Gmail hijack attempt

[damewolf13]

Yesterday, I kept getting a message on all 4 of my phones telling me that I needed to re-enter my password for one of my Google accounts, which I did time and again, only to keep recieving the same message. I finally decided that I would attempt to change my password which I did successfully. Upon loading in my messages, I found a message from Google explaining that they had thwarted an attempt from someone in Iran trying to access my account. They even gave me an IP address of this attempt.
I have never had that happen before, and cannot even imagine the implications if they had succeeded. Has anyone here had something similar happen to them, and if so, what happened?

 

[gbiggie]

No never have here. What exactly did the message say..a screenshot if possible..with your info hidden of coarse.
It would be helpful to see what to look.out for.
Glad they caught it for you:thumbup:

 

[damewolf13]

Try as I might, I can't get a screenshot but I will quote it.
Damewolf,
Someone recently tried to sign in to your Google account, (my address). We prevented the sign-in attempt in case this was a highjacker trying to access your account. Please review the details of the sign-in attempt:
May9,2012 1:55pm GMT
IP Address: 130.255.251.110
Location:Iran
If you do not recognize this sign-in attempt, someone else might be trying to access your account. You should sign in to your account and reset your password immediately. Find out how at (the password change address)
Sincerely,
The Google Accounts Team

 

[karandpr]

Hmm ,depends really for what they are hacking for .
Most probably they will use your account as a spam bot .
Depends really on what is stored in your account .

 

[damewolf13]

Hmm ,depends really for what they are hacking for .
Most probably they will use your account as a spam bot .
Depends really on what is stored in your account .

Yah, I have had that account for years, and can't really remember everything that might be associated with it. I am just glad that they didn't
gain access to it.

 

[karandpr]

Spam is one of the most common reasons .
Phishing for CC info used to be second reason .

Technically unless it's a weird hobby no one hacks account to read your personal emails ,so tech eavesdropping is third .
Personal Vendetta is last and most uncommon .

 

[zuben el genub]

Did you check via computer? To be safe - I'd check Google Mail via a bookmark that I knew was good on the computer. There's always a chance that anything could be a phish. Paypal has had one with similar terms - accessing account. There's one going around now about cancelled Amazon orders.

 

[mpw]

...Has anyone here had something similar happen to them, and if so, what happened?

My father had his yahoo email account hacked; first he knew was when I alerted him to an email I got from 'him', which was obviously a scam.

The cheeky coituses changed his password locking him out; until we went through the reset process with yahoo; then sent emails to all his contacts asking for cash, basically claiming he'd been robbed on holiday etc. etc.

The email return address had been changed though, so where he had an 'L' in his name they put an 'i', which was deceptively hard to spot at first glance! ie CIive not Clive

yahoo didn't seem too bothered, and the account remained active; I would just attempt to enter random passwords to the account until it got locked for 10days at a time; I know it won't stop these creeps, but I like to think of it as coitus interruptus.

 

[zuben el genub]

I don't keep contacts in Yahoo. I have them on a file and just copy and paste.

Years ago someone tried to spoof my account, but my ISP had been after me to change computer name. It was "Shithead" I'd get banned/barred from sites with a decency hangup.

 

[Xyro]

sent emails to all his contacts asking for cash, basically claiming he'd been robbed on holiday etc. etc

That's pretty common. A friend of mine had his hotmail account hijacked, followed by his facebook account. They sent a similar message around about being robbed or injured on holiday in another country.

damewolf13, if I were you I'd turn on 2-step verification for your gmail account. With that on, nobody can access your gmail account without access to your phone, even if they know they password.

 

[Covart]

Try as I might, I can't get a screenshot but I will quote it.
Damewolf,
Someone recently tried to sign in to your Google account, (my address). We prevented the sign-in attempt in case this was a highjacker trying to access your account. Please review the details of the sign-in attempt:
May9,2012 1:55pm GMT
IP Address: 130.255.251.110
Location:Iran
If you do not recognize this sign-in attempt, someone else might be trying to access your account. You should sign in to your account and reset your password immediately. Find out how at (the password change address)
Sincerely,
The Google Accounts Team

It's a Persian blog site (http://phi.persianblog.ir/), tech stuff. Pretty much all users are Iranian. Def not coming from their government, so likely an individual(s) trying to get your account to phish or scam.

 

[damewolf13]

Thanks Covart...I would have no idea how to check on something like that, but I was kind of curious.

 

[argedion]

I got the same letter a year or so ago. I changed my password and all was well. I looked into it a little bit but quickly gave up as I was opening such a broad subject. Terrorist will also try to hack your accounts not necessarily to read your email or to even spam but to send coded messages. The jist of it was that in order to make it untracable to the sending IP Thus giving the location of the Terrorist was next to impossible to trace. The web mail is excellent for this. A friend of mine told me about it so I'm not sure how reliable the source is. Even though he does work for the Government.

