Google sent me a warning today that someone was trying to hack into my GMail account - and they even gave me the data of that person/company attempting to gain access and when:
It is not like I have state secrets on my GMail account, but I also don’t want anyone getting in there and spamming friends and family with those email addresses I have on my account.
Good that Google warned me.
Google stopped their attempt.
Allow me to put on my tinfoil hat for a minute:
Should I be overly concerned, or does this happen to others?
Was I singled out or were they trying to hack into millions of accounts using some automated system?
Assuming they had gotten access, what damage could they have done other than access the other email addresses I have and spammed those people?
Am I now on some list and they will try this again?
My password is not common, but then again it is not exactly encrypted with CIA clearance technology either - would it make a difference if I changed the password, considering they were unsuccessful and were blocked by Google on this attempt?
Are you sure it was a legit email? I’m thinking the email itself was fake. Even if Google wanted to warn you that someone tried to gain access to your account, I really can’t seem them giving you the IP address of the person/computer that was attempting to do it.
Did the email have any links? If you hover over the links did they go where they say they should go?
A huge concern or me would be that somebody could fish through my gmail history (wherein everything is “helpfully” archived by default rather than deleted) and find out what other services I use, and send password resets to them to gain access. They could get you locked-out of your Amazon, Apple and perhaps even banking accounts. You might be interested in reading Matt Honan’s epic ID theft ordeal of last summer:
Hmm…now that you mention that, when hovering over the link they sent to change my password (which I didn’t click) or to allow access using troubleshooting (which I also didn’t click), both of those are http:// instead of Google’s normal https://
Maybe this is the clue - the email itself was an attempt to get me to click there and go in and change my password for them to “see”?
Crap…now you have made me even more paranoid and my tinfoil hat is hurting my head!
Yesterday I noticed my smart phone was acting all weird and not allowing me access to sites I normally access…I chalked it up to oddness and simply took out the battery and then rebooted the phone. That seemed to work, but now I wonder if this was all somehow related to one of the apps I have on my smart phone.
Now the joy is to figure out which app, if any, was the villain in this series of events.
Anyone who saves (archives) potentially sensitive information in their gmail account (or google services like google docs/drive) should turn on two-factor authentication. You will have to go through a process to re-enable gmail access on all of your devices, but I think it’s worth it.
Well, it might be for real. I think there must have been another big board that got their database compromised, because yesterday my paypal account got hacked. The email address and password on it (stupidly!) is a combination I’ve used elsewhere in the past. Fortunately papyal customer service rocks and immediately reversed the transactions that moved all the money offshore.
At any rate, it could be that you’ve used your gmail account to log into a board that got compromised, and they were attempting to use the password that was associated with that account.
It makes perfect sense to supply the IP address, so you can potentially identify whether that was really you in an unusual access point.
Gmail does this as a matter of course I think, they’ve sent me emails that an IP in another country had accessed my account(it was me in another country).
OK - so I did go in and change password - making it a bit more complicated but still easy enough for my stubby fingers to type in on my smart phone tiny keys.
I haven’t turned on my smart phone today yet - so we’ll see how things work there later.
Thanks for comments and suggestions - keep 'em coming and let me know if this has happened to anyone else and what you did about it.
Same thing happened to me a week ago on Facebook. I logged on at home and FB told me that an attempt to log into my account from Bogota, Colombia was tried. I don’t think much of FB’s privacy information selling, but I do like their security when it works
FYI I should mention that I’m NOT from Bogota, Colombia have never been there.
I get ‘official notices’ from MMORPGs about my ‘illegal efforts to sell my accounts’ for games I have never actually made an account nor played … :dubious::rolleyes:
I can’t imagine an email that provides a link for you to click and change your password would be legit. To me, that’s the same as just asking your password.
That’s a dead giveaway, even if the hover-over address looked right. Legitimate businesses never, ever send email with a ‘go here to change your password’ link, because scams like this are so common. Legitimate businesses will tell you to go to their website and change the password there.
Here’s how you know it’s fake: It sounded scary. If a real business has to tell you that your account’s possibly been compromised, they’re going to make it as non-frightening as possible. Scammers, by contrast, want to scare people into acting emotionally rather than rationally. If the email makes your stomach tense up, there’s a 99% chance it’s a scam. Same goes for the “OMG your computer has eleventy billion viruses, click here now to fix it” popups that you’ll sometimes see. Real virus warnings are in boring colors and usually say “We found and deleted a virus. No action necessary, just thought you should know.”
Google does have a hacker warning, but it doesn’t arrive in an email and it doesn’t give you any links to change your credentials. Another article adds more detail:
So they don’t hand out IP addresses and locations. It would be worthless information anyway - hackers use proxies. Usually several of them. I’m pretty sure your account is fine. Changing the password anyway is a good idea - just do so from inside Gmail and not from that link!
I had the same thing happen a while back. Never figured out how they got the password, but they did.
Immediately afterwards, I found out about, and activated, Google’s Two Step Verification system. I highly recommend it if you’re concerned about your email security (hell, I recommend it to people who aren’t particularly concerned about their email security):
A lot of misinformation in here. Yes Google sends these out
And for the future, they record all attempts by IP for login. Just click the “details” link on the bottom right of the gmail page. It is how I found someone else was accessing my account last year before I changed the password
Another thing is, sometimes it prevents an authorized signin. By a phone app or something you let use your gmail account for any number of reasons. If that is the case you could ignore it I suppose.
The best advice is don’t click the links, go to gmail manually and update your password if you get one of these emails. Just to be safe.
As long as you are changing your password, make sure it is unique and only used on gmail. A very common hacker technique is to hack some other website where you have created an account. Likely you specified your email during signup. Hackers will take your password from that other website and attempt to log in to the email account registered to that site. If you use the same password on gmail and random websites, your gmail will eventually get hacked.
Where’s the misinformation? We all seem to be saying the same thing.
I don’t think Google actually sends you an email - they post a warning flag near the top of your inbox display that you can click on for more information.
*Bolded by me
That was the actual real email that Google sends that I posted… It is misinformation to say Google doesn’t send them kind of emails. Google sends those emails **Dmark ** was worried about, with the offending IP/Locale included.
I added a warning, that if you get the email to go ahead and manually go to gmail to change your password/look at the details summary. You all saying the same thing doesn’t make it right.
