56 responses to “My Gmail Account Hacked From Nigeria

  1. Ahmed helmi

    Hi bill,
    ijust cant belive this! If gmail could be hacked so whats the point of using it ? /sad

  2. Do not bore them to hacking, because I always have any mites may be.

  3. greg

    The internet is not a fun place to be.Think about it malware, tracking cookies , flash cookies,privacy concern abound, windows problems I used Ghostery for a short while and that really opens your eyes to the lack of privacy.Some day I will cut the cord and go back to doing things in a simpler and more secure manner

  4. Bionic

    take this seriously hence it is targeted your readers..

    i’ve just received this email..

    *************************
    Subject: Urgent help !!!!
    Date: Sun, 6 Jun 2010 20:54:16 +0300
    Bill Mullins

    I’m sorry for this odd request because it might get to you too urgent but it’s because of the situation of things right now,I’m stuck in London with family right now, we came down here on family vacation, we were robbed, worse of it is that bags, cash and cards and our cell phone were stolen at a GUN POINT,and it’s hard to get hold of a phone here in
    London it’s such a crazy experience for us, we need help flying back home, the authorities are not being 100% supportive but the good thing is we still have our passport but don’t have enough money to get our flight ticket back home, please i need you to loan us some money, will refund you as soon as we are back home, i promise.
    *************************


    i thought you should know, moreover let your readers be notified
    since i have been emailed i’m fairly convinced it’s your blog being vulnerable

    • Bionic > i thought you should know, moreover let your readers be notified since i have been emailed i’m fairly convinced it’s your blog being vulnerable

      WordPress isn’t bulletproof, but it’s not “the blog” this time … the perps are using stolen Gmail addressbooks/contact lists/whatever.

      I’ve received the same scammail 6 or 7 times from different people in the past few days, and the one common denominator is “Gmail”.

      I saw a huge tailgate sticker on a pickup truck in Los Angeles several years ago that read “Google is NOT your friend!” That guy must have had a crystal ball!

  5. I got fishing email (robbed, urgently need money, blah-blah) from

    Bill Mullins

    about hour ago (just saw it now and dropped by here to check).

    If this is the address that got hacked (don’t know if extra “i” supposed to be there) you might want to update your email contacts on situation.

  6. Seems WordPress ate email address in my previous comment it is billmiullins1946 @ gmail . com

  7. Pingback: If You Get an Email From Me DO NOT Respond « Bill Mullins' Weblog – Tech Thoughts

  8. Pingback: My Gmail Account Hacked From Nigeria « Bill Mullins' Weblog – Tech … | Gmail HOT news

  9. Pingback: Tweets that mention My Gmail Account Hacked From Nigeria « Bill Mullins' Weblog – Tech Thoughts -- Topsy.com

  10. g

    I have a tech buddy (who btw takes care of our servers, computer stuff at work). About 6 months ago his Gmail acct got hacked. Being on his email list, I got a message similiar to the one you posted above. I thought it was odd since the mannerisms were not really how he would come across.

    I tried to call him and got his voicemail. I had a hunch it wasn’t him sending me the message so I google messaged him. I asked where he was in London and got a reply. I told him I was trying to come up with the money and where I should send it (to get more information). I baited him with some info only our tech guy would no and the guy at the other end failed miserably. I then decided to have some fun and told him I was tracking his IP and when I found him, I had a buddy in London that was going to beat his ass. At about this point, he terminated the chat!

    So I guess I have the distinct honor of chatting with a hacker hooligan!! lol. I immediately changed all of my online accounts passwords.

    I recommend to all readers here that if this can happen to a security expert like Mr. Mullins, it CAN happen to anyone. You should routinely change your login information to thwart these criminals. And if someone you know sends you email or contacts you asking for money, play the devils advocate and make sure to verify the person at the other end is the person you know.

  11. Siam

    A timely reminder to be ever-vigilant, so thanks Bill. I’m beginning to wonder if it is just the nature of people that where there is good, there must also be bad. I wonder when the world will ever change.

    • Bill Mullins

      Hi Siam,

      I think you’ve encapsulated the nature of people well. Unless evolution steps in to take a hand, I fear, we’ll always have a degree of evil to contend with.

      Nice to see you visit again.

