[syklops]

Actually I said wireless initially because that is really easy(you can even do it from an android phone), but you can spoof a switched LAN, so really anything if you put your mind to it.

[mooonpie]

Step by step post how (and why) to set up GMail's 2 factor auth. http://www.codinghorror.com/blog/201...ker-proof.html

More interesting is the link in the first paragraph, to a "harrowing cautionary tale", that tells the story of how a couple went about reclaiming access to the wife's GMail a/c after it was well and truly owned. Long read though: http://www.theatlantic.com/magazine/...1/hacked/8673/

[JimFin]

Just to update on what happened since I first post.........

Logged the call with Google via the password recovery forms. Gave as much information as I possibly could to prove I owned the a/c. There is simply no way whatsoever of contacting Google by phone. Although I did read if you have any sort of contact within the company they may be able to nudge your case up a little.

I also reported the problem on the google product forums. While mods on there aren't google employees, any mod with a little blue mountain icon beside their username will have access to google and they to may be able to help get your issue looked at.

I lost the a/c on Fri morn, had it returned the following Wed afternoon. I was lucky and got "an ordinary decent hacker" who didn't delete my mails, didn't send out reuests for money and didn't frustrate the recovery process by replying to the mails in the Inbox from google saying there was a request to change the password.

Everyone should turn on two-step verification on your gMail accounts - do it now if you don't have it already. Its an extra layer of security that you may be very glad of one day.

As for how I got caught out, well I was and still am certain it was not a work colleague. Shortly after the password got changed, a payment was made from my PayPal account to a Czech telephone company for abut €40 (same paypal and gmail password ). I am still not certain but think I got caught out with a Phishing scam, despite sending an email warning to all my work colleagues only last year. I made a paypal payment on Thursday night and the email was in my inbox on Fri morning - I assumed without thinking that it was a follow up, clicked a link and logged in to a paypal a/c, the site crashed IE and I thought no more of it and shut down IE, logged in again the normal way and was happy out. As I wasn't taking much notice I can only assume the first mail Phished me

You live and learn - but do keep different passwords and do take steps to secure your account.

[syklops]

Quote:

Originally Posted by JimFin

As for how I got caught out, well I was and still am certain it was not a work colleague. Shortly after the password got changed, a payment was made from my PayPal account to a Czech telephone company for abut €40 (same paypal and gmail password ). I am still not certain but think I got caught out with a Phishing scam, despite sending an email warning to all my work colleagues only last year. I made a paypal payment on Thursday night and the email was in my inbox on Fri morning - I assumed without thinking that it was a follow up, clicked a link and logged in to a paypal a/c, the site crashed IE and I thought no more of it and shut down IE, logged in again the normal way and was happy out. As I wasn't taking much notice I can only assume the first mail Phished me

You live and learn - but do keep different passwords and do take steps to secure your account.

It wasnt me.

[El Spearo]

Quote:

Originally Posted by JimFin

Just to update on what happened since I first post.........

Logged the call with Google via the password recovery forms. Gave as much information as I possibly could to prove I owned the a/c. There is simply no way whatsoever of contacting Google by phone. Although I did read if you have any sort of contact within the company they may be able to nudge your case up a little.

I also reported the problem on the google product forums. While mods on there aren't google employees, any mod with a little blue mountain icon beside their username will have access to google and they to may be able to help get your issue looked at.

I lost the a/c on Fri morn, had it returned the following Wed afternoon. I was lucky and got "an ordinary decent hacker" who didn't delete my mails, didn't send out reuests for money and didn't frustrate the recovery process by replying to the mails in the Inbox from google saying there was a request to change the password.

Everyone should turn on two-step verification on your gMail accounts - do it now if you don't have it already. Its an extra layer of security that you may be very glad of one day.

As for how I got caught out, well I was and still am certain it was not a work colleague. Shortly after the password got changed, a payment was made from my PayPal account to a Czech telephone company for abut €40 (same paypal and gmail password ). I am still not certain but think I got caught out with a Phishing scam, despite sending an email warning to all my work colleagues only last year. I made a paypal payment on Thursday night and the email was in my inbox on Fri morning - I assumed without thinking that it was a follow up, clicked a link and logged in to a paypal a/c, the site crashed IE and I thought no more of it and shut down IE, logged in again the normal way and was happy out. As I wasn't taking much notice I can only assume the first mail Phished me

You live and learn - but do keep different passwords and do take steps to secure your account.

always baffles me!

but yeah with emails, you should always have a back up account to retreive accounts, and if possible a phone linked.

