Gmail hacked through Google Docs

Ally Dick

Hi. Got an email from an acquaintance yesterday through Gmail with an important document attached. Asked me to sign in to Google Docs which I did. When I looked at the document, it was nonsense. My acquaintance then emailed me to say that his gmail was hacked. I got notification this morning that my google account was signed on to this morning from Lagos Nigeria. I immediately changed my password and reviewed my security settings, and all looks ok. Is it too late for me, do you reckon. Would spam have been sent out already posing as me ? I have not seen anything strange in my Sent folder.
Normally I am not naive, but this person was talking to me about a possible job offer and I thought the pdf attachment was in relation to this, so there were lots of strong coincidences unfortunately

seamus

Ugh, an annoying one.

How far they got can depend on a lot of things. For a start, if you use the same email address and password that was hacked on any other sites, change this immediately.

They will often spam your entire mailbox and then delete the sent mails to try and cover their tracks, so a check of your trash folder may or may not reveal what they were up to.

Check any of the big sites that you have signed up with - PayPal, ebay, Amazon, Facebook, Twitter, LinkedIn, etc - ensure that your email address and password is still valid (they may have tried to reset either or both of them). Remember that having access to your primary email is the online equivalent of someone having a copy of your passport - while they had access they effectively had access to all sites that use that email address.

Change your security settings on your email account, right now - set up two-factor authentication. In this case, even if someone does get your email password, they won't be able to log into your account without the TFA code.

ItHurtsWhenIP

seamus wrote: »

...
Change your security settings on your email account, right now - set up two-factor authentication. In this case, even if someone does get your email password, they won't be able to log into your account without the TFA code.

I second this. Any on-line account that you have which provides 2FA, get it set-up today but do it for your e-mail immediately.

neonman

Not good OP.

As others have said already use two-factor authentication for your email. Your email password should be your most secure password you use online. Never use it for any other online account, use Upper/Lower/numeric and symbols as part of it and if you can a length of 8 or more minimum. I know it mightn't have helped here as they got your password but the two-factor authentication would have for sure.

The approach I take with passwords online is email is the most complex password possible and never used else where. Social media next level and forums and the like at the bottom, i'm not that worried if someone gets these as they're not connected to any of the upper level passwords.

email is the gateway into your entire personal life.

Joe Exotic

OP
Pretty much exactly what everyone has said here already 2FA on email and any account you use which has your credit card number. eg amazon

I use Last pass to handle my passwords you can add an extension to chrome it is a good way to keep track of unique strong passwords.

It can give you a report on your password levels and will also generate you complex passwords.

ItHurtsWhenIP

murphk wrote: »

OP
Pretty much exactly what everyone has said here already 2FA on email and any account you use which has your credit card number. eg amazon

I use Last pass to handle my emails you can add an extension to chrome it is a good way to keep track of unique strong passwords.

It can give you a report on your password levels and will also generate you complex passwords.

I tried to set-up 2FA on my Amazon account some time ago, but I think I couldn't do it as my mobile was Irish (or something along that line). I've just had a look there now and can't even see the setting.

Joe Exotic

MMFITWGDV wrote: »

I tried to set-up 2FA on my Amazon account some time ago, but I think I couldn't do it as my mobile was Irish (or something along that line). I've just had a look there now and can't even see the setting.

I was able to do it instructions here

Ally Dick

Thanks for all the advice. I set up 2 step verification on all my email accounts and Amazon. Changed my password on Netflix and Paypal. Thanks for the responses

ItHurtsWhenIP

murphk wrote: »

I was able to do it instructions here

Thank you!!! I got it sorted.

I was on Amazon.co.uk, but the 2FA stuff is on Amazon.com.:rolleyes:

Ally Dick

Can I just add an observation please ? My Google Chrome has gone very very slow over the last few days. I have run McAfee check and nothing wrong coming back. Could the hackers have done something once they got into my google account from Lagos Nigeria ? I tried refreshing Chrome but it's still very slow. Ran Ookla speed test and it is fine.

ItHurtsWhenIP

Ally Dick wrote: »

Can I just add an observation please ? My Google Chrome has gone very very slow over the last few days. I have run McAfee check and nothing wrong coming back. Could the hackers have done something once they got into my google account from Lagos Nigeria ? I tried refreshing Chrome but it's still very slow. Ran Ookla speed test and it is fine.

Get yourself Malewarebytes and run a scan with that. It's a very useful "second opinion" to the standard AV packages.

Download the free version here https://www.malwarebytes.org/mwb-download/

If you're all clear, then perhaps change the DNS server you are using to Google 8.8.8.8 or OpenDNS 208.67.222.222 and see if Chrome gets quicker.

If not then get CCleaner and give your machine a springclean: https://www.piriform.com/ccleaner/download

ItHurtsWhenIP

Ally Dick wrote: »

Can I just add an observation please ? My Google Chrome has gone very very slow over the last few days. I have run McAfee check and nothing wrong coming back. Could the hackers have done something once they got into my google account from Lagos Nigeria ? I tried refreshing Chrome but it's still very slow. Ran Ookla speed test and it is fine.

Actually this months SANS Ouch! newsletter might provide some useful points for you to check:
https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201604_en.pdf

_Tombstone_

Anywhere computing makes 2FA insecure on iOS and Android

Ally Dick

Thanks for all the help. Latest development is that I got an email to my hacked Gmail account with a false Itunes purchase notification, and a link to click if I didn't purchase it !!! It was a TomTom sat nav purchases from Itunes for €35.99. Yeah right. I didn't fall for this one !