      Bill

      • Siam

        Thanks Bill. I really enjoy your site. And yes, it is probably something we are going to contend with for a long time to come. But I have changed my Gmail password now and will remember to do so on a regular basis. Again, thanks for the article.

  12. Wow Bill,
    If YOUR mail can be hacked, how much more the non-techies. Many of my subscriptions at Yahoo stopped one by one but there was no sign of hacking -maybe just part of my false and ridiculous internet ban.
    The recent hacking of my domain name was my first and the hacker just succeeded in using it for advertising so I was lucky -I still own it.
    But I’m amazed that everyday now, I detect attempts to hack my computer.

    • Bill Mullins

      Hey Pochp,

      I often wonder about the huge number of people who have been hacked, and who are unaware of it. At least you know.

      Good to hear from you.

      Bill

  13. Bobmail

    Funny coincidence, that my gmail account was hacked today, apparently from Croatia.

    I guess I had left a door open as I had used a Mailinator email address as the secondary mail: lo and behold, there was a google password reset message in “my” mailinator box. Luckily, I was still able to re-reset the password by requesting another reset message.

    Using the same name in both is obviously a big no-no. It is not good enough if the mailinator box can be guessed from gmail login. However, if the mailboxes are unrelated (like alice @ gmail & bob @ mailinator) I do not think there is a huge risk.

    • Bill Mullins

      Hi Bob,

      Thank you for this comment. It illustrates, once again, just how easy it is for an email account to be hacked. I’m glad to hear you were able to make a recovery.

      Your advice on the “same name” issue, is very appropriate.

      Bill

    • Bill Mullins

      Thanks for that Mr. Reiner.

      After reading the links, I agree – there’s something up.

      Best,

      Bill

  14. Bill,

    I know several folks where this sort of hijacking has occurred. Has me really thinking about the security of my online accounts. Sorry that happened!

    Rick

    • Bill Mullins

      Hey Rick,

      In over 20 years, this has never happened, and I know damn well, it wasn’t something I did. But, I’m not going to cry over it.

      I found something today, that showed me this wasn’t a random attack, but that I was *specifically* targeted and that’s an uncomfortable feeling. I suppose if you pull the lion’s tail often enough (the Nigerian scammers), you should be prepared for retaliation. I wasn’t, but I sure am now. I’ve learned the lesson well, and normal email security just won’t cut it.

      These morons don’t like to be reminded, just how despicable they are.

      Bill

  15. Hey Bill,
    Maybe only famous anti-scam bloggers are the specific targets of these despicable scums.

    • Bill Mullins

      Hey Pochp,

      Well, there does seem to be a bit of a trend. Even anti-malware developers including Kaspersky, and Trend Micro, have had their sites hacked recently.

      When I use to write for Makeuseof.com, they had their Gmail account hacked, and their site password stolen leading to the hijacking of the entire Makeuseof site. It took the owners almost a week to get the site back from the hijackers. So yes, there is a precedent.

      Bill

  16. I just had the same problem. In fact i found your site by google search. My hacker’s IP address is very similar and WHOIS states it is from Africa! Just like you, i am fairly confident that my pw was not stolen from malware. What could be going on?

    • Hi Jeff,

      I can’t give you a definitive answer – as of now, I still can’t find the absolute root cause. I can safely say though, that my password (just like yours), was not effected by malware. Sadly, this type of thing is common, and becoming increasingly so.

      Stay safe,

      Bill

      • Maybe if we could find out why Google ads appear on some WP.com blogs which shouldn’t be the case, we’ll have a clue.

        • Hey Pochp,

          You’ll like today’s post in which I talk about these adds on WP blogs. I’m not too happy about it. See – Neosites A Professional Website Builder to the Max!

