The Straight Dope

Go Back   Straight Dope Message Board > Main > Mundane Pointless Stuff I Must Share (MPSIMS)

Reply
 
Thread Tools Display Modes
  #1  
Old 01-16-2013, 11:42 AM
DMark DMark is offline
Guest
 
Join Date: Jul 2001
Someone Trying To Hack Into My GMail Account!

Google sent me a warning today that someone was trying to hack into my GMail account - and they even gave me the data of that person/company attempting to gain access and when:

Wednesday, January 16, 2013 12:02:16 PM UTC
IP Address: 173.86.24.123 (173-86-24-123.dr01.wlbr.pa.frontiernet.net.)
Location: Wilkes-Barre, PA, USA

It is not like I have state secrets on my GMail account, but I also don't want anyone getting in there and spamming friends and family with those email addresses I have on my account.

Good that Google warned me.
Google stopped their attempt.

Allow me to put on my tinfoil hat for a minute:
1. Should I be overly concerned, or does this happen to others?
2. Was I singled out or were they trying to hack into millions of accounts using some automated system?
3. Assuming they had gotten access, what damage could they have done other than access the other email addresses I have and spammed those people?
4. Am I now on some list and they will try this again?
5. My password is not common, but then again it is not exactly encrypted with CIA clearance technology either - would it make a difference if I changed the password, considering they were unsuccessful and were blocked by Google on this attempt?

Suggestions and comments welcomed.
Reply With Quote
Advertisements  
  #2  
Old 01-16-2013, 11:51 AM
Joey P Joey P is online now
Charter Member
 
Join Date: Jun 1999
Location: Milwaukee, WI
Posts: 21,883
Are you sure it was a legit email? I'm thinking the email itself was fake. Even if Google wanted to warn you that someone tried to gain access to your account, I really can't seem them giving you the IP address of the person/computer that was attempting to do it.

Did the email have any links? If you hover over the links did they go where they say they should go?

Last edited by Joey P; 01-16-2013 at 11:52 AM..
Reply With Quote
  #3  
Old 01-16-2013, 11:55 AM
Patty O'Furniture Patty O'Furniture is offline
Guest
 
Join Date: May 1999
A huge concern or me would be that somebody could fish through my gmail history (wherein everything is "helpfully" archived by default rather than deleted) and find out what other services I use, and send password resets to them to gain access. They could get you locked-out of your Amazon, Apple and perhaps even banking accounts. You might be interested in reading Matt Honan's epic ID theft ordeal of last summer:

http://www.wired.com/gadgetlab/2012/...honan-hacking/
__________________
Join Date: May 20, 1999
Location: Bangkok, Thailand
Posts: 8,756
Reply With Quote
  #4  
Old 01-16-2013, 11:58 AM
DMark DMark is offline
Guest
 
Join Date: Jul 2001
Quote:
Originally Posted by Joey P View Post
Are you sure it was a legit email? I'm thinking the email itself was fake. Even if Google wanted to warn you that someone tried to gain access to your account, I really can't seem them giving you the IP address of the person/computer that was attempting to do it.

Did the email have any links? If you hover over the links did they go where they say they should go?
Hmm...now that you mention that, when hovering over the link they sent to change my password (which I didn't click) or to allow access using troubleshooting (which I also didn't click), both of those are http:// instead of Google's normal https://

Maybe this is the clue - the email itself was an attempt to get me to click there and go in and change my password for them to "see"?
Reply With Quote
  #5  
Old 01-16-2013, 12:05 PM
DMark DMark is offline
Guest
 
Join Date: Jul 2001
Quote:
Originally Posted by Patty O'Furniture View Post
A huge concern or me would be that somebody could fish through my gmail history (wherein everything is "helpfully" archived by default rather than deleted) and find out what other services I use, and send password resets to them to gain access. They could get you locked-out of your Amazon, Apple and perhaps even banking accounts. You might be interested in reading Matt Honan's epic ID theft ordeal of last summer:

http://www.wired.com/gadgetlab/2012/...honan-hacking/
Crap...now you have made me even more paranoid and my tinfoil hat is hurting my head!

Yesterday I noticed my smart phone was acting all weird and not allowing me access to sites I normally access...I chalked it up to oddness and simply took out the battery and then rebooted the phone. That seemed to work, but now I wonder if this was all somehow related to one of the apps I have on my smart phone.

Now the joy is to figure out which app, if any, was the villain in this series of events.

