in. It is always best practice to be mindful of what is being shared with you or in your email.
You can always check you connected services here: Manage the services connected to your Google Account