"My Gmail Account Was Hijacked"
I received a letter from a retired English teacher in Iowa.
“My gmail account was hijacked, and everyone in my address book received this…”
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Subject: Urgent Assistance Needed!!!
Date: Sat, 11 Sep 2010 12:40:59 +0100
From: [letter writer’s name]
Hello,
I’m sorry for this urgent assistance request and i am sorry never to have mentioned anything to you about my visit to the UK.I’m currently stuck in Wales,United Kingdom right now, I came down here on a short visit, it was fun but unfortunately i got robbed last night on my way back to the hotel,lost cash and credit cards, it was such a crazy experience,it was shocking when i had a gun pointed at me but i thank God that never never pulled the trigger,a lady saw them and screamed for help on my behalf. I need help returning back home,i sustained few injuries but i thank GOD for my life and for still having my passport with me.
I’ve been to the authorities but they are not being 100% supportive but the good thing is that i still got my passports but currently having troubles paying off the hotel bills and getting a return ticket.
I need you to loan us 1,800.00 and i promise to refund it back tomorrow.. You have my word !!!
“Paul,
I sent this to you because you already have samples of similar scams at techpaul.wordpress.com.
Spread the news about strong passwords, and about software like lastpass. Using weak passwords (which I have done) is like leaving your car unlocked in a mall parking lot. Note that the cracker/scammer removed the phone number from my gmail .signature file. That reduces the chance that someone will call right away to check up on me.
Glad you have publicized stuff like this. It’s a valuable service to the Internet community. Thanks.
Cheers,
[Name withheld]
PS
I’m a retired English teacher, so most all of my correspondents know right away, from the atrocious writing, that it is a scam.
In my private exchanges with the letter writer, they informed me that they have yet to regain access to their Gmail account. Updated: the day after posting this, my correspondent told me they had finally regained access.
If you have had your Gmail hijacked: Unfortunately as you probably already know, Google customer service is virtually nonexistent. Everything is done through forms. Use the following form to report your trouble and regain access.
I will not tell you – yet again – that you need to use strong passwords, and change them every so often. All I get is “yeah.. yeah.. I know” and it kills my ratings. (From my Got A Computer? Top 10 Things You Should Do articles -> “#8: Use strong (and complex) passwords. Everywhere. And change them every so often.”)
Related:
* My Gmail Account Hacked From Nigeria
* A FREE Utility to Backup Your Gmail
* Use strong (and complex) passwords
Today’s free download: LastPass
LastPass is a password manager that makes web browsing easier and more secure.
** Software License Giveaway Drawing **
The folks at SPAMFighter have generously donated 5 licenses for SPAMFighter Pro to me, to award to my readers.
SPAMFighter is a community-based spam filtering tool for Outlook, Outlook Express, Windows Mail and Thunderbird that automatically and efficiently filters spam and phishing fraud – keeping it out of your Inbox.
For details (and to enter), click here.
Copyright 2007-2010 © “Tech Paul” (Paul Eckstrom). All Rights Reserved. 
post to jaanix.
>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<
| Share this post : |  |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
13 Comments »
Post your Comment/Question
• About Tech Paul
I am a Retired computer & network technician. I used to think the machines were pretty cool. Now I don’t.
They’re anything but.
I regularly posted how-to’s and tricks & tips and general computing advice here starting in 2007. (Use the Search tool to find answers. But be aware, many are rather dated.) Sometimes I answered (your) specific questions in an article if I believed the answer was generally helpful to “everyone”. All the writing you see was my own, typos and all. There always is/was an implied “IMHO” in what you see here.
Note: You are responsible for using this blog and its content. I am in no way liable for any losses caused by user error, viruses and/or other malware, hardware or software failure, or any other conceivable reason.
-
Say "thank you!" Buy Tech Paul a cup of coffee (and keep T4E ad free).
-
-
McAfee® Cybersafety Resource Portal, an online help center designed to assist victims of computer crime and provide information on how to avoid becoming a victim.
-
Subscribe to Tech--for Everyone by EmailRecent Comments
-
-
-
-
Also:
-
-
Tech - for Everyone 
Tech Paul,
While it may be true, that in the instance you relate here, a poor choice of passwords may have been the cause, that’s the exception, and not the rule, in Gmail hijacking.
Having had one of my Gmail accounts hacked this past June, I am more than aware that Google is not immune to hacking, as the fairly recent fiasco in China, in which Chinese hackers compromised Chinese activists’ Gmail accounts, illustrates.
In fact, Gmail hacking is a much more common occurrence than most users are aware of. If you want confirmation of this, then Google “my Gmail has been hacked”.
The following is just one example of how this can be done.
The victim visits a page while being logged into Gmail. Upon execution, the page performs a multipart/form-data POST to one of the Gmail interfaces and injects a filter into the victim’s filter list.