Crap, crap, crap...
Reply With Quote
  #6  
Old 01-16-2013, 12:14 PM
Patty O'Furniture Patty O'Furniture is offline
Guest
 
Join Date: May 1999
Anyone who saves (archives) potentially sensitive information in their gmail account (or google services like google docs/drive) should turn on two-factor authentication. You will have to go through a process to re-enable gmail access on all of your devices, but I think it's worth it.
__________________
Join Date: May 20, 1999
Location: Bangkok, Thailand
Posts: 8,756
Reply With Quote
  #7  
Old 01-16-2013, 12:26 PM
JSexton JSexton is online now
Charter Member
 
Join Date: Jan 2000
Location: Snowy Oregon
Posts: 4,151
Well, it might be for real. I think there must have been another big board that got their database compromised, because yesterday my paypal account got hacked. The email address and password on it (stupidly!) is a combination I've used elsewhere in the past. Fortunately papyal customer service rocks and immediately reversed the transactions that moved all the money offshore.

At any rate, it could be that you've used your gmail account to log into a board that got compromised, and they were attempting to use the password that was associated with that account.

It makes perfect sense to supply the IP address, so you can potentially identify whether that was really you in an unusual access point.
Reply With Quote
  #8  
Old 01-16-2013, 12:27 PM
grude grude is offline
Guest
 
Join Date: Dec 2011
Gmail does this as a matter of course I think, they've sent me emails that an IP in another country had accessed my account(it was me in another country).
Reply With Quote
  #9  
Old 01-16-2013, 12:43 PM
DMark DMark is offline
Guest
 
Join Date: Jul 2001
OK - so I did go in and change password - making it a bit more complicated but still easy enough for my stubby fingers to type in on my smart phone tiny keys.

I haven't turned on my smart phone today yet - so we'll see how things work there later.

Thanks for comments and suggestions - keep 'em coming and let me know if this has happened to anyone else and what you did about it.
Reply With Quote
  #10  
Old 01-16-2013, 01:15 PM
YogSosoth YogSosoth is offline
Guest
 
Join Date: Nov 2008
Same thing happened to me a week ago on Facebook. I logged on at home and FB told me that an attempt to log into my account from Bogota, Colombia was tried. I don't think much of FB's privacy information selling, but I do like their security when it works

FYI I should mention that I'm NOT from Bogota, Colombia have never been there.

Last edited by YogSosoth; 01-16-2013 at 01:15 PM..
Reply With Quote
  #11  
Old 01-16-2013, 07:09 PM
aruvqan aruvqan is offline
Charter Member
 
Join Date: Feb 2004
Location: Eastern Connecticut
Posts: 15,540
I get 'official notices' from MMORPGs about my 'illegal efforts to sell my accounts' for games I have never actually made an account nor played ...
Reply With Quote
  #12  
Old 01-16-2013, 09:51 PM
White SIFL White SIFL is offline
Guest
 
Join Date: Jan 2013
Apparently hackers are targeting mid level targets now. Some good info can be found here: http://www.wired.com/gadgetlab/2012/...ssword-hacker/
Reply With Quote
  #13  
Old 01-16-2013, 10:11 PM
SeaDragonTattoo SeaDragonTattoo is offline
Member
 
Join Date: Sep 2007
Location: Chicago, Far Northsider
Posts: 5,862
I can't imagine an email that provides a link for you to click and change your password would be legit. To me, that's the same as just asking your password.
Reply With Quote
  #14  
Old 01-16-2013, 10:22 PM
FlyByNight512 FlyByNight512 is offline
Guest
 
Join Date: Oct 2011
Quote:
Originally Posted by DMark View Post
Hmm...now that you mention that, when hovering over the link they sent to change my password (which I didn't click) or to allow access using troubleshooting (which I also didn't click), both of those are http:// instead of Google's normal https://

Maybe this is the clue - the email itself was an attempt to get me to click there and go in and change my password for them to "see"?
That's a dead giveaway, even if the hover-over address looked right. Legitimate businesses never, ever send email with a 'go here to change your password' link, because scams like this are so common. Legitimate businesses will tell you to go to their website and change the password there.

Here's how you know it's fake: It sounded scary. If a real business has to tell you that your account's possibly been compromised, they're going to make it as non-frightening as possible. Scammers, by contrast, want to scare people into acting emotionally rather than rationally. If the email makes your stomach tense up, there's a 99% chance it's a scam. Same goes for the "OMG your computer has eleventy billion viruses, click here now to fix it" popups that you'll sometimes see. Real virus warnings are in boring colors and usually say "We found and deleted a virus. No action necessary, just thought you should know."

