What to do if your Gmail account is hacked

This happened to someone I know: their Gmail account was hacked and used to send spam to everyone in the Gmail address book. The Gmail Help gave useful option settings for preventing the problem. So the rest of us should use the settings before our accounts get hacked.

If your account has been compromised/hacked/stolen you will need to check at least all of the following things:

Account Security:
Settings -> Accounts and Import -> Google Account Settings -> Change Password [pick a new secure password]
Settings -> Accounts and Import -> Google Account Settings -> Change Password Recovery Options [verify secret question, SMS and secondary e-mail address]

Potential Spam:
Settings -> General -> Signature [make sure nothing as been added]
Settings -> General -> Vacation Responder [make sure it’s disabled and empty]

E-mail Theft

Settings -> Accounts and Import -> Send Mail As [make sure it is using your correct e-mail address]
Settings -> Filters [no filters that forward or delete e-mail]
Settings -> Forwarding and POP/IMAP -> Forwarding [disabled or correct address]
Settings -> Forwarding and POP/IMAP -> POP Download [disabled]
Settings -> Forwarding and POP/IMAP -> IMAP Access [disabled]

The purpose of the above is to undo any changes a hacker may have done THIS time.  They often make a number of changes to accounts which create problems if you don’t undo them.

Scan your computer for malware.

Switched to using https by default.

Additional InformationKeeping account secure:  https://mail.google.com/support/bin/answer.py?hl=en&answer=46526
Protecting your account:  https://mail.google.com/support/bin/answer.py?hl=en&answer=29407
If your account is compromised:  http://mail.google.com/support/bin/answer.py?hl=en&answer=50270

How does it happen?

* Accounts left open in public places (even at work).
* Browser login/password auto-fill enabled on a computer others have access to.
* Hacks from other less secure sites (like Facebook).
* Keyloggers and malware.
* Network (especially wireless) breaches.
* A lucky password guess.

Someone else said:

Gmail should block IP addresses from accessing the accounts that are not within the account owner’s own geographical area. They could add a setting wherein international travelers could bypass that. It should be obvious that when a Chinese IP address (or Russian or Korean IP) gets into an account, it is up to no good.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: