One of the biggest controversies of last year — the hacking of the Democratic National Congress’ chairman John Podesta emails — happened using a very simple methodology.

A hacker made Podesta believe that his account had been compromised and made him change his password on a pseudo screen that looked just like the actual Google email login screen.

The password was never changed but the hackers gained access to Podesta’s email account. The emails were later published by WikiLeaks and seem to have affected the course of the 2016 presidential election.

This is just one of the ways your Gmail account can be hacked.

Google recently published a post on its security blog titled “New research: Understanding the root cause of account takeover” to educate users how to prevent this kind of account takeover.

According to Google, more than 15 percent of users surveyed  reported a takeover of their social media or email account between March 2016-March 2017. The search giant found that 788,000 credentials were stolen by hackers in the same period, which means that the magnitude of such hacking is pretty large. Around 3.3 billion accounts were exposed by third-party breaches.

The search giant teamed up with the University of California at Berkeley to understand how hijacking of accounts happens. Their methodology involved analyzing several black markets from March 2016 — March 2017 and studying how hijackers managed to steal passwords and other data. The researchers presented their findings at the Computer and Communications Security Conference which took place Oct. 30- Nov. 3 in Dallas, Texas, and is now available on the Google Blog.

The study found that once hackers had access to your password on one account, they are able to hack into other accounts by using a hit and trial method, since most people use the same password for many accounts.

The company also found that hackers have also started using sophisticated techniques and softwares such as keyloggers and phishing tools and were collecting IP addresses of targeted users. Such information is then used to steal identities of people.

The company claims that it has used the lessons from the study in making Gmail accounts more secure. It has also provided advanced protection to more vulnerable targets such as politicians and actors.

However, to keep your account secure, the search giant has suggested two important steps that any user can take — using a password generator to avoid using generic passwords  and enabling two-factor authentication, comprising of both a password and a connected device on your account. The company claims that just taking these two steps could make your account “unphishable.”

Another thing that users can do is enable safe browsing in their email, which will warn them before they open a potentially dangerous site or even click a dangerous link within an email.