Google does have a hacker warning, but it doesn't arrive in an email and it doesn't give you any links to change your credentials. Another article adds more detail:

Quote:
“While we don’t have the capability to determine the specific location from which an account is accessed, a login appearing to come from one country and occurring a few hours after a login from another country may trigger an alert,” blogged Google Engineering Director Pavni Diwanji.
So they don't hand out IP addresses and locations. It would be worthless information anyway - hackers use proxies. Usually several of them. I'm pretty sure your account is fine. Changing the password anyway is a good idea - just do so from inside Gmail and not from that link!
Reply With Quote
  #15  
Old 01-16-2013, 10:24 PM
AaronX AaronX is offline
Guest
 
Join Date: Feb 2011
Quote:
Originally Posted by Joey P View Post
Even if Google wanted to warn you that someone tried to gain access to your account, I really can't seem them giving you the IP address of the person/computer that was attempting to do it.
Facebook does this all the time. This is what it said when I tried to log in from my Kindle https://lh5.googleusercontent.com/-a...0/IMG_0945.PNG (I think Kindle redirects all Internet traffic to Amazon's servers - that's how they control which websites you can visit, and how you can visit Facebook while in China)

FB also does that when you log into while in, er, private mode.
Reply With Quote
  #16  
Old 01-17-2013, 11:05 AM
Anamorphic Anamorphic is offline
Guest
 
Join Date: Sep 2000
I had the same thing happen a while back. Never figured out how they got the password, but they did.

Immediately afterwards, I found out about, and activated, Google's Two Step Verification system. I highly recommend it if you're concerned about your email security (hell, I recommend it to people who aren't particularly concerned about their email security):

http://support.google.com/accounts/b...&answer=180744
Reply With Quote
  #17  
Old 01-18-2013, 02:36 PM
RyJae RyJae is offline
Guest
 
Join Date: Jul 2005
A lot of misinformation in here. Yes Google sends these out

Quote:
Your name

Someone recently tried to use an application to sign in to your Google Account, Youremail@gmail.com. We prevented the sign-in attempt in case this was a hijacker trying to access your account. Please review the details of the sign-in attempt:

Monday, November 19, 2012 8:30:44 PM GMT
IP Address: 171.112.137.20
Location: Huanggang, Hubei, China

If you do not recognize this sign-in attempt, someone else might be trying to access your account. You should sign in to your account and reset your password immediately. Find out how at http://support.google.com/accounts?p=reset_pw

If this was you, and you want to give this application access to your account, complete the troubleshooting steps listed at http://support.google.com/mail?p=client_login

Sincerely,
The Google Accounts Team

And for the future, they record all attempts by IP for login. Just click the "details" link on the bottom right of the gmail page. It is how I found someone else was accessing my account last year before I changed the password

Another thing is, sometimes it prevents an authorized signin. By a phone app or something you let use your gmail account for any number of reasons. If that is the case you could ignore it I suppose.

The best advice is don't click the links, go to gmail manually and update your password if you get one of these emails. Just to be safe.
Reply With Quote
  #18  
Old 01-18-2013, 02:53 PM
filmore filmore is offline
Guest
 
Join Date: Aug 2002
As long as you are changing your password, make sure it is unique and only used on gmail. A very common hacker technique is to hack some other website where you have created an account. Likely you specified your email during signup. Hackers will take your password from that other website and attempt to log in to the email account registered to that site. If you use the same password on gmail and random websites, your gmail will eventually get hacked.
Reply With Quote
  #19  
Old 01-18-2013, 08:15 PM
Patty O'Furniture Patty O'Furniture is offline
Guest
 
Join Date: May 1999
Quote:
Originally Posted by RyJae View Post
A lot of misinformation in here.
Where's the misinformation? We all seem to be saying the same thing.

I don't think Google actually sends you an email - they post a warning flag near the top of your inbox display that you can click on for more information.
Reply With Quote
  #20  
Old 01-19-2013, 02:01 AM
RyJae RyJae is offline
Guest
 
Join Date: Jul 2005
Quote:
Originally Posted by Patty O'Furniture View Post
Where's the misinformation? We all seem to be saying the same thing.

I don't think Google actually sends you an email - they post a warning flag near the top of your inbox display that you can click on for more information.
*Bolded by me


That was the actual real email that Google sends that I posted..... It is misinformation to say Google doesn't send them kind of emails. Google sends those emails Dmark was worried about, with the offending IP/Locale included.

I added a warning, that if you get the email to go ahead and manually go to gmail to change your password/look at the details summary. You all saying the same thing doesn't make it right.
Reply With Quote
  #21  
Old 01-19-2013, 02:12 AM
RyJae RyJae is offline
Guest
 
Join Date: Jul 2005
After Googling, I must also add a new warning. The legit messages do NOT contain any attachments and all route back correctly.
Reply With Quote
  #22  
Old 01-19-2013, 02:54 AM
Patty O'Furniture Patty O'Furniture is offline
Guest
 
Join Date: May 1999
Quote:
Originally Posted by RyJae View Post
It is misinformation to say Google doesn't send them kind of emails.
Fine, but you are quoting me after the fact, and I was referring to your statement that there is a "lot of misinformation" in the thread at the time you made post #17. Where is the "lot of misinformation" you're referring to in posts 1-16?

