Hacked Gmail email account
Hello,
This has never happened to me before. I received an email from a friend but could tell it was not from him. The "reply to" address is his. I emailed him back asking if he sent it and I actually received a response but it wasn't from him either.
He has a gmail account. He just told me his password had changed and not by him...his account was remotely hacked.
We changed his password and reset his recovery information. Anything else that we should do?
Thanks,
Mags
This has never happened to me before. I received an email from a friend but could tell it was not from him. The "reply to" address is his. I emailed him back asking if he sent it and I actually received a response but it wasn't from him either.
He has a gmail account. He just told me his password had changed and not by him...his account was remotely hacked.
We changed his password and reset his recovery information. Anything else that we should do?
Thanks,
Mags
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As mentioned you should thoroughly scan the PC's he uses to access his GMail for viruses, keyloggers, trojans etc. It is more likely his GMail account and password were found out via such a bug on his PC, rather than directly at GMail. For example many email clients or also web-browsers which are used to connect to GMail can be set to store passwords, and those can often easily be read out. If the bug is still active on his PC's it would be easy for the attacker to see the new password.
ASKER
Hi awawada - I did gather this information when I had him reset his password. It shows a computer from New York and Nigeria accessing is Gmail account. They changed his password and retrieval email address and phone - this has been corrected. He was using a "Stupid" password which has also been corrected.
During Gmail's security Checkup we also found 2 items that have account permissions. He did not recognize them so we removed them.
I will run some scans when we connect this afternoon but his account Gmail actually seems to have been hacked elsewhere as he wasn't even using his computer.
His bank was contacted via email to transfer money into an account which they did not do but called him. I am also having him send an email to everyone in his contact list explaining the situation.
If they no longer have access to his Gmail account what other threats may be lurking for him?
Thoughts?
Thanks,
Mags
Rob-Hack.jpg
Rob-Hack2.jpg
Rob-Hack3.jpg
During Gmail's security Checkup we also found 2 items that have account permissions. He did not recognize them so we removed them.
I will run some scans when we connect this afternoon but his account Gmail actually seems to have been hacked elsewhere as he wasn't even using his computer.
His bank was contacted via email to transfer money into an account which they did not do but called him. I am also having him send an email to everyone in his contact list explaining the situation.
If they no longer have access to his Gmail account what other threats may be lurking for him?
Thoughts?
Thanks,
Mags
Rob-Hack.jpg
Rob-Hack2.jpg
Rob-Hack3.jpg
If they got your bank account, it is very likely that the computer is is compromised, as such info is normally not contained within emails, but often you have it somewhere on the PC.
I would probably install the PC's OS from scratch / recovery partition to make sure nothing bad is left on it. Change the User's passwords on the PC as well, and make sure he has a separate account with admin rights that he never uses, and a standard account which he always uses. Install a good AV tool, like the free Panda AV, and make sure the OS is fully patched. Only install software that is really needed, and be careful when installing that you read all the screens and deselect any additional stuff.
I would probably install the PC's OS from scratch / recovery partition to make sure nothing bad is left on it. Change the User's passwords on the PC as well, and make sure he has a separate account with admin rights that he never uses, and a standard account which he always uses. Install a good AV tool, like the free Panda AV, and make sure the OS is fully patched. Only install software that is really needed, and be careful when installing that you read all the screens and deselect any additional stuff.
ASKER
rindi They did not get into my client's bank account. They simply sent the bank an email, since they were in his contact list, asking him to transfer money. They did not have any access to his account.
Yes, but how did they know the bank's account number and what bank. Such info is usually not within any emails.
ASKER
They did not know any account numbers. My client has his bank representative's email address in his contact list and they simply asked her to transfer money. When she was suspicious she replied to the email and when the response came back with a story she called him.
ASKER
In recently used devices it is now saying that the current device (I am on his computer) is located in Texas...very strange...what do you think is going on?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We've checked things out and changing his password to a more complex password has done the trick. All his devices show the same IP address so we feel the issue has been resolved. Thanks for all your help!
Mags
Mags
This examples are also Stupid Passwords:
Stup1dPassw0rds!
ImSoS@f3.
Letmein12#
Good passwords looking like this:
-G1pwll6t#
Ashcn+9+htnssP!
GunWindowPavementScrew