Phishing is the most common attack most internet users face, but important users like business executives, journalists, activists, and government workers face additional risks. Sophisticated, targeted phishing and whaling attacks are the new norm for VIPs, and the advantage is stacked towards the attacker. The victim only needs to make one mistake to lose a password.
If you use only a password to access your account, it's important you start learning about multi-factor authentication. While many users are familiar with two-factor authentication, SMS messages and push notifications can be phished by well-resourced attackers. For users where getting phished isn't an option, Google has created a stronger protection plan.
To shut down phishing altogether, Google's Advanced Protection program requires a physical universal two-factor authentication token to add a new device, meaning a stolen password becomes useless to an attacker for accessing your account.