f an account is accessed from one country, then again a few hours later from a different country, Google would likely sound the alarm. The assumption: The multiple and geographically divergent log-ons would be a clue that the account had been hacked, and was now being used to send spam, spread scams or distribute malware.

"It's actually much more sophisticated than that," said Will Cathcart, a Gmail product manager. "If we determine that an IP down the block [from you] has logged into your account, and has recently logged into lots and lots of accounts, we'll display the warning."

Cathcart declined to reveal details of the other factors that Google takes into account when deciding whether to trigger an access alert, saying only that the IP locating criteria was "a data point that most users can easily understand."