How much damage could be done if your Gmail password fell into the wrong hands?
Quite a lot I would wager.
Because not only would an identity thief be able to send emails pretending to be you, and trawl through your old messages for passwords and financial information, but also your Gmail password will also unlock your other Google accounts - including Google+, Adwords, Google Checkout, Google Docs, YouTube and so forth..
So, you should work hard to protect your username and password credentials for Google login details.
Here's an email that SophosLabs has seen spammed out, pretending to come from Google's team:
The email claims that the recovery email address associated with your Google account has changed, and if you do not verify it then you might lose your account in its entirety.
Dear Account User,
Thanks for updating your e-mail address with us.We changed your recovery e-mail address in our files to [redacted]@hotmail.com.If this is correct, you can disregard this e-mail. If the new e-mail address is not correct or you did not request this change. Follow the instruction in updating your account
However, Failure to do so may result in account suspension permanently.
Thanks for using Gmail!.
Clicking on the link in the spammed-out email does not take you to your Google accounts settings, however. Instead, you are taken to a compromised website which is hosting a phishing page - designed to steal your password.
Always take care about what links you click on, and don't enter your personal information until you are confident you have reached a legitimate site,
And if you need further advice, why not read my point-by-point advice about how to stop your Gmail account being hacked.