 

[Covart]

I got the same letter a year or so ago. I changed my password and all was well. I looked into it a little bit but quickly gave up as I was opening such a broad subject. Terrorist will also try to hack your accounts not necessarily to read your email or to even spam but to send coded messages. The jist of it was that in order to make it untracable to the sending IP Thus giving the location of the Terrorist was next to impossible to trace. The web mail is excellent for this. A friend of mine told me about it so I'm not sure how reliable the source is. Even though he does work for the Government.

While this is possible, it's much easier to create new email accounts and hide/spoof an ip adress or just go to an internet cafe and send an email by proxy. However, sinse this 'presumably' originated in Iran, an internet cafe is unlikely. To restrictive and well monitored. My best guess is still that it is some jerkoff trying to hack accounts for scams or phishing.

And as you have pointed out, reliabity of a source does not neccessarily increase, just because someone works for the government. I work for the government and I could be blowing smoke up everyone's a%#es. i'm a digital keyoard ninja, that's seen Hackers one to many times.

 

[pool_shark]

I saw something similar last year, that's when I switched to the two step verification.

Keep in mind, if you use two step verification and switch devices, you'll have to disable it to log into Google on the new device.
I learned that when I bought the Nexus and couldn't get signed in.

 

[Xyro]

Keep in mind, if you use two step verification and switch devices, you'll have to disable it to log into Google on the new device.
I learned that when I bought the Nexus and couldn't get signed in.

You can sign in to multiple devices, although you'll have to generate device specific passwords for each of them. Or do you mean that the actual authenticator app will only work on one phone at once?

 

[SUroot]

My father had his yahoo email account hacked; first he knew was when I alerted him to an email I got from 'him', which was obviously a scam.

Yeah someone at work was hacked on their gmail. Claimed she'd been robbed in Spain and to send money via the western union or something.

But there's a tip here, she learned of it as they emailed all her contacts, one of which was her work email. For quick notification, add your work email as a contact.

 

[argedion]

For quick notification, add your work email as a contact.

Great Idea if you don't have a work email you can use another email account. I have Google and Hotmail. Google is primarily for my contacts and apps. My hotmail is my main mail account. I get notifications for both so definitely a great idea. Thanks

 

[pool_shark]

You can sign in to multiple devices, although you'll have to generate device specific passwords for each of them. Or do you mean that the actual authenticator app will only work on one phone at once?

When trying to sign into Google on a new phone for the first time, there is no option to enter the code.

 

[Xyro]

When trying to sign into Google on a new phone for the first time, there is no option to enter the code.

Android OS doesn't support the six digit code login method (that I'm aware of), like the gmail website does. What you have to do is login on your PC and generate an application specific password, one for each phone. Using those will allow you to login to as many devices as you need

 

[pool_shark]

Android OS doesn't support the six digit code login method (that I'm aware of), like the gmail website does. What you have to do is login on your PC and generate an application specific password, one for each phone. Using those will allow you to login to as many devices as you need

I understand that, what I'm saying is when you first get the phone and you try to sign into google, there is no option to enter any code to get logged in thru the new device.

I disabled the two step process and logged right in.

 

[Xyro]

I understand that, what I'm saying is when you first get the phone and you try to sign into google, there is no option to enter any code to get logged in thru the new device.

I disabled the two step process and logged right in.

I think I understand what you mean, I just didn't explain my self very well. What I'm saying is that you do not need to disable 2 step verification to set up a new phone. The same goes for when you factory reset your current phone.

All you need to do is generate one of those application specific passwords and use that instead of your actual password when you login to a new phone. I.e, it just goes into the normal password field. Your actual gmail password won't work, as I'm sure you experienced. That explains why you couldn't see a second field for a code

 

[pool_shark]

I think I understand what you mean, I just didn't explain my self very well. What I'm saying is that you do not need to disable 2 step verification to set up a new phone. The same goes for when you factory reset your current phone.

All you need to do is generate one of those application specific passwords and use that instead of your actual password when you login to a new phone. I.e, it just goes into the normal password field. Your actual gmail password won't work, as I'm sure you experienced. That explains why you couldn't see a second field for a code

We were confusing each other. Let me make my experience clearer.
I was still at the store, hadn't even decided on what to get yet. When I chose, I tried to login and it didn't work, it kept saying my password was incorrect.

I thought application specific was actually for that specific application, because I have used those, well, before I disabled two step.

 

[Internetapps]

Sadly, there seems to be a lot of people that hack email accounts for their full time jobs. My friend's hotmail account was hacked a few months ago. They changed his password and then sent out an email saying he and his wife went on a trip to England and were robbed and didn't have money to get back home. They asked for money to be sent via Western Union to them. Several of their friends actually did send money, and they never were able to track down the person responsible. They're always safe with their online surfing and such but still someone got hacked.