This morning I logged into GMail and it is in a different language. Now I'm not sure how to reset the settings. Kinda like when someone changes the language on your cell phone.
Was it possible I am a victim of someone's fun or something more serious?
I will need some help restoring my previous settings and securing this GMail account. I have already changed the password.
Thanks for your help Photon, can I send you a screen shot of my recent activity on my Gmail account with the IP addresses, there was activity on my account from an IP that looks unfamiliar. Can I post the IP and can it be searched?
This IP accessed my GMail account via browser at 5:11 am.
41.238.215.73
OrgName: African Network Information Center
OrgID: AFRINIC
Address: 03B3 - 3rd Floor - Ebene Cyber Tower
Address: Cyber City
Address: Ebene
Address: Mauritius
City: Ebene
StateProv:
PostalCode: 0001
Country: MU
This IP accessed my account at via IMAP at 4:30am and again at 6:30am.
67.233.87.112
OrgName: Embarq Corporation
OrgID: EMBAR
Address: 500 N New York Ave
City: Winter Park
StateProv: FL
PostalCode: 32789
Country: US
__________________
Last edited by GreatWhiteEbola; 03-13-2010 at 08:24 AM.
Not that it matters, they probably have all your email already.
Actually, I had the password to my Google account changed before I changed the language.
Did they change the account language settings so that they could read the email? You would think the more anoymous the better. As soon as I opened my account I knew something was awry. I don't know if there is anything personal in there...
Upon further review I had emails with attachments from Ex-GF's. That might not be good......
__________________
Last edited by GreatWhiteEbola; 03-13-2010 at 08:38 AM.
Yeah, change your password and change it to something strong.
How was your password before, was it pretty easily guessable?
I'd be questioning my whole computer at this point, that you've got two VERY different IPs in your email account may indicate that you have bigger problems, like a Trojan on your computer; Google's pretty good at locking down too many incorrect password attempts so it probably wasn't brute forced, it was either guessed, or picked up by a Trojan logging your key strokes or looking at your browser's password file (in which case all online activity's passwords should be changed, after you make sure your system is clean).
__________________ Uncertainty is an uncomfortable position.
But certainty is an absurd one.
Did they change the account language settings so that they could read the email? You would think the more anoymous the better. As soon as I opened my account I knew something was awry. I don't know if there is anything personal in there...
Upon further review I had emails with attachments from Ex-GF's. That might not be good......
Hehe..
The real risk in your email getting compromised isn't so much the information that's in the email (not for a random person anyway), it's the ability to do things like change banking site passwords and such with access to the email.
Or it could just be some random script kiddie looking at your email and changing your language setting to mess with you, I know one time I found a neighbour's computer on my Shaw subnet that was wide open, so I printed something on his printer
__________________ Uncertainty is an uncomfortable position.
But certainty is an absurd one.
The real risk in your email getting compromised isn't so much the information that's in the email (not for a random person anyway), it's the ability to do things like change banking site passwords and such with access to the email.
Or it could just be some random script kiddie looking at your email and changing your language setting to mess with you, I know one time I found a neighbour's computer on my Shaw subnet that was wide open, so I printed something on his printer
My password was strong, capitals, and numerical digits. I am doing a scan. Using Shaw Secure, I have never had an issue before.
I feel so violated.
__________________
Last edited by GreatWhiteEbola; 03-13-2010 at 08:55 AM.
Yeah if it were me that had that happen to my email I'd be doing various scans with different programs, maybe even installing a 3rd party firewall and examining exactly what's going in and out of my computer network traffic wise to see if there's something fishy going on. No single virus scanner catches everything and even the best ones can miss new or custom made malware.
ETA: And I'd be watching my email IP address access logs very carefully, if new IPs start accessing your email again all of a sudden then you know that your computer is compromised.
__________________ Uncertainty is an uncomfortable position.
But certainty is an absurd one.
The Following User Says Thank You to photon For This Useful Post:
Assuming this is an actual hack, chances are they are not doing it for immediate gain. They either have obtained a database filled with information they gained from spam, phishing etc etc and have used that information to hack you, or they are in the process of using these methods to build such a database to sell to others.
I had a similar thing happen to me, where it was possible that my mail password had been compromised.