The attacker writes a filter, which simply looks for emails with attachments and forwards them to an email of their choice. This filter will automatically transfer all emails matching the rule. Keep in mind that future emails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list.
This is exactly what happened to me. BTW, I did not have any problem recovering my Gmail account since the hackers, DID NOT have my password.
Bill Mullins
LikeLike
Bill,
Thank you for contributing this very important information for my readers. (I included a “related” link to your article – My Gmail Account Hacked From Nigeria – as you have provided excellent advice there.)
Yes, my correspondent believes they are an example of “what not to do”, and asked me to reiterate some basic password advice… which can and should be applied as “general practice”, and not just to Gmail (I think we all have heard of recent “celebrity” email hijackings.. Sarah Palin leaps to my mind, for some reason), IMHO.
Folks – what does he mean “filters”?
In Gmail, click on “Settings” (upper-right), and then “Filters”. You can create filters to perform certain actions when email arrives that meet the criteria you set: such as moving all messages with the word “lottery” directly into your Junk folder. (If you suspect unauthorized activity, look for a filter you didn’t put there. Also check “Forwarding”, and make sure there is none set there either.)
Also, Folks, Bill’s website, Tech Thoughts, was the very first site I posted to my Blogroll, and he was the winner of my very first Tech Paul’s Friend Of The Internet Surfer Award. If you haven’t visited his site yet.. what are you waiting for?
LikeLike
I had this happen to a friend of mine last week with a Hotmail acct.
LikeLike
Durnit, g! I had a bet with myself you were going to say something about LastPass (as I know you are a proponent).. Now I owe me a dollar.
With the levity out of the way, allow me to say that I feel for your friend: “stressed out” would only be the beginning of the terms I might use..
LikeLike
Hold on, there is a subliminal message in all of this leading to tempt the user to use LastPass.
I’ll send you my address to forward the dollar. lol.
LikeLike
g,
When they send me my per-mention commission, I’ll forward it on and deduct the cost of the stamp.. or is a stamp up to a dollar now?
(Just kidding around, folks. I’m not on anybody’s payroll here.)
LikeLike
Thanks Paul & Bill.
Eye opener for me.
Thanks,
Grr
LikeLike
Grr,
Weak passwords, and easy to guess answers to “secret questions”, are a real.. well, common problem. You know what the most commonly used password is? Well, depending on which study you look at, “password” and/or “12345678” (scoring 1st & 2nd, or 2nd & 1st). Add to that the fact that most of us use the same password in many (all?) places..
My article, Use strong (and complex) passwords, gives pointers on what makes a ‘good’ password – but for many folks, the simplest answer is a password manager.
LikeLike
Agree Paul.
1 more thing that crossed my mind is: how secure is it to access gmail, etc over unprotected networks, like in a library, coffee shop, airports & similar other places?
Even with a strong complex password would a hacker not able to track the passwords in open network?
Thanks,
Grr
LikeLike
Grr,
It is a relatively simple thing for a cyber-criminal to do bad things in public ‘hotspots’ (WiFi) – such as eavesdropping the data packets as a man-in-the-middle, “sniffing”, or even setting themselves up as the hotspot (see rogue access point) and I would never use them for checking e-mail, online banking, etc.. WiFi is risky risky.
My local library has public computers for accessing the Internet which are not wireless, but hard-wired terminals, and these are quite a bit more secure.. but. When I was forced (due to a severely long power outage) to use them for online correspondence (and posting this blog) the first thing I did when my power came back on was change all my logons.
LikeLike
Thanks for answering Paul.
Thanks, Grr
LikeLike
Email accounts hacked! I knew about that, but it sort of sat IN THE BACK OF MY MIND – NOT PAYING MUCH ATTENTION TO THIS ISSUE, WITH MY ATTENTION FOCUSED ELSEWHERE…
Now, after reading these posts, (and thanks for this) I will be fully aware of these risks. As well I will be checking my hotmail, yahoo, and personal accounts, to see if there’s FILTERS there, that can be activated.
Again thanks everyone
G.
LikeLike
Gaia,
Many people I talk to have an attitude (“belief” may be a better word) of “hackers are not interested in boring old me…” and so they think they will not be the targets of cybercrime like Email hijacking.. and so they think they don’t need to inconvenience themselves with security.
Well, they are sort of right — the ‘hacker’ is probably not interested in reading their e-mail, but the ‘hacker’ is interested in their machine, (to use it to send spam and viruses), their Contacts list, their online passwords, etc..
How much more likely are you to open an e-mail attachment if it comes from your son or daughter or best friend (their infected/hacked machines, actually) than if it comes from Randell Sedbrook or Onl1nePh@rmacy?
LikeLike