I’ve been using Gmail since day one. One of the many reasons I’ve stuck with Gmail all this time is, the alert service Google provides in Gmail. The “Last account activity: … minutes ago at this IP..” alert.
Just as I monitor my open connections while on the Internet, I also scan the account activity alert frequently, while logged in to Gmail. So, I was more than a little surprised this morning when I saw the following alert.
As an Internet professional, I can say with a reasonable amount of conviction, that malware on my machine is not the issue here. And, I can say with absolute confidence, that I have never been the victim of a scam, or a successful phishing attempt. In order to reduce exposure to hacking attempts, I have never been careless and accessed Gmail from an unsecure computer, or a hotspot.
Despite all of that, and after 20 years of experience using Webmail, my Gmail account has been hacked. Curiously, this is the Gmail account that I specifically set up to handle reader comments on this site.
I’m not suggesting that I have been specifically targeted by Nigerian hackers because of my frequent robust articles on the lunatic efforts of these cyber criminals, but……
There is a much more likely explanation, and it’s this – hacking kits are widely available on the Internet which make it possible for even hacker “wannabes”, to hack into Gmail as the following screen capture illustrates.
Hacking kits are widely available, not only for email accounts, but virtually any application you could name.
I’m uncertain if Google has a current security issue, and is being less than frank in its disclosure, but I am certain of this – ANY website, or service, can be hacked.
Google is not immune to hacking, as the fairly recent fiasco in China, in which Chinese hackers compromised Chinese activists’ Gmail accounts, illustrates. In fact, Gmail hacking is a much more common occurrence than most users are aware of. If you want confirmation of this, then Google “my Gmail has been hacked”.
What I find very annoying is, Gmail, WordPress, and others, simply refuse to acknowledge, that vulnerabilities exist in their systems – especially WordPress.
Listen up WordPress – if the Pentagon can be hacked, and it has been, frequently, then WordPress is definitely NOT invulnerable to hacking, despite your assurances to the contrary.
I have made substantial changes which hopefully will thwart these hackers, which, for obvious reasons I will not disclose here.
Google does offer an excellent tutorial on “Last account activity”, and help, should your account become compromised.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Bill Mullins' Weblog - Tech Thoughts 
Hi bill,
ijust cant belive this! If gmail could be hacked so whats the point of using it ? /sad
Do not bore them to hacking, because I always have any mites may be.
The internet is not a fun place to be.Think about it malware, tracking cookies , flash cookies,privacy concern abound, windows problems I used Ghostery for a short while and that really opens your eyes to the lack of privacy.Some day I will cut the cord and go back to doing things in a simpler and more secure manner
take this seriously hence it is targeted your readers..
i’ve just received this email..
*************************
Subject: Urgent help !!!!
Date: Sun, 6 Jun 2010 20:54:16 +0300
Bill Mullins
I’m sorry for this odd request because it might get to you too urgent but it’s because of the situation of things right now,I’m stuck in London with family right now, we came down here on family vacation, we were robbed, worse of it is that bags, cash and cards and our cell phone were stolen at a GUN POINT,and it’s hard to get hold of a phone here in
London it’s such a crazy experience for us, we need help flying back home, the authorities are not being 100% supportive but the good thing is we still have our passport but don’t have enough money to get our flight ticket back home, please i need you to loan us some money, will refund you as soon as we are back home, i promise.
*************************
—
i thought you should know, moreover let your readers be notified
since i have been emailed i’m fairly convinced it’s your blog being vulnerable
Bionic > i thought you should know, moreover let your readers be notified since i have been emailed i’m fairly convinced it’s your blog being vulnerable
WordPress isn’t bulletproof, but it’s not “the blog” this time … the perps are using stolen Gmail addressbooks/contact lists/whatever.
I’ve received the same scammail 6 or 7 times from different people in the past few days, and the one common denominator is “Gmail”.
I saw a huge tailgate sticker on a pickup truck in Los Angeles several years ago that read “Google is NOT your friend!” That guy must have had a crystal ball!
I got fishing email (robbed, urgently need money, blah-blah) from
Bill Mullins
about hour ago (just saw it now and dropped by here to check).
If this is the address that got hacked (don’t know if extra “i” supposed to be there) you might want to update your email contacts on situation.