In any event, I'm still not convinced that Google sends actual emails - mainly because I've gotten plenty of those 'suspicious activity' warning flags from Google and they have all been in the main browser view, in the form of bold text with a red or pink background.

I have seen several Google knowledge base articles where they discuss the flags they display on the face of your inbox. But I can't seen to find anything that says they will actually send you emails, although I admit that I have not researched too thoroughly. If you can find a policy statement or KB article where they say that they send actual warning emails, I'd be interested in seeing it.

I would think that would just add to the noise. As the OP notes, how can you tell the real ones from the scams? It seems much more effective for Google to do the notification at the top of the inbox view (where they have easy access and scammers don't), rather than as just another email that might get lost in the noise.
Reply With Quote
  #23  
Old 01-19-2013, 02:59 AM
RyJae RyJae is offline
Guest
 
Join Date: Jul 2005
I get my email through my phone like many others do nowadays which means no login page :-) I am not going to argue I am stating fact go on your hunch it cannot hurt you but it is wrong.
Reply With Quote
  #24  
Old 01-23-2013, 11:52 PM
JSexton JSexton is online now
Charter Member
 
Join Date: Jan 2000
Location: Snowy Oregon
Posts: 4,151
Quote:
Originally Posted by Patty O'Furniture View Post
I have seen several Google knowledge base articles where they discuss the flags they display on the face of your inbox. But I can't seen to find anything that says they will actually send you emails, although I admit that I have not researched too thoroughly. If you can find a policy statement or KB article where they say that they send actual warning emails, I'd be interested in seeing it.
This thread contains a post from a Google Community Manager confirming that they do in fact send these emails. I have also received them, and they were legitimate.

That said, I have no doubt that phishers have imitated these emails as well. You're always better off going to a website yourself, rather than you using links in emails.
Reply With Quote
  #25  
Old 01-24-2013, 02:10 AM
Lord Mondegreen Lord Mondegreen is offline
Guest
 
Join Date: Mar 2004
Yep, I got one on my alternate email address (which happens to be my work email) last week. Because I hadn't had one before I didn't follow the link - I logged into GMail and saw the banner warning.

Because of my super-paranoia I didn't even follow the link there. I just went and changed my password.

And yes, the GMail email included the IP address.
Reply With Quote
  #26  
Old 06-24-2014, 08:15 PM
blueroses4 blueroses4 is offline
Guest
 
Join Date: Jun 2014
Gmail Suspicious Activity- legitimate or not

I also was sent a notification about my Gmail account. I thought this was unusual, and Googled it. I read your threads and saw how maybe the alert itself is a virus.
I believe it is not, I went to Google's main Gmail help at the URL : https://support.google.com/accounts/..._topic=2401957

It has an "s" with the "http" like its other sites and it thoroughly explains the "unusual activity alerts."

This URL branches off of https://support.google.com/accounts/# which is legitimate.

Some steps to take if you have this happen are:
1.Run a virus scan on your computer. Some hackers install programs on computers to track what you type, and a virus scan will reduce this risk.
2.Change your password. Someone likely knows your password and used it to sign in to your account.
3.Make sure your recovery options are up-to-date. If someone signed in to your account, they might have modified your account recovery settings so that they can get new passwords sent to their email address.

It might have been you if:
•You traveled to this location, and signed in to your account while you were there
•You started using a new mobile device
•You signed in to your account from a friend's computer
•You signed in to your account on a shared computer at an Internet cafe, library, or another location


I also know there is the possibility that someone has an email very similar to yours and then attempted to sign in with a different password which then alerted google that you have a potential hacker when it was all innocent because they just made a typo.

In my case there is no way someone could have had my password or that I was ever there, so it's really weird. I'm changing all my passwords to every site I go to and doing a complete virus/malware sweep on my computer.

Sorry if I repeated anything anyone else said. Hope this helps.
Reply With Quote
  #27  
Old 06-24-2014, 08:35 PM
friedo friedo is online now
Charter Member
 
Join Date: May 2000
Location: Brooklyn
Posts: 20,771
Quote:
Originally Posted by Patty O'Furniture View Post
Anyone who saves (archives) potentially sensitive information in their gmail account (or google services like google docs/drive) should turn on two-factor authentication.
That.
Reply With Quote
Reply



Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 11:17 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.

Send questions for Cecil Adams to: cecil@chicagoreader.com

Send comments about this website to: webmaster@straightdope.com

Terms of Use / Privacy Policy

Advertise on the Straight Dope!
(Your direct line to thousands of the smartest, hippest people on the planet, plus a few total dipsticks.)

Publishers - interested in subscribing to the Straight Dope?
Write to: sdsubscriptions@chicagoreader.com.

Copyright © 2013 Sun-Times Media, LLC.