Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Gmail hacked through Google Docs

  • 06-04-2016 9:23am
    #1
    Registered Users, Registered Users 2 Posts: 12,741 ✭✭✭✭


    Hi. Got an email from an acquaintance yesterday through Gmail with an important document attached. Asked me to sign in to Google Docs which I did. When I looked at the document, it was nonsense. My acquaintance then emailed me to say that his gmail was hacked. I got notification this morning that my google account was signed on to this morning from Lagos Nigeria. I immediately changed my password and reviewed my security settings, and all looks ok. Is it too late for me, do you reckon. Would spam have been sent out already posing as me ? I have not seen anything strange in my Sent folder.
    Normally I am not naive, but this person was talking to me about a possible job offer and I thought the pdf attachment was in relation to this, so there were lots of strong coincidences unfortunately


Comments

  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    Ugh, an annoying one.

    How far they got can depend on a lot of things. For a start, if you use the same email address and password that was hacked on any other sites, change this immediately.

    They will often spam your entire mailbox and then delete the sent mails to try and cover their tracks, so a check of your trash folder may or may not reveal what they were up to.

    Check any of the big sites that you have signed up with - PayPal, ebay, Amazon, Facebook, Twitter, LinkedIn, etc - ensure that your email address and password is still valid (they may have tried to reset either or both of them). Remember that having access to your primary email is the online equivalent of someone having a copy of your passport - while they had access they effectively had access to all sites that use that email address.

    Change your security settings on your email account, right now - set up two-factor authentication. In this case, even if someone does get your email password, they won't be able to log into your account without the TFA code.


  • Registered Users, Registered Users 2 Posts: 2,116 ✭✭✭ItHurtsWhenIP


    seamus wrote: »
    ...
    Change your security settings on your email account, right now - set up two-factor authentication. In this case, even if someone does get your email password, they won't be able to log into your account without the TFA code.

    I second this. Any on-line account that you have which provides 2FA, get it set-up today but do it for your e-mail immediately.


  • Registered Users, Registered Users 2 Posts: 584 ✭✭✭neonman


    Not good OP.

    As others have said already use two-factor authentication for your email. Your email password should be your most secure password you use online. Never use it for any other online account, use Upper/Lower/numeric and symbols as part of it and if you can a length of 8 or more minimum. I know it mightn't have helped here as they got your password but the two-factor authentication would have for sure.

    The approach I take with passwords online is email is the most complex password possible and never used else where. Social media next level and forums and the like at the bottom, i'm not that worried if someone gets these as they're not connected to any of the upper level passwords.

    email is the gateway into your entire personal life.


  • Registered Users, Registered Users 2 Posts: 572 ✭✭✭Joe Exotic


    OP
    Pretty much exactly what everyone has said here already 2FA on email and any account you use which has your credit card number. eg amazon

    I use Last pass to handle my passwords you can add an extension to chrome it is a good way to keep track of unique strong passwords.

    It can give you a report on your password levels and will also generate you complex passwords.


  • Registered Users, Registered Users 2 Posts: 2,116 ✭✭✭ItHurtsWhenIP


    murphk wrote: »
    OP
    Pretty much exactly what everyone has said here already 2FA on email and any account you use which has your credit card number. eg amazon

    I use Last pass to handle my emails you can add an extension to chrome it is a good way to keep track of unique strong passwords.

    It can give you a report on your password levels and will also generate you complex passwords.

    I tried to set-up 2FA on my Amazon account some time ago, but I think I couldn't do it as my mobile was Irish (or something along that line). I've just had a look there now and can't even see the setting.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 572 ✭✭✭Joe Exotic


    MMFITWGDV wrote: »
    I tried to set-up 2FA on my Amazon account some time ago, but I think I couldn't do it as my mobile was Irish (or something along that line). I've just had a look there now and can't even see the setting.

    I was able to do it instructions here


  • Registered Users, Registered Users 2 Posts: 12,741 ✭✭✭✭Ally Dick


    Thanks for all the advice. I set up 2 step verification on all my email accounts and Amazon. Changed my password on Netflix and Paypal. Thanks for the responses


  • Registered Users, Registered Users 2 Posts: 2,116 ✭✭✭ItHurtsWhenIP


    murphk wrote: »
    I was able to do it instructions here

    Thank you!!! I got it sorted.

    I was on Amazon.co.uk, but the 2FA stuff is on Amazon.com.:rolleyes:


  • Registered Users, Registered Users 2 Posts: 12,741 ✭✭✭✭Ally Dick


    Can I just add an observation please ? My Google Chrome has gone very very slow over the last few days. I have run McAfee check and nothing wrong coming back. Could the hackers have done something once they got into my google account from Lagos Nigeria ? I tried refreshing Chrome but it's still very slow. Ran Ookla speed test and it is fine.


  • Registered Users, Registered Users 2 Posts: 2,116 ✭✭✭ItHurtsWhenIP


    Ally Dick wrote: »
    Can I just add an observation please ? My Google Chrome has gone very very slow over the last few days. I have run McAfee check and nothing wrong coming back. Could the hackers have done something once they got into my google account from Lagos Nigeria ? I tried refreshing Chrome but it's still very slow. Ran Ookla speed test and it is fine.

    Get yourself Malewarebytes and run a scan with that. It's a very useful "second opinion" to the standard AV packages.

    Download the free version here https://www.malwarebytes.org/mwb-download/

    If you're all clear, then perhaps change the DNS server you are using to Google 8.8.8.8 or OpenDNS 208.67.222.222 and see if Chrome gets quicker.

    If not then get CCleaner and give your machine a springclean: https://www.piriform.com/ccleaner/download


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,116 ✭✭✭ItHurtsWhenIP


    Ally Dick wrote: »
    Can I just add an observation please ? My Google Chrome has gone very very slow over the last few days. I have run McAfee check and nothing wrong coming back. Could the hackers have done something once they got into my google account from Lagos Nigeria ? I tried refreshing Chrome but it's still very slow. Ran Ookla speed test and it is fine.

    Actually this months SANS Ouch! newsletter might provide some useful points for you to check:
    https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201604_en.pdf


  • Closed Accounts Posts: 3,006 ✭✭✭_Tombstone_




  • Registered Users, Registered Users 2 Posts: 12,741 ✭✭✭✭Ally Dick


    Thanks for all the help. Latest development is that I got an email to my hacked Gmail account with a false Itunes purchase notification, and a link to click if I didn't purchase it !!! It was a TomTom sat nav purchases from Itunes for €35.99. Yeah right. I didn't fall for this one !


Advertisement