Seems WordPress ate email address in my previous comment it is billmiullins1946 @ gmail . com
Pingback: If You Get an Email From Me DO NOT Respond « Bill Mullins' Weblog – Tech Thoughts
Pingback: My Gmail Account Hacked From Nigeria « Bill Mullins' Weblog – Tech … | Gmail HOT news
Pingback: Tweets that mention My Gmail Account Hacked From Nigeria « Bill Mullins' Weblog – Tech Thoughts -- Topsy.com
I have a tech buddy (who btw takes care of our servers, computer stuff at work). About 6 months ago his Gmail acct got hacked. Being on his email list, I got a message similiar to the one you posted above. I thought it was odd since the mannerisms were not really how he would come across.
I tried to call him and got his voicemail. I had a hunch it wasn’t him sending me the message so I google messaged him. I asked where he was in London and got a reply. I told him I was trying to come up with the money and where I should send it (to get more information). I baited him with some info only our tech guy would no and the guy at the other end failed miserably. I then decided to have some fun and told him I was tracking his IP and when I found him, I had a buddy in London that was going to beat his ass. At about this point, he terminated the chat!
So I guess I have the distinct honor of chatting with a hacker hooligan!! lol. I immediately changed all of my online accounts passwords.
I recommend to all readers here that if this can happen to a security expert like Mr. Mullins, it CAN happen to anyone. You should routinely change your login information to thwart these criminals. And if someone you know sends you email or contacts you asking for money, play the devils advocate and make sure to verify the person at the other end is the person you know.
Hey G,
That’s too cool. I always knew you were a tough hombre. 🙂
Bill
A timely reminder to be ever-vigilant, so thanks Bill. I’m beginning to wonder if it is just the nature of people that where there is good, there must also be bad. I wonder when the world will ever change.
Hi Siam,
I think you’ve encapsulated the nature of people well. Unless evolution steps in to take a hand, I fear, we’ll always have a degree of evil to contend with.
Nice to see you visit again.
Bill
Thanks Bill. I really enjoy your site. And yes, it is probably something we are going to contend with for a long time to come. But I have changed my Gmail password now and will remember to do so on a regular basis. Again, thanks for the article.
Wow Bill,
If YOUR mail can be hacked, how much more the non-techies. Many of my subscriptions at Yahoo stopped one by one but there was no sign of hacking -maybe just part of my false and ridiculous internet ban.
The recent hacking of my domain name was my first and the hacker just succeeded in using it for advertising so I was lucky -I still own it.
But I’m amazed that everyday now, I detect attempts to hack my computer.
Hey Pochp,
I often wonder about the huge number of people who have been hacked, and who are unaware of it. At least you know.
Good to hear from you.
Bill
Funny coincidence, that my gmail account was hacked today, apparently from Croatia.
I guess I had left a door open as I had used a Mailinator email address as the secondary mail: lo and behold, there was a google password reset message in “my” mailinator box. Luckily, I was still able to re-reset the password by requesting another reset message.
Using the same name in both is obviously a big no-no. It is not good enough if the mailinator box can be guessed from gmail login. However, if the mailboxes are unrelated (like alice @ gmail & bob @ mailinator) I do not think there is a huge risk.
Hi Bob,
Thank you for this comment. It illustrates, once again, just how easy it is for an email account to be hacked. I’m glad to hear you were able to make a recovery.
Your advice on the “same name” issue, is very appropriate.
Bill
It’s not just you Bill. Something is up…
http://rye.patch.com/articles/rye-brook-blotter-identity-thieves-steal-1900-by-hacking-into-email-account
http://www.allvoices.com/news/5997337-hackers-use-woman039s-email-account-to-scam-friends
Thanks for that Mr. Reiner.
After reading the links, I agree – there’s something up.
Best,
Bill
Bill,
I know several folks where this sort of hijacking has occurred. Has me really thinking about the security of my online accounts. Sorry that happened!
Rick
Hey Rick,
In over 20 years, this has never happened, and I know damn well, it wasn’t something I did. But, I’m not going to cry over it.
I found something today, that showed me this wasn’t a random attack, but that I was *specifically* targeted and that’s an uncomfortable feeling. I suppose if you pull the lion’s tail often enough (the Nigerian scammers), you should be prepared for retaliation. I wasn’t, but I sure am now. I’ve learned the lesson well, and normal email security just won’t cut it.
These morons don’t like to be reminded, just how despicable they are.
Bill
Hey Bill,
Maybe only famous anti-scam bloggers are the specific targets of these despicable scums.
