Hacked! Update

The good news/update on the hacker situation is that my sister was able to regain access to her e-mail account.  Through a number of google searches on compromised g-mail accounts, I read a blog story that mentioned that if you knew your exact account creation date as well as 6 frequently e-mailed addresses, that g-mail could get you back into your account.  My sister had filled out this form with an estimated account creation date, and never heard anything.  I told her to fill it out again using the exact account creation date that I was able to pull up in my g-mail account (since I had invited her to g-mail) and it worked!!!

The sad news is that all of her contacts have been deleted, but it looks like the majority of her sent messages are still intact, so she should be able to put together a new address book without much trouble.

But even though she has her account back, she now has to decide whether or not she wants to consider using it.  You see, she had given up hope of ever getting it back, so she created a new e-mail address.  Now she has two, which is fine for some people (for example, I manage at least 5 personal e-mail accounts that I use for various purposes), she's not really the kind of person that needs that many.  While all of her friends and family know her old address, I don't know if I would be able to shake the feeling that a complete stranger had been rummaging through my personal life.  There's this weird feeling of being violated that might be hard to overcome, and a fear that it could happen again at any time.

Regardless of what she decides, I learned a lot about google and g-mail security from this process, and I want to share that information with all of you who might also have g-mail accounts. 

So, I present to you my 5 recommendations for operating a safer, more secure G-mail account:

1. If you haven't done so already, change your passwords. Make them hard to guess, and make them different for each account you have.

2. Check your "filters" setting.  There is a G-mail virus that creates a filter in your settings that forwards messages to a hacker containing certain words (such as password.)  If you ever forgot your password and needed a reminder, the hacker would receive the new temporary password and you would never receive it - thus giving the hacker full access to your account.  To make sure that you don't have any filters, so to "Settings," then "filters" and make sure that there aren't any filters there.  Check this regularly.

3. Check your "Forwarding" settings.  In my sister's case, we noticed that she wasn't receiving any of the e-mails that I sending to her as a test.   She was online, and I was able to g-chat with her, but she wasn't receiving messages.  She had checked her filters and those were clear, so I told her to check her forwarding setting.  Lo and behold there was a fowarding setting on her account that basically instructed the system to forward all new e-mails to the hackers address (YES! She now has the hackers e-mail address!) and then delete them from g-mail, effectively her from ever knowing that a message was sent.  Once she removed the forwarding setting, she started receiving messages again.  Check this regularly.

4. Use G-mail's secure server.  G-mail offers the option to use a secure https:// server, but you have to make this a setting if you want to use it all the time.  Basically, this encrypts data that you send so that it's not as easy to hack, especially when you're using a non-secured wirless connection.  To change this, again go to "setting" and select "Always use https."  Although this will slow down your g-mail slightly, the extra security is probably worth it.

5. Learn your "account created" date.  If your g-mail account is compromised and your secondary e-mail and cell phone settings have been changed by the hacker, all hope may not be lost if you know your account created date.  Basically, this is the exact date that your g-mail account was created.  If you know this date when you fill out the "my account is compromised" form, they will reset your password and send it to another account that you specify, effectively taking away control from the hacker.  The key is that the date you list must be EXACTLY the same as your account creation date, otherwise, they won't be able to verify that it's really you.  This is what you need to do:
    - Talk to the person that invited you to G-mail
    - Have them search their e-mail for messages sent "From" the "Gmail Team."  This will bring up all of the g-mail invitations that people have accepted.
    - Have them tell you the exact date that they received the "YOUR NAME has accepted your invitation to Gmail" message.  This is your account creation date.
    - Now, store this information in a safe place (NOT in your g-mail account, where a hacker could find it.) 

While I know that anyone can be a victim of fraud and identity theft, I hope that these tips help to prevent it from happening to you!  And if you know of any additional tips, please let me know and I'll add them to this list!


Post a Comment