First change your password on that account. This might not help, depending on how they got in. It could be that their plan involves changing your password recovery email address, so when it resets it send it to them. Assume they have done this, and make sure that any website password resets not be sent to the stored email address for you unless you have entered or otherwise verified it. This way they won't be getting your new password in their email.
Next, assume every password for every website you have ever signed up for is in their hands. If you don't use a different password for every account, or use the same password for those accounts and your firewall/router/computer at your house, assume they will have full access to all of your computers in your home. This goes double in this case, because they could know the IP address of every place (or maybe just last place?) you have logged in from.
So change all these passwords. Ideally, not all to the same thing. If you must reduce the number of passwords you have, ensure that they are at least treated in accordance to their importance. Access to your machines, networks, financial accounts, email accounts all should have separate passwords.
For the next few months, (and probably years) make sure you watch for any other suspicious activity on any accounts, including bank, credit card, email, facebook or other social media accounts.
This is probably alarmist, but it is what I assumed and guided my actions accordingly.
__________________
"Wake up, Luigi! The only time plumbers sleep on the job is when we're working by the hour."
The Following User Says Thank You to Rathji For This Useful Post:
There are also stand alone scanners from ESET, Dr Web, and Avast. You could also run web based scans from Trend and Panda. If nothing comes up, you could run Hijack This, but it is not an automatic cleaner. It produces a log that you would either analyze or post on many forums to get some assistance with.
Actually, what Photon said about your network traffic is very valid as well. If you have a trojan which is keyloging or getting screen caps, it needs to be sent out somehow. Normally it is done through e-mail, so if you notice a bunch of mail packets (SMTP) constantly being pumped out. You can use Wireshark to do this, it is pretty self explanatory to use
__________________
"Wake up, Luigi! The only time plumbers sleep on the job is when we're working by the hour."
Last edited by Rathji; 03-13-2010 at 09:20 AM.
The Following User Says Thank You to Rathji For This Useful Post:
If I wanted to steal a bunch of people's email accounts, the easiest way would be to acquire email addresses/passwords for another service, then check if they used the same password for their email account. It wouldn't be surprising to me if >50% of people use the same password across most online services they sign up for.
That seems like a pretty simple attack vector. You might want to consider what sites you have been registering at recently, and if you might have used the same password as your email account. To prevent this type of attack, try to use a different password for different sites. Or, at least a different password for your email address from your "everyday" password.
The Following User Says Thank You to gottabekd For This Useful Post:
If I wanted to steal a bunch of people's email accounts, the easiest way would be to acquire email addresses/passwords for another service, then check if they used the same password for their email account. It wouldn't be surprising to me if >50% of people use the same password across most online services they sign up for.
That seems like a pretty simple attack vector. You might want to consider what sites you have been registering at recently, and if you might have used the same password as your email account. To prevent this type of attack, try to use a different password for different sites. Or, at least a different password for your email address from your "everyday" password.
This is pretty much what I do. If I am signing up to Bob's House of Abortion Photos, I use an email address that has nothing but spam going to it and use a 'generic' password. Sure if someone broke through his 25cent security, they would technically have the username and password to maybe 20 or 30 sites I might be a member of, if they could guess them. Even so, if suddenly lose access to my account for www.freefunbagwallpaper.com, or my account on the www.conspiracytheories.com message board is hacked who cares?
Too many passwords that are too hard to remember is a liability. Just make sure the important ones, like your CP account, are protected by unique passwords, especially if they link back to a mail account which essentially would contain all the information about you.
This of course assumes that this was a password based attack. There are vulnerabilities in every piece of software and every piece of hardware out there. The only way to totally secure a computer is to disconnect it from the internet and throw it down a hole 100m deep, then fill it with concrete.
Imagine checking your email on that!
edit: I am surprised one of those fake links worked. Unfortunately it wasn't the one that would have made my afternoon in front of the computer a little more interesting.
__________________
"Wake up, Luigi! The only time plumbers sleep on the job is when we're working by the hour."
Comodo makes a free firewall and you can set it to alert you every time a program tries to communicate out, that way you know exactly what's trying to talk to the Internet.
__________________ Uncertainty is an uncomfortable position.
But certainty is an absurd one.
GMAIL settings: Hacked?
. That might not be good.....
.