Hey Pochp,
Well, there does seem to be a bit of a trend. Even anti-malware developers including Kaspersky, and Trend Micro, have had their sites hacked recently.
When I use to write for Makeuseof.com, they had their Gmail account hacked, and their site password stolen leading to the hijacking of the entire Makeuseof site. It took the owners almost a week to get the site back from the hijackers. So yes, there is a precedent.
Bill
I just had the same problem. In fact i found your site by google search. My hacker’s IP address is very similar and WHOIS states it is from Africa! Just like you, i am fairly confident that my pw was not stolen from malware. What could be going on?
Hi Jeff,
I can’t give you a definitive answer – as of now, I still can’t find the absolute root cause. I can safely say though, that my password (just like yours), was not effected by malware. Sadly, this type of thing is common, and becoming increasingly so.
Stay safe,
Bill
Maybe if we could find out why Google ads appear on some WP.com blogs which shouldn’t be the case, we’ll have a clue.
Hey Pochp,
You’ll like today’s post in which I talk about these adds on WP blogs. I’m not too happy about it. See – Neosites A Professional Website Builder to the Max!
Best,
Bill
I too was hacked by this gang, from 41.155.49.38 who sent a similar letter to all my contacts, then directed mail to an account at live.com and deleted my mail and contacts before I could reset the password and regain control. Google says Nigeria but Whois says it is under Afrinic.net in Mauritius
OrgName: African Network Information Center
OrgID: AFRINIC
Address: 03B3 – 3rd Floor – Ebene Cyber Tower
Address: Cyber City
Address: Ebene
Address: Mauritius
City: Ebene
StateProv:
PostalCode: 0001
Country: MU
ReferralServer: whois://whois.afrinic.net
NetRange: 41.0.0.0 – 41.255.255.255
CIDR: 41.0.0.0/8
NetName: NET41
NetHandle: NET-41-0-0-0-1
Parent:
NetType: Allocated to AfriNIC
NameServer: NS1.AFRINIC.NET
NameServer: NS-SEC.RIPE.NET
NameServer: NS2.LACNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
Comment:
RegDate: 2005-04-12
Updated: 2009-05-27
OrgAbuseHandle: GENER11-ARIN
OrgAbuseName: Generic POC
OrgAbusePhone: +230 4666616
OrgAbuseEmail: abusepoc@afrinic.net
OrgTechHandle: GENER11-ARIN
OrgTechName: Generic POC
OrgTechPhone: +230 4666616
OrgTechEmail: abusepoc@afrinic.net
Google and Live.com should block this range of IP addresses and require abusepoc@afrinic.net to identify the user of the hacker’s IP addresses they administer, and report to the police and security at Google and Microsoft.
If they don’t do anything, ICANN should cut them off the Internet for failure to follow abuse rules.
If this happens to you, report to your local police immediately as a case of identity theft and get a case number even if they don’t do anything, just to cover yourself legally.
If anybody in London cares to help, maybe next time we can set up a sting operation with Scotland Yard and Western Union and catch the London members and break up the gang, here’s wishing. Their plan requires a human to collect the money in London, that is the weak point.
Now is the time to be sure you change your passwords and update your Google account information so there is no delay in getting Google to reset your password to the correct owner. Then of course scan for rootkits and trojans and keyloggers, as the hackers might not be in Africa at all, just relaying through there.
Thank you Eric. Your information has critical value for all of us.
Your suggestion to file a Police report, is a matter I hadn’t considered. On reflection, it is such a sensible recommendation.
Finally, there would be enormous satisfaction in arranging a sting operation to catch these criminals in the act. As you say, “here’s wishing.”
Bill
bill
crazy, this just happened to me last night too! Maybe they were targeting erics!
Hey Eric,
Well, there’s no doubt that cyber crooks use targeting techniques, including targeting specific sites and services. So I have no doubt, that it’s entirely possible that they target alphabetically as well.
Good luck in your recovery process, and thank you for commenting.
Bill
I wrote abusepoc@afrinic.net but no response. Also no response from security@google.com or security@live.com . Most recently, Google has put a spam filter on my outgoing gmail so it is unusable, and Google does not respond to my complaints. I pay for a lot of storage and other Google services and can’t use it now. Essentially they have no customer service or adequate security. Thus, even though like Bill I have been a user of all Google services from day 1, I am either moving to a provider I can pay for security or customer service, or going off the Internet entirely, it is not worth it.
