Aside from changing my password (which I did immediately).
I’ve seen this kind of thing before from other people in my contact list. A bunch of people who I have contacted were sent a link to a phishy/suspicious URL appearing to come from me. The URL is different in every case and I wouldn’t repost it anyway, but they all seem to contain “diamondstorepharmacy.net” in them. Luckily, looking at the Trash folder where there are still some remnants of the activity (nothing in the Sent folder, though), it looks like most of the e-mails bounced because the recipient domains rejected them outright.
In Gmail, in the account activity section there is an entry for a mobile IP located in Morocco (41.141.21.74) which accessed my account around the time the phishing e-mails were sent out. Funnily enough, my alert preference is supposed to “show an alert for unusual activity” and I got no such alert. I guess a long string of accessing my account from the same set of IPs in California punctuated by a sudden access from MOROCCO isn’t suspicious enough to alert me. :dubious:
So how did these fuckers get into my account and is there anything else I can do at this point besides setting a much stronger password? (I admit my password probably was not the best since it had letters and numbers but no special characters) Should I be worried about anything else happening?
Unfortunately there may not be much you can do to stop the emails going out. The ‘hacker’ no longer has access to your account (since you changed your password) but they already have your email address and a list of your contacts. It is pretty simple for them to spoof emails to your contacts so that they appear to come from you and there is nothing you can do to stop it apart from changing your email address and telling your contacts to block the previous one. Hopefully they won’t bother trying though and you can keep your address.
A lot of fraudulent access to email accounts isn’t down to poor passwords (a password list or brute force approach is always going to be slow unless the password is very weak, like ‘password’). One common way for ‘hackers’ to gain access is via phishing scams or by setting up a fake website, e.g. create an account with us to see nude pics of xxx/win an iPad etc. Lots of people use the same password for everything so once you create an account you have given away your password to your email address/facebook account etc. etc.
edit: so to answer your question the best thing you can do is to use a strong password and use different passwords for important accounts, given the amount of accounts a heavy internet user is likely to have it is hard to remember so many different passwords so at least use one password for your emails and one for eveything else if that is all you can manage.
Hmmm… I’m usually pretty careful about that kind of thing and I can’t even imagine anything I’ve accessed or signed up for lately that would have been suspect or part of a phishing operation. I also ran Microsoft Process Explorer to look for keyloggers and I don’t see any running processes on my computer that are suspicious. Gah, what a pain in the ass.
Can you recall doing anything on Gmail, clicking on a link and finding yourself having to log in again? That is, you were either logged out for no reason or got a message saying “you have to be logged in to do that” even though you’d swear you were already logged in. If that happened, it was fake. The link you clicked on right before that took you to a website that looked just like a gmail log in page, but it sent the user name and password to someone else.
Now, I have no idea if this is how it works on Gmail, but this is how it used to work on Myspace.
You can usually tell something’s up by checking the address bar (which wouldn’t have said gmail.com anymore) or by hitting the back button. If you were really logged out, then clicking back and trying to check a different piece of mail would still require you to log in, but if you can still navigate, you were still logged in…make sense?
Also, this type of scam is why you are always told that when you get an email from your bank, credit card company, paypal, ebay etc telling you something is wrong with your account, that you should open up a new browser window and type in the web address yourself so you know you’re going to the right place. It’s not that hard to disguise a link. For example, this link doesn’t go to www.straightdope.com it goes somewhere else.
Nothing coming to mind… going through browser history to see if anything looks off. It really pisses me off because I’m well aware of the general M.O. of phishers and I’m usually pretty savvy about it (I would never click on a link an e-mail to log in to my bank account, for example) and yet I guess all it takes is one bad day of being a little bit inattentive (if that really is how they gained access to my account).
keep in mind that at one time (and probably still are) there were virus’s out there that sent email from you that were not actually ‘from’ you, but the bounces would go to you.
They didn’t so much hack your account as they used your email address in an attempt to fool others.
