My Gmail account got hacked into.
You’ve probably received a number of emails from people you know or people with whom you have exchanged emails, but the content of the emails is suspicious. This is a common occurrence in which someone’s email account has been used without his/her consent by someone else, often with malicious intent. In short, we say his/her email account has been hacked into. The hacker uses the hacked account to (1) spread spam messages, or (2) spread malware (commonly known as “virus”, although not all malwares are virus). Either way, it’s unpleasant for both the original email account owner and the recipients of such emails.
This can happen in several ways:
- The hacker sends an email to the target, posing as an “administrator” of the email provider; tricking the account owner to disclose their account name and password (and also other irrelevant information such as age, phone number, mother’s maiden name etc.). The target, not being able to distinguish a legit notice from a bogus one, dutifully disclosed the said information. The hacker then gains the target’s email account name and password, and can now log in to the account and send spam emails. This method is commonly known as “phishing”.
- The victim’s computer has been infiltrated by “spyware program”, which is a program designed to record the victim’s activity on the computer; especially what internet address he/she visits and what keys are pressed on the keyboard. With this method, it is possible for the spyware to record the victim’s email password when the victim attempts to log in to his/her email account. The spyware then send this information to its owner, who then gains control of the victim’s email account. Else, the spyware may send email from within the victim’s computer, using the credentials it gained from the victim. How did the spyware got in the victim’s computer in the first place? As any malware, it can enter the victim’s computer when somebody installs or downloads unsecured program on the computer.
Back to my story: so how did I found out that my account has been hacked, and what did I do about it?
This morning when I tried to check my Gmail account, it says that an “unusual activity” has been detected on my account. Gmail wouldn’t allow me to check my inbox right away; instead it asked me to verify my account by sending a code to my phone through SMS; I then had to enter this code through Gmail. When the verification passed, Gmail asked me to change my password, which I did. After that I was able to enter my Gmail account.
Upon checking my inbox, I found one email supposedly sent by me, to a number of email addresses to which I have sent email in the recent weeks. My Gmail activity log shows one access from Argentina around the time that email was sent. The content of the email was meaningless sentences with one link to a web page, which I did not bother to open. The most pleasant discovery was that Gmail blocked all these outgoing email! So none of these spams were delivered to the intended recipients.
Gmail 1, hacker 0.
So how did I got hacked? Since I normally only access my Gmail from my macbook (which I did not share with anybody except my wife, and that is very rarely; and I still believe that macs are malware proof) and my mobile phone (which I never lend to anybody either), there’s little chance anybody could have snooped on my password. But I recall that two days ago, I accessed my Gmail from my wife’s computer, and that’s the only instance in the past 30 days that I accessed my Gmail other than through my macbook or my phone. I’ve used my wife’s computer a few times before to access my Gmail, and knowing that my wife is not the type of person who likes to experiment with software, it’s not likely that she is directly responsible for letting in the spyware in her computer. But what about other people who used her computer?
So I checked my wife’s computer, and sure enough: someone installed a software, which is not familiar to me, and not likely to be related to my wife’s activity. I also checked the download history, and found out that someone had been accessing a website which hosts movie files, and a movie (looks like an anime) had been downloaded to the computer. Then I asked my wife, and she confirmed that two days ago someone (a member of our extended family) had borrowed her computer.
Though I cannot ascertain that this person is the culprit, there is a large probability that he might have been. Maybe the software he downloaded was contaminated with malwares. I can’t be sure, but it’s possible.
For now, I advised my wife not to use her computer to check her email for a while, whilst I learn how to get rid of the spyware. I’m not a Windows user, so I’m not used to dealing with malwares like this.
Lessons from this story:
- Be careful with spywares and any malware in general. If you use a malware-prone operating system, exercise care by not downloading or installing softwares except the ones you trust. Pirated softwares and media files (movies and music) are one of the most vulnerable entry point of malwares. Use a software to detect, block and remove malwares; or change to a malware-proof operating system.
- Use an email provider with good protection. In my case, I have proven that Gmail is good at preventing spam through its system. Another popular free email provider, however, is notorious for letting such attack goes on and on (look at your inbox, and you might observe that such email that you receive are all, if not mostly, from that email provider).
Note 1: I use the term “hacker” in neutral tone; there are good hackers and bad hackers. Obviously I’m talking about bad hackers here.
Note 2: I’m not affiliated to Gmail/Google nor Apple.