If you want to keep using Gmail, here is my advice. Make sure your password is very strong, with numerals and uppercase letters and very long. Back up your Google Contacts to a csv file and keep it on a thumb drive not on your computer. Make sure your Google account profile information (not public) is complete, with a recovery clue, your phone number to receive SMS, an alternative email address not gmail account. Keep logged in to Gmail on a machine you don’t use for other online purposes. If you are logged out suddenly and can’t log in because it will not recognize your password, then take action. Your friends will call you asking if you sent the letter. Ask them to play the perp along in order to find out what hotel to send the money to and in what name via Western Union. As soon as you get enough info to call the police, immediately ask Google to reset your password. Get back online as soon as you can and check the settings and change the forwarding email address so responses are not sent to the criminal gang. Send out letters one by one (so as not to set off the spam alert) to your contacts once you recover the deleted list. Let us know here what you do. I think a lot of people will do a Google search and come here. Let’s get together and stop this gang!
Thank you for continuing to comment on this issue Eric.
If have heard complaint after complaint, concerning Gmail over the years. Despite the fact that Google encourages people to trust Gmail with sensitive personal data, they have a poor reputation for responding to issues that demand immediate attention. They seem oblivious to the fact that they make it enormously difficult for one to regain control of a hacked account.
In researching what could have gone wrong in my own case, time after time, I came across instances where highly competent computer users were hacked where no apparent cause could be established. It certainly leaves open the question as to whether Gmail’s security is sufficient.
Best,
Bill
You’re so right that they make it I’m so frustrated that the hackers took over my account and I can’t get it back after a week. I fill out the form and it tells me there have been too many requests on the account and to wait a few days. I wait and still the same message. It’s an endless loop and I can see others in the same situation on the Google Help Forum.
Thank you Lynn, for sharing your experience. Good luck in your recovery efforts.
Bill
As Lynn reports, getting your account back may be problematic. Especially if your account information is not up-to-date. The Google Account Profile (not public profile) provides a space for you to enter your mobile phone number so you can be sent an SMS text message to reset your password. You should make sure (before you are hacked) that all the profile information such as Hint is correct and current and that you are able to answer the questions quickly to reinstate your account. You should have an alternative email address, not another Gmail address.
The Nigerian hacker struck again the other day, attempting to highjack my account, and again I immediately reset the password and regained control before any damage. Be sure to check all settings frequently so that mail is not forwarded to the hacker’s account and deleted from yours.
I see from a New York Times article that the Gmail or Google unified login software was reportedly downloaded and stolen and used by hackers. Apparently it is a lot of code written in Javascript. One avenue of attack was apparently to send a PDF file with embedded Javascript. It is wise to make sure that your PDF Reader software has Javascript turned OFF so reading a PDF file does not allow a malicious Javascript program to take control of your Gmail account. You should also update your Adobe software to the very latest version as there were other bugs. Run a full scan of your computer to try to find trojans, keyloggers, viruses, and suspicious software. Remove any addons to browsers that you don’t really need.
At the time of the theft of Google code, Google opposed in several countries the legal requirement for internet cafes to record the identification of users. Google has ties to Northern California politicians who feel that the Internet and Google can promote American-style democracy in other nations, and that this democracy is facilitated by anonymity and suppressed by communist totalitarians. Others observe that if hackers are free to be anonymous and police not allowed to track them down, and that Google does nothing to stop or identify the hackers, then of course cloud computing in any secure fashion is simply not going to happen, and many people will end up leaving Google, and so it will go out of business as likely in China.
Some points to consider.
Thank you Eric.
Bill
Put me down as a “me, too” – with two gmail accounts hacked simultaneously on 24 June. One password wasn’t that great, but not in any dictionary…the other was downright strong.
Eric’s comments about embedded javascript within pdfs make me ill…
Realizations/discoveries:
1) my recovery account at Yahoo! had long since been put into deep-freeze due to lack of activity, though I’d thought my continued participation in ‘Yahoo groups’ was keeping it active. Short of keeping an unused account like this active just for a backup, what’s the alternative? Getting Yahoo! resurrected added greatly to delays in regaining control of the account, since gmail had already sent my recovery password (one per 24 hours, I think) to a suspended account.
2) cel-phone texting for recovery never worked. Maybe a Nextel issue?
3) mercifully, hacker didn’t delete six years’ worth of old email, though my contacts were all gone, clearly to make it hard for me to alert anyone of the hacking scam.
