So you think your job is done — you’ve secured your email against hackers by thinking up the best password in the entire world. You’re safe, or so you think. But a new study from Google says that if your friends and email contacts have already been hacked, you’re much more likely to get scammed, too.

It’s not like danger is lurking around every corner, as Google says only nine in one million email accounts gets infiltrated, reports CNNMoney. But when it does, the ball gets rolling quickly.

The study found that hackers are mostly from five countries: China, Ivory Coast, Malaysia, Nigeria and South Africa. Their tentacles reach around the world, however.

Other findings from the study: Effective scams work about 45% of the time; after your login credentials are compromised, hackers usually access/hijack an account within seven hours; scammers can scan your email for tasty tidbits in just three minutes, focusing on emails with bank account information, login credentials and other financial details. It’s a good idea to erase that kind of information from your email.

As always, setting your email account with two-factor authentication (and any account you want protected that allows it) will spare you many a headache, as hackers won’t be able to get around the obstacle of getting the right unique code to plug in your password is entered.

This is how your Gmail account got hacked [CNNMoney]