          Best,

          Bill

  17. Eric Eldred

    I too was hacked by this gang, from 41.155.49.38 who sent a similar letter to all my contacts, then directed mail to an account at live.com and deleted my mail and contacts before I could reset the password and regain control. Google says Nigeria but Whois says it is under Afrinic.net in Mauritius

    OrgName: African Network Information Center
    OrgID: AFRINIC
    Address: 03B3 – 3rd Floor – Ebene Cyber Tower
    Address: Cyber City
    Address: Ebene
    Address: Mauritius
    City: Ebene
    StateProv:
    PostalCode: 0001
    Country: MU

    ReferralServer: whois://whois.afrinic.net

    NetRange: 41.0.0.0 – 41.255.255.255
    CIDR: 41.0.0.0/8
    NetName: NET41
    NetHandle: NET-41-0-0-0-1
    Parent:
    NetType: Allocated to AfriNIC
    NameServer: NS1.AFRINIC.NET
    NameServer: NS-SEC.RIPE.NET
    NameServer: NS2.LACNIC.NET
    NameServer: TINNIE.ARIN.NET
    NameServer: SEC1.APNIC.NET
    NameServer: SEC3.APNIC.NET
    Comment:
    RegDate: 2005-04-12
    Updated: 2009-05-27

    OrgAbuseHandle: GENER11-ARIN
    OrgAbuseName: Generic POC
    OrgAbusePhone: +230 4666616
    OrgAbuseEmail: abusepoc@afrinic.net

    OrgTechHandle: GENER11-ARIN
    OrgTechName: Generic POC
    OrgTechPhone: +230 4666616
    OrgTechEmail: abusepoc@afrinic.net

    Google and Live.com should block this range of IP addresses and require abusepoc@afrinic.net to identify the user of the hacker’s IP addresses they administer, and report to the police and security at Google and Microsoft.

    If they don’t do anything, ICANN should cut them off the Internet for failure to follow abuse rules.

    If this happens to you, report to your local police immediately as a case of identity theft and get a case number even if they don’t do anything, just to cover yourself legally.

    If anybody in London cares to help, maybe next time we can set up a sting operation with Scotland Yard and Western Union and catch the London members and break up the gang, here’s wishing. Their plan requires a human to collect the money in London, that is the weak point.

    Now is the time to be sure you change your passwords and update your Google account information so there is no delay in getting Google to reset your password to the correct owner. Then of course scan for rootkits and trojans and keyloggers, as the hackers might not be in Africa at all, just relaying through there.

    • Thank you Eric. Your information has critical value for all of us.

      Your suggestion to file a Police report, is a matter I hadn’t considered. On reflection, it is such a sensible recommendation.

      Finally, there would be enormous satisfaction in arranging a sting operation to catch these criminals in the act. As you say, “here’s wishing.”

      Bill

  18. eric

    bill

    crazy, this just happened to me last night too! Maybe they were targeting erics!

    • Hey Eric,

      Well, there’s no doubt that cyber crooks use targeting techniques, including targeting specific sites and services. So I have no doubt, that it’s entirely possible that they target alphabetically as well.

      Good luck in your recovery process, and thank you for commenting.

      Bill

  19. Eric Eldred

    I wrote abusepoc@afrinic.net but no response. Also no response from security@google.com or security@live.com . Most recently, Google has put a spam filter on my outgoing gmail so it is unusable, and Google does not respond to my complaints. I pay for a lot of storage and other Google services and can’t use it now. Essentially they have no customer service or adequate security. Thus, even though like Bill I have been a user of all Google services from day 1, I am either moving to a provider I can pay for security or customer service, or going off the Internet entirely, it is not worth it.

    If you want to keep using Gmail, here is my advice. Make sure your password is very strong, with numerals and uppercase letters and very long. Back up your Google Contacts to a csv file and keep it on a thumb drive not on your computer. Make sure your Google account profile information (not public) is complete, with a recovery clue, your phone number to receive SMS, an alternative email address not gmail account. Keep logged in to Gmail on a machine you don’t use for other online purposes. If you are logged out suddenly and can’t log in because it will not recognize your password, then take action. Your friends will call you asking if you sent the letter. Ask them to play the perp along in order to find out what hotel to send the money to and in what name via Western Union. As soon as you get enough info to call the police, immediately ask Google to reset your password. Get back online as soon as you can and check the settings and change the forwarding email address so responses are not sent to the criminal gang. Send out letters one by one (so as not to set off the spam alert) to your contacts once you recover the deleted list. Let us know here what you do. I think a lot of people will do a Google search and come here. Let’s get together and stop this gang!

    • Thank you for continuing to comment on this issue Eric.