4) An unsanctioned utility called Gmail Backup – (assuming it’s secure!) – is my fallback to prevent total loss of email files should this recur and the next hacker decide to delete all old email. (I don’t even want to imagine losing it all, but it would have been SO easy…)
5) Since Google has the capacity to alert me of suspicious IP locales (i.e. the Nigerian IP used to hack both accounts) then wouldn’t it be a no-brainer for them to allow me to restrict logins to any level of specificity, right down to my ISP if that’s what I choose? Yes, I appreciate them freezing the accounts, but that didn’t happen until a lot of damage had been done. I can’t imagine the need for my IP to be available for gmail login over the 99.999% of the earth’s surface that’s outside of my normal routine, unless I am about to take an extended international trip – during which rare occasion I would be happy to update an allowable IP prefix, say.
Hi Dave,
I’m sorry to hear that it happened to you as well. I’m sure that you, like me, felt absolutely violated.
The points you raise are valid, particularly Google developing a restrictive login policy. That”s the first time I’ve heard this mentioned, and I would endorse such a policy vigorously. It’s a terrific idea and relatively easy to implement, So, why isn’t it being done?
If I had the time and the patience, I could write an article EVERY day, on * that* days new Gmail phishing attempt – many of which get through Gmail’s antispam filters. It’s a ludicrous situation.
Thank you for taking time to comment.
Bill
Bill,
To demo the degree of this type of problem and others go to this page: http://www.google.com/support/forum/p/gmail/
Then click on “Suspicious Messages and Scams”…
Very interesting…
Rick
Thanks for this Rick. Shows how widespread this problem is with Gmail.
Quite unbelievable.
Bill
Another observation. Once you reset the password and recover the account, delete the forwarding to the fake account, restore your contacts and deleted mail, then you still may have a problem. If you try to mail explanations to all the contacts the hacker sent fake mail to, you may run into Google’s spam filter. In my case, with hundreds of contacts, mailing each a different letter was impractical, but Google wouldn’t let me mail to more than one at a time, not only because of my volume, but the hacker’s volume triggered the filter, especially when some mail was returned from old addresses. However, if the spam filter for outgoing mail is triggered, you may get the chance to click on some boxes to indicate you don’t agree with their interpretation of your mail and you want the filter removed. You won’t get a response, but you might find that the process works and later you can send to more than one recipient. Good luck. I think the postings that Rick refers to don’t say much about this type of problem of hijacked accounts, and Google should be more up-front about it. When spammers use the same IP address it gets blocked, why can’t they block the IP addresses of the Nigerian hackers, or, as Bill suggests, let us do it?
Thanks Eric.
Have you considered setting up a Facebook Gmail complaints page, so that this issue gets the attention it deserves?
Best,
Bill
A Facebook page is a good idea. I couldn’t post on the Google help forum when my account was compromised. BTW, I finally got my account back after a week. I could see they set up a fake hotmail account in my name and intercepted my mail for a week. Fortunately it was mostly personal stuff. I’d be very nervous about running business through gmail after this experience.
Hi Lynn,
I’m happy to hear that you finally got access to your account. I suspect “frustrating”, hardly describes the experience.
I do think a Facebook page might be appropriate. This type of thing seems to get results when all else fails. I’m sure there are 100s of thousands of dissatisfied Gmail users out there.
Bill
Hacked on Tuesday and having all the same problems described above. Have given up trying to get anything back as I can’t seem to provide Google with the info they want to restore. As I’m no techy and not particularly internet savvy like you guys, have just one question…should I go ahead and just open up a new gmail account, and if so, what are my best options to try (understanding its now impossible) to keep this from happening again. Just change my password every month or so?
Hey Ellie,
There’s nothing to stop you from opening a new Gmail account. Many people (especially geeks), have multiple Gmail accounts.
Changing your password frequently is always good practice but, it takes more than that to maximize safety.
From Google:
Some tips to help keep your Google account safe:
* Always sign out when you’ve finished reading your mail.
* Only select Stay signed in if you’re signing in from a personal computer.
Checking the box next to Stay signed in on the Gmail login page will automatically sign you in each time you visit mail.google.com. This makes for easier access to Gmail, but if you check your email from a computer that other people have access to, automatically signing in may not be the best option.
When you check the box and sign in, Gmail sets a cookie (lasting two weeks) to remember you when you return to the site from the same computer. To disable the cookie, just click Sign out at the top of any Gmail page. You’ll need to re-enter your username and password when you return to Gmail.