The virii that were out there would actually turn your pc into a bot doing this from your email program, but that isn’t needed to spoof the ‘from’ field.
Virus scan I just ran came up clean, and there are no red flags in the scan history. But Gmail’s log showing an access from Morocco seems to indicate that the e-mails originated remotely and not from my own computer. I wouldn’t even fucking go to Morocco. Gmail should let you ban access to your account from anywhere outside of a user-defined set of geographical areas/countries.
I should have been clearer - the virus was one example of how this has been done, the other example is that the emailer can simply ‘say’ that the email is from you, and then the bounce goes to you - has absolutely nothing to do with the fact you did not send it. see - Email spoofing - Wikipedia
Yeah, but I want to figure out how they got access to my account in the first place in order to get the list of every person I’ve ever contacted (sigh). Of course I’ll probably never know. I just hope it’s easier for them to move on to the next victim instead of continuing to spoof e-mails as if they came from me.
Same thing happened to me a few months ago. It was basically one series of emails sent from my account to my address book to spam some website for viagra or something.
I too am really sharp about security and phishing and what not and I’m 99% certain there wasn’t a virus involved. I changed my email passwords and haven’t had a repeat since.
My suspicion is one of three things:
I logged into my email account on a public computer that logged my password.
They used a brute force attack to get my password, possible since I used a alphanumeric 8 digit code that contained a dictionary word without any special characters.
I used the same password on another website which subsequently got hacked.
I no longer use anything resembling a bank or email password for my standard account passwords on random websites and e-commerce sites so if a big company gets hacked (Sony!) the odds of them getting a useful email/password combo is nil. Of course I still share passwords across banks which is less than ideal, but I’m simply not willing to maintain upwards of 12 different passwords, the hassle outweighs the risk.
You know, now that you mention this I did log onto my Gmail account from a public computer at a Kinko’s (I guess it’s called FedEx Office now) a couple of weeks ago while I was on vacation. On the rare occasion that I do that, I usually check the browser settings first to make sure it’s not set to remember passwords and make sure to sign out when I’m done and clear form history, etc. I think I did it this time too, but I may have been distracted enough by the task I had to do at the time that I forgot… and I certainly didn’t do a sweep of that system to check if there were any viruses or keyloggers installed on it (hey, they charge you by the minute there!). Of course, this was in New York and not Morocco, but it’s definitely a theoretical source of the breach.
Most likely. This has happened to me and I don’t use a webmail account.
It’s possible that someone you know got a virus, which is where they got your email address and possibly their address book and possibly even emails they’ve received in the past. Changing your password was a good idea but your account was not necessarily hacked.
Make sure you change your password on every site. The biggest problem is people use the same password for everythign. So once they find out the password to say the StraightDope, they try your user name here and the password on any number of sites.
One really cleaver way of getting your password is a fake site that will then redirect correctly.
If this was all that was too it, they’d be called out quickly. Here’s the genius part.
As soon as you get the “invalid” or error message, the screen reloads. And you get the ACTUAL TRUE Acme.Com. D
So when you enter your password a second time, you actually get into Acme.Com and you’re thinking, “Oh I just typed to fast.”
See how you can give away your password and you wouldn’t think twice about it.
A brute force attack is not likely because after so many tries, it’s gonna put the captcha there or just lock you out till Google text messages you a code.
It probably was not a virus, url redirect or keylogger. Most likely some other site where you have an account was hacked. Was your gmail password used anywhere else? I’ll use SDMB as an example. Say you use the same password here. If the SDMB gets hacked, the hackers have access to your profile information and the password you used here. Your email is in your profile. The hackers take your email address and password from the SDMB and try it on gmail. If it works, they’re in and they start sending emails.
It is critically important that the password used for your email account is unique and not used anywhere else. In addition, any other site which uses an email address as a login should have a unique password. Think about a site like Facebook. The hackers could take the email address and password they got from the SDMB database to attempt to log into Facebook.