      If have heard complaint after complaint, concerning Gmail over the years. Despite the fact that Google encourages people to trust Gmail with sensitive personal data, they have a poor reputation for responding to issues that demand immediate attention. They seem oblivious to the fact that they make it enormously difficult for one to regain control of a hacked account.

      In researching what could have gone wrong in my own case, time after time, I came across instances where highly competent computer users were hacked where no apparent cause could be established. It certainly leaves open the question as to whether Gmail’s security is sufficient.

      Best,

      Bill

  20. Lynn

    You’re so right that they make it I’m so frustrated that the hackers took over my account and I can’t get it back after a week. I fill out the form and it tells me there have been too many requests on the account and to wait a few days. I wait and still the same message. It’s an endless loop and I can see others in the same situation on the Google Help Forum.

  21. Eric Eldred

    As Lynn reports, getting your account back may be problematic. Especially if your account information is not up-to-date. The Google Account Profile (not public profile) provides a space for you to enter your mobile phone number so you can be sent an SMS text message to reset your password. You should make sure (before you are hacked) that all the profile information such as Hint is correct and current and that you are able to answer the questions quickly to reinstate your account. You should have an alternative email address, not another Gmail address.

    The Nigerian hacker struck again the other day, attempting to highjack my account, and again I immediately reset the password and regained control before any damage. Be sure to check all settings frequently so that mail is not forwarded to the hacker’s account and deleted from yours.

    I see from a New York Times article that the Gmail or Google unified login software was reportedly downloaded and stolen and used by hackers. Apparently it is a lot of code written in Javascript. One avenue of attack was apparently to send a PDF file with embedded Javascript. It is wise to make sure that your PDF Reader software has Javascript turned OFF so reading a PDF file does not allow a malicious Javascript program to take control of your Gmail account. You should also update your Adobe software to the very latest version as there were other bugs. Run a full scan of your computer to try to find trojans, keyloggers, viruses, and suspicious software. Remove any addons to browsers that you don’t really need.

    At the time of the theft of Google code, Google opposed in several countries the legal requirement for internet cafes to record the identification of users. Google has ties to Northern California politicians who feel that the Internet and Google can promote American-style democracy in other nations, and that this democracy is facilitated by anonymity and suppressed by communist totalitarians. Others observe that if hackers are free to be anonymous and police not allowed to track them down, and that Google does nothing to stop or identify the hackers, then of course cloud computing in any secure fashion is simply not going to happen, and many people will end up leaving Google, and so it will go out of business as likely in China.

  22. Dave

    Put me down as a “me, too” – with two gmail accounts hacked simultaneously on 24 June. One password wasn’t that great, but not in any dictionary…the other was downright strong.

    Eric’s comments about embedded javascript within pdfs make me ill…

    Realizations/discoveries:
    1) my recovery account at Yahoo! had long since been put into deep-freeze due to lack of activity, though I’d thought my continued participation in ‘Yahoo groups’ was keeping it active. Short of keeping an unused account like this active just for a backup, what’s the alternative? Getting Yahoo! resurrected added greatly to delays in regaining control of the account, since gmail had already sent my recovery password (one per 24 hours, I think) to a suspended account.
    2) cel-phone texting for recovery never worked. Maybe a Nextel issue?
    3) mercifully, hacker didn’t delete six years’ worth of old email, though my contacts were all gone, clearly to make it hard for me to alert anyone of the hacking scam.
    4) An unsanctioned utility called Gmail Backup – (assuming it’s secure!) – is my fallback to prevent total loss of email files should this recur and the next hacker decide to delete all old email. (I don’t even want to imagine losing it all, but it would have been SO easy…)
    5) Since Google has the capacity to alert me of suspicious IP locales (i.e. the Nigerian IP used to hack both accounts) then wouldn’t it be a no-brainer for them to allow me to restrict logins to any level of specificity, right down to my ISP if that’s what I choose? Yes, I appreciate them freezing the accounts, but that didn’t happen until a lot of damage had been done. I can’t imagine the need for my IP to be available for gmail login over the 99.999% of the earth’s surface that’s outside of my normal routine, unless I am about to take an extended international trip – during which rare occasion I would be happy to update an allowable IP prefix, say.

    • Hi Dave,

      I’m sorry to hear that it happened to you as well. I’m sure that you, like me, felt absolutely violated.