We encourage you to sign out of Gmail at the end of each session to protect the security of your email information. Signing out of Gmail is especially important if you check your email on a public computer. To end your Gmail session, just click Sign out at the top of any Gmail page.
* Clear forms, passwords, cache, and cookies in your browser on a regular basis – especially on a public computer.
For instructions, please select your browser below:
Firefox
In Firefox 3.0 for PCs:
1. Log out of Gmail and close all other open browser windows.
2. Click the Tools menu at the top of your browser and select Clear Private Data…
3. Select the Cookies and Cache checkboxes.
4. Click Clear Private Data Now.
In Firefox 3.5+ for PCs:
1. Click the Tools menu.
2. Click Clear Recent History.
3. Expand the details.
4. Select the Cookies and Cache checkboxes.
5. Click Clear Now.
In Firefox 3.0 for Macs:
1. Log out of Gmail and close all other open browser windows.
2. Click the Firefox menu at the top of your browser and select Preferences…
3. Select the Privacy tab.
4. Click Clear Now… at the bottom of the dialogue box.
5. Check the boxes next to Cache and Cookies in the new dialogue box.
6. Click Clear Private Data Now.
In Firefox 3.5+ for Macs:
1. Log out of Gmail and close all other open browser windows.
2. Click the Firefox menu at the top of your browser and select Preferences…
3. Select the Privacy tab.
4. Click the clear your recent history link.
5. Click the triangle next to ‘Details” to expand the menu.
6. Check the boxes next to Cache and Cookies.
7. Click Clear Now.
Internet Explorer
In Internet Explorer 6.x:
1. Log out of Gmail. Close all other open browser windows.
2. Click the Tools menu at the top of your browser, and select Internet Options.
3. Click the General tab at the top of the dialogue box.
4. Click Delete Files under Temporary Internet files.
5. Select Delete all offline content by checking the box.
6. Click OK.
In Internet Explorer 7:
1. Log out of Gmail and close all other open browser windows.
2. Click Tools > Internet Options.
3. Select the General tab.
4. Click Delete under Browsing History.
5. Under Temporary Internet Files, click Delete Files.
6. Click Delete Cookies.
7. Click OK.
In Internet Explorer 8:
1. Log out of Gmail and close all other open browser windows.
2. Click Tools > Delete private browsing history.
3. Click the box next to ‘Temporary Internet files’ and ‘Cookies.’
4. Click Delete.
Mozilla
In Mozilla:
1. Log out of Gmail. Close all other open browser windows.
2. Click the Edit menu at the top of your browser, and select Preferences.
3. Click the + next to Advanced.
4. Select Cache under Advanced.
5. Click Clear Cache.
6. Click OK.
Netscape
In Netscape:
1. Log out of Gmail. Close all other open browser windows.
2. Click the Edit menu at the top of your browser, and select Preferences.
3. Click the + next to Advanced.
4. Select Cache under Advanced.
5. Click Clear Cache.
6. Click OK.
Safari
In Safari:
1. Log out of Gmail. Close all other open browser windows.
2. Open the Safari menu on your browser’s toolbar.
3. Select Empty Cache.
4. Click Empty in the dialogue box.
Other browsers
We’re sorry, but other browsers are not fully supported
by Gmail, and may not work properly with all Gmail features and functions.
We suggest using Google Chrome, Internet Explorer 6+
, Mozilla Firefox 2.0+
, or Safari 3.0+
for the best Gmail experience.
* Keep secrets! Never tell anyone your password, or your secret question and answer; if you do tell someone, change it as soon as possible.
* Choose a good password and security question and answer.
o Don’t write this information down anywhere
o Never send this information by email
o Never reuse your Gmail password for an account on another website
o Periodically change your password, and your security question and answer
To change your password or security question:
1. Click Settings at the top of any Gmail page, and open the Accounts and Import tab.
2. Click Google Account settings.
3. In the new window, click Change password or Change secret question under the Personal information option.
4. Complete the form and click Save to make your changes.
* Download the free Google Pack, which includes Mozilla’s Firefox browser as well as antivirus and anti-spyware utilities that can help keep your computer safe.
* Never give out your gmail password after following a link sent to you in an email. Access gmail directly by typing mail.google.com in your browser’s address bar.
Bill
1. Apparently Adobe hasn’t yet completely fixed the problems with Flash and PDF, so even downloading the latest versions might not prevent intrusions, and so it might be wise not to use that software on the same computer as Gmail, at least until we are sure it is fixed. Running antivirus software appears not to protect.
