True Life – My Account Was Hacked
January 24, 2013
Last week, I wrote about identity theft, and I mentioned that my identity had never been stolen. I should have knocked on some wood after I said that, because it happened to me just this morning. Someone briefly had access to my personal Gmail account, and they used it to send out a spam message to almost everyone I’ve emailed over the last 5 years. It was one of those “Stay-at-home mom makes $5000-$7000 per week on Google!” scams that are everywhere these days. Nothing serious happened, and I took precautions to make sure that no one could access it again, which I’ll describe this week.
If you use Gmail and think someone might be using your account, you can see every successful login by scrolling to the bottom-right of the inbox and clicking the “Details” button:
I’ve highlighted the relevant text so that it’s visible over my background; yours will likely look different. Once you click “Details”, a handy box like in the following image will show up. I’ve covered up my own IP addresses with black bars, and I’ve circled the unauthorized login in red. As you can see, it’s an IP address from Illinois, not Colorado.
I didn’t figure out about the spam messages because I noticed the unauthorized login; people who received the emails were nice enough to contact me. After this had been brought to my attention, I went to check my Sent Emails to see who had received them. But to my surprise, the last message Gmail had a record of was a legitimate one that I had sent many hours before the spam messages went out. The routine that grabbed all of my contacts and sent all the emails knew how to cover its tracks. Because of this, I figured that I might need to do more than just change my password to be protected. I went to this Google site, which is a “security checklist” that should be useful for any email client. I learned that the person or program that gets into your account might add links to malware in your signature, and in your automatic vacation response. This didn’t happen to me, but I wouldn’t have known if I didn’t check.
I was lucky this time that nothing worse happened. However, I changed the passwords on my bank accounts and MyCUInfo to make sure that information from my Gmail inbox couldn’t be used to access them.
The Greenback GuruShare on Facebook