      The points you raise are valid, particularly Google developing a restrictive login policy. That”s the first time I’ve heard this mentioned, and I would endorse such a policy vigorously. It’s a terrific idea and relatively easy to implement, So, why isn’t it being done?

      If I had the time and the patience, I could write an article EVERY day, on * that* days new Gmail phishing attempt – many of which get through Gmail’s antispam filters. It’s a ludicrous situation.

      Thank you for taking time to comment.

      Bill

  23. Bill,

    To demo the degree of this type of problem and others go to this page: http://www.google.com/support/forum/p/gmail/

    Then click on “Suspicious Messages and Scams”…

    Very interesting…

    Rick

  24. Eric Eldred

    Another observation. Once you reset the password and recover the account, delete the forwarding to the fake account, restore your contacts and deleted mail, then you still may have a problem. If you try to mail explanations to all the contacts the hacker sent fake mail to, you may run into Google’s spam filter. In my case, with hundreds of contacts, mailing each a different letter was impractical, but Google wouldn’t let me mail to more than one at a time, not only because of my volume, but the hacker’s volume triggered the filter, especially when some mail was returned from old addresses. However, if the spam filter for outgoing mail is triggered, you may get the chance to click on some boxes to indicate you don’t agree with their interpretation of your mail and you want the filter removed. You won’t get a response, but you might find that the process works and later you can send to more than one recipient. Good luck. I think the postings that Rick refers to don’t say much about this type of problem of hijacked accounts, and Google should be more up-front about it. When spammers use the same IP address it gets blocked, why can’t they block the IP addresses of the Nigerian hackers, or, as Bill suggests, let us do it?

  25. Lynn

    A Facebook page is a good idea. I couldn’t post on the Google help forum when my account was compromised. BTW, I finally got my account back after a week. I could see they set up a fake hotmail account in my name and intercepted my mail for a week. Fortunately it was mostly personal stuff. I’d be very nervous about running business through gmail after this experience.

    • Hi Lynn,

      I’m happy to hear that you finally got access to your account. I suspect “frustrating”, hardly describes the experience.

      I do think a Facebook page might be appropriate. This type of thing seems to get results when all else fails. I’m sure there are 100s of thousands of dissatisfied Gmail users out there.

      Bill

  26. Ellie

    Hacked on Tuesday and having all the same problems described above. Have given up trying to get anything back as I can’t seem to provide Google with the info they want to restore. As I’m no techy and not particularly internet savvy like you guys, have just one question…should I go ahead and just open up a new gmail account, and if so, what are my best options to try (understanding its now impossible) to keep this from happening again. Just change my password every month or so?

    • Hey Ellie,

      There’s nothing to stop you from opening a new Gmail account. Many people (especially geeks), have multiple Gmail accounts.

      Changing your password frequently is always good practice but, it takes more than that to maximize safety.

      From Google:

      Some tips to help keep your Google account safe:

      * Always sign out when you’ve finished reading your mail.
      * Only select Stay signed in if you’re signing in from a personal computer.

      Checking the box next to Stay signed in on the Gmail login page will automatically sign you in each time you visit mail.google.com. This makes for easier access to Gmail, but if you check your email from a computer that other people have access to, automatically signing in may not be the best option.

      When you check the box and sign in, Gmail sets a cookie (lasting two weeks) to remember you when you return to the site from the same computer. To disable the cookie, just click Sign out at the top of any Gmail page. You’ll need to re-enter your username and password when you return to Gmail.

      We encourage you to sign out of Gmail at the end of each session to protect the security of your email information. Signing out of Gmail is especially important if you check your email on a public computer. To end your Gmail session, just click Sign out at the top of any Gmail page.
      * Clear forms, passwords, cache, and cookies in your browser on a regular basis – especially on a public computer.

      For instructions, please select your browser below:

      Firefox

      In Firefox 3.0 for PCs:
      1. Log out of Gmail and close all other open browser windows.
      2. Click the Tools menu at the top of your browser and select Clear Private Data…
      3. Select the Cookies and Cache checkboxes.
      4. Click Clear Private Data Now.