2. I see in today’s New York Times that Google called for help from the NSA when its server was hacked and the code stolen. Initial reports were that that server relayed foreign mail headers to the NSA for national security filtering. Now the NSA wants to help the new Cyberczar security, especially for connections of power grid and nuclear power plants to the Internet. It might be a better idea not to allow those connections, and not to rely on cloud computing or free Google software, since there is essentially no customer service and these message indicate security is still not assured. Certainly my advice would be to keep any critical financial data and bank accounts away from computers with Gmail or other Google software with the unified login. My
advice is also to contact the police and to use the best means to reach your friends and contacts and warn them of the compromise, they might be next. Simply moving to another Gmail account would not be sufficient in my opinion.
Ellie – I think I was where you are for several hours or half a day or something – Google’s account recovery form asked what appeared to me to be required (ridiculously detailed) questions, like what date you opened your gmail account, the email address of the person who referred you, etc. I think it turns out that’s all optional “do the best you can” info – so fill in what you know and let if fly. They should get back to you even if you’ve only been able to give them minimal info.
When you do get in, it’s easy to miss stuff the hackers changed – I went through settings several times before I noticed everything. The *$ &#s had forwarded my email to a fake new account in my name at Yahoo, and set things so all new incoming email would be deleted. The good news was they hadn’t deleted my OLD emails, so I can slowly rebuild my contacts by searching for old emails as I need.
The other of my two hacked accounts still had two massive BCC sent-mail items with the scam email going to all contacts – I think hacker was shut down by Google before they got a chance to delete those, or the contacts from that account. My personal account had only a few individually-targeted “sent” scam emails, so I could at least tell who a few of the targets had been and get back to them, but my contacts had been gutted to stop me from easily alerting everyone. I’m certain by now no one fell for it, but it disrupted a lot of people, not the least of this burden falling on me.
A Google insider spilled the beans to me just yesterday that they now have an in-house-use-only method of whitelisting IP addresses (controlling from which locales a user/hacker can log in), so that if you don’t plan on traveling to Nigeria (say), you can exclude all IPs with that prefix…But release to the public, whenever it might occur, will be too late for those who’ve been writing here – except for the next time. If I knew where to post to “demand” public release of this, I sure would…
Bill, thanks for the new advice.
I was using the latest developer version of Chrome when hacked, so apparently it doesn’t offer much protection. (Certainly exploits on IE6 have been known for a long time.) So now I use the latest Mozilla Firefox but with EFF’s https add-on. I think one part of the hacker’s attack is to change from https: to http: and you might miss that in the Chrome address bar even though it has a red marking when it happens. (After their server was hacked, Google changed Gmail to require the https: login, but it will work after the login in http: . I think the EFF add-on will make sure it stays in the more secure https: mode until you do the Signout procedure, not just click to close the browser window.)
I just wrote a letter to the Economic and Financial Crimes Commission in Nigeria ( info@efccnigeria.org ) as they request, detailing the attack and asking for an investigation. If you lose any money, the State Department has a website of resources at http://travel.state.gov/travel/cis_pa_tw/cis/cis_4522.html . I’m looking forward to the whitelist that Dave mentions!
As for Facebook, sorry, I don’t use it, I think it exposes too much info for these hackers and is not secure.
Hi Eric,
I’ve been using the HTTPS Everywhere extension, and I’m satisfied to this point. I’m hopeful that additional sites will be supported quickly.
I certainly understand your reluctance to employ Facebook – your reasoning seems valid.
Thank you for the links you provided – I’m sure they’ll be helpful.
Best,
Bill
I can’t thank you all enough for both the advice and just understanding my hell. Really, I actually feel better now…and just finished adding email addresses I realized I had in various photo sharing sites/evite to my new gmail account. Sigh, life goes on. Although, alas, my husband suspects one of our kind neighbors may have actually sent them money based on his sheepish reaction to husband explaining it was a scam. Thanks again!
I had this same problem
almost the same IP address (41.155.55.52) recently targeted my gmail account.
Whats sad is, I have multiple accounts, google automatically disabled one of my accounts due to the activity, but the other account was compromised and I cannot get it back. I have had this email address for many years and its sad that I can never get it back.
Nigeria has a lot of problems
Hey Ryan,
I’m sorry to hear about your trouble.
Bill