That way your covered.

[Cork24]

You must be using some tiny weak passwords!!!

Their is no way some one should be able to hack you Email account if you have a Nice Long Strong password. My Gmail password is 24 lenghts Long using Caps and Numbers as well.

And my Security Question & Answer is hard to think up aswell. if a person know you very well he could guess your Answer

[Damo2k]

Quote:

Originally Posted by Cork24

You must be using some tiny weak passwords!!!

Their is no way some one should be able to hack you Email account if you have a Nice Long Strong password. My Gmail password is 24 lenghts Long using Caps and Numbers as well.

And my Security Question & Answer is hard to think up aswell. if a person know you very well he could guess your Answer

eh key logger?

[Cork24]

Key Loggers,

my old fav friend... if its a work PC that you think that you got hacked from them i would be asking some big question on there half...

Do you have a Virus Scanner and do you Scan the computer all the time if yes.. then No it was not a Key Logger as i Anti-Virus program would pick up a Key Logger..

[syklops]

Quote:

Originally Posted by Cork24

Key Loggers,

my old fav friend... if its a work PC that you think that you got hacked from them i would be asking some big question on there half...

Do you have a Virus Scanner and do you Scan the computer all the time if yes.. then No it was not a Key Logger as i Anti-Virus program would pick up a Key Logger..

AN anti-virus would pick up a software key logger that has been used before.

You can buy a hardware keylogger for about 80 euro. They take about 5 seconds to fit, and 5 seconds to take again. Then you take it home and you have all the persons passwords they typed in that day.

Edit: Also, someone who knows what they are doing could write a brand new key logger which there wouldnt be a signature for yet.

[Cork24]

You need to be at the computer i think some one is going to notice a USB stick hanging out of the PC, or Laptop..

The whole point of Key Loggers is have it sent to the Users, if you can inbed well inside a file a Virus Scanner wont pick it up at the first sight.

[Deliverance XXV]

You can get USB keyloggers that fit between the keyboard USB connection -USB computer connection. Very discreet and hard to find as they could only be 1-2cm. Keyloggers can be installed multiple ways.

All the protection in the world can't protect you against... Sloppy and careless staff. Some good reading around the web of people ringing up service providers about forgotten passwords and staff allowing them set new passwords or set up alt email etc. Even on the Board's xbox forums there was a thread about people's xbox live's accounts have been accessed without any form of hacking. Sad, really.

[syklops]

Quote:

Originally Posted by Cork24

You need to be at the computer i think some one is going to notice a USB stick hanging out of the PC, or Laptop..

You can get both USB and PS/2 keyloggers, that are about 2cm in length and fit between the cable and the computer. Considering most keyboards are plugged into the back of a computer you wouldn't notice it. I have a laptop and docking station, and I can't see where my keyboard is plugged in. My colleague has a desktop, and his desktop is on the floor with the keyboard plugged in the back. Short of checking the back every day he would have no clue a key logger is plugged in.

Quote:

Originally Posted by Cork24

The whole point of Key Loggers is have it sent to the Users, if you can inbed well inside a file a Virus Scanner wont pick it up at the first sight.

The whole point of key loggers is to log keys. There are numerous ways of getting the log back again. Some hardware loggers can email their log back to their owner, others can simply be removed by the owner or by a member of the cleaning staff.

[clintondaly]

Didnt you have to give a back up email address when you signed up for gmail,this is requiired for things like forgetting your password etc.

[900913]

Quote:

Originally Posted by Cork24

You must be using some tiny weak passwords!!!

Their is no way some one should be able to hack you Email account if you have a Nice Long Strong password. My Gmail password is 24 lenghts Long using Caps and Numbers as well.

And my Security Question & Answer is hard to think up aswell. if a person know you very well he could guess your Answer

If you re-use your email password on another site theres nothing to stop that site Admin from logging you password in plain text. Or if the site got compromised a hacker could edit the login script to store your details in plain text.

Quote:

Didnt you have to give a back up email address when you signed up for gmail,this is requiired for things like forgetting your password etc.

A hacker will simply edit/remove the password recovery email when he's changing your password and security question.

[infodox]

*CRASHED IE*

Opinion: You just got browser autopwned sir, and that computer needs to be quarentined and disinfected. Any USB devices that connected to it need to be sanitized.

My Advice: Stop using Internet Explorer. Use something decent, Opera is a fairly good alternative, as is Chrome. better still is Vmware Browser Appliance.

Finally, from a KNOWN CLEAN system (Live Disc) change ALL your passwords, security questions + answers, etc.