      In Firefox 3.5+ for PCs:
      1. Click the Tools menu.
      2. Click Clear Recent History.
      3. Expand the details.
      4. Select the Cookies and Cache checkboxes.
      5. Click Clear Now.

      In Firefox 3.0 for Macs:
      1. Log out of Gmail and close all other open browser windows.
      2. Click the Firefox menu at the top of your browser and select Preferences…
      3. Select the Privacy tab.
      4. Click Clear Now… at the bottom of the dialogue box.
      5. Check the boxes next to Cache and Cookies in the new dialogue box.
      6. Click Clear Private Data Now.

      In Firefox 3.5+ for Macs:
      1. Log out of Gmail and close all other open browser windows.
      2. Click the Firefox menu at the top of your browser and select Preferences…
      3. Select the Privacy tab.
      4. Click the clear your recent history link.
      5. Click the triangle next to ‘Details” to expand the menu.
      6. Check the boxes next to Cache and Cookies.
      7. Click Clear Now.

      Internet Explorer

      In Internet Explorer 6.x:
      1. Log out of Gmail. Close all other open browser windows.
      2. Click the Tools menu at the top of your browser, and select Internet Options.
      3. Click the General tab at the top of the dialogue box.
      4. Click Delete Files under Temporary Internet files.
      5. Select Delete all offline content by checking the box.
      6. Click OK.

      In Internet Explorer 7:
      1. Log out of Gmail and close all other open browser windows.
      2. Click Tools > Internet Options.
      3. Select the General tab.
      4. Click Delete under Browsing History.
      5. Under Temporary Internet Files, click Delete Files.
      6. Click Delete Cookies.
      7. Click OK.

      In Internet Explorer 8:
      1. Log out of Gmail and close all other open browser windows.
      2. Click Tools > Delete private browsing history.
      3. Click the box next to ‘Temporary Internet files’ and ‘Cookies.’
      4. Click Delete.

      Mozilla

      In Mozilla:
      1. Log out of Gmail. Close all other open browser windows.
      2. Click the Edit menu at the top of your browser, and select Preferences.
      3. Click the + next to Advanced.
      4. Select Cache under Advanced.
      5. Click Clear Cache.
      6. Click OK.

      Netscape

      In Netscape:
      1. Log out of Gmail. Close all other open browser windows.
      2. Click the Edit menu at the top of your browser, and select Preferences.
      3. Click the + next to Advanced.
      4. Select Cache under Advanced.
      5. Click Clear Cache.
      6. Click OK.

      Safari

      In Safari:
      1. Log out of Gmail. Close all other open browser windows.
      2. Open the Safari menu on your browser’s toolbar.
      3. Select Empty Cache.
      4. Click Empty in the dialogue box.

      Other browsers

      We’re sorry, but other browsers are not fully supported

      by Gmail, and may not work properly with all Gmail features and functions.

      We suggest using Google Chrome, Internet Explorer 6+

      , Mozilla Firefox 2.0+

      , or Safari 3.0+

      for the best Gmail experience.
      * Keep secrets! Never tell anyone your password, or your secret question and answer; if you do tell someone, change it as soon as possible.
      * Choose a good password and security question and answer.
      o Don’t write this information down anywhere
      o Never send this information by email
      o Never reuse your Gmail password for an account on another website
      o Periodically change your password, and your security question and answer

      To change your password or security question:

      1. Click Settings at the top of any Gmail page, and open the Accounts and Import tab.
      2. Click Google Account settings.
      3. In the new window, click Change password or Change secret question under the Personal information option.
      4. Complete the form and click Save to make your changes.
      * Download the free Google Pack, which includes Mozilla’s Firefox browser as well as antivirus and anti-spyware utilities that can help keep your computer safe.
      * Never give out your gmail password after following a link sent to you in an email. Access gmail directly by typing mail.google.com in your browser’s address bar.

      Bill

  27. Eric Eldred

    1. Apparently Adobe hasn’t yet completely fixed the problems with Flash and PDF, so even downloading the latest versions might not prevent intrusions, and so it might be wise not to use that software on the same computer as Gmail, at least until we are sure it is fixed. Running antivirus software appears not to protect.

    2. I see in today’s New York Times that Google called for help from the NSA when its server was hacked and the code stolen. Initial reports were that that server relayed foreign mail headers to the NSA for national security filtering. Now the NSA wants to help the new Cyberczar security, especially for connections of power grid and nuclear power plants to the Internet. It might be a better idea not to allow those connections, and not to rely on cloud computing or free Google software, since there is essentially no customer service and these message indicate security is still not assured. Certainly my advice would be to keep any critical financial data and bank accounts away from computers with Gmail or other Google software with the unified login. My
    advice is also to contact the police and to use the best means to reach your friends and contacts and warn them of the compromise, they might be next. Simply moving to another Gmail account would not be sufficient in my opinion.

  28. Dave

    Ellie – I think I was where you are for several hours or half a day or something – Google’s account recovery form asked what appeared to me to be required (ridiculously detailed) questions, like what date you opened your gmail account, the email address of the person who referred you, etc. I think it turns out that’s all optional “do the best you can” info – so fill in what you know and let if fly. They should get back to you even if you’ve only been able to give them minimal info.

    When you do get in, it’s easy to miss stuff the hackers changed – I went through settings several times before I noticed everything. The *$ &#s had forwarded my email to a fake new account in my name at Yahoo, and set things so all new incoming email would be deleted. The good news was they hadn’t deleted my OLD emails, so I can slowly rebuild my contacts by searching for old emails as I need.

    The other of my two hacked accounts still had two massive BCC sent-mail items with the scam email going to all contacts – I think hacker was shut down by Google before they got a chance to delete those, or the contacts from that account. My personal account had only a few individually-targeted “sent” scam emails, so I could at least tell who a few of the targets had been and get back to them, but my contacts had been gutted to stop me from easily alerting everyone. I’m certain by now no one fell for it, but it disrupted a lot of people, not the least of this burden falling on me.

    A Google insider spilled the beans to me just yesterday that they now have an in-house-use-only method of whitelisting IP addresses (controlling from which locales a user/hacker can log in), so that if you don’t plan on traveling to Nigeria (say), you can exclude all IPs with that prefix…But release to the public, whenever it might occur, will be too late for those who’ve been writing here – except for the next time. If I knew where to post to “demand” public release of this, I sure would…

  29. Eric Eldred

    Bill, thanks for the new advice.

    I was using the latest developer version of Chrome when hacked, so apparently it doesn’t offer much protection. (Certainly exploits on IE6 have been known for a long time.) So now I use the latest Mozilla Firefox but with EFF’s https add-on. I think one part of the hacker’s attack is to change from https: to http: and you might miss that in the Chrome address bar even though it has a red marking when it happens. (After their server was hacked, Google changed Gmail to require the https: login, but it will work after the login in http: . I think the EFF add-on will make sure it stays in the more secure https: mode until you do the Signout procedure, not just click to close the browser window.)

    I just wrote a letter to the Economic and Financial Crimes Commission in Nigeria ( info@efccnigeria.org ) as they request, detailing the attack and asking for an investigation. If you lose any money, the State Department has a website of resources at http://travel.state.gov/travel/cis_pa_tw/cis/cis_4522.html . I’m looking forward to the whitelist that Dave mentions!

    As for Facebook, sorry, I don’t use it, I think it exposes too much info for these hackers and is not secure.

    • Hi Eric,

      I’ve been using the HTTPS Everywhere extension, and I’m satisfied to this point. I’m hopeful that additional sites will be supported quickly.

      I certainly understand your reluctance to employ Facebook – your reasoning seems valid.

      Thank you for the links you provided – I’m sure they’ll be helpful.

      Best,

      Bill

  30. Ellie

    I can’t thank you all enough for both the advice and just understanding my hell. Really, I actually feel better now…and just finished adding email addresses I realized I had in various photo sharing sites/evite to my new gmail account. Sigh, life goes on. Although, alas, my husband suspects one of our kind neighbors may have actually sent them money based on his sheepish reaction to husband explaining it was a scam. Thanks again!

  31. Ryan Diederich

    I had this same problem

    almost the same IP address (41.155.55.52) recently targeted my gmail account.

    Whats sad is, I have multiple accounts, google automatically disabled one of my accounts due to the activity, but the other account was compromised and I cannot get it back. I have had this email address for many years and its sad that I can never get it back.

    Nigeria has a lot of problems