Tricksy Chinese Spammers and your Gmail Account

Hot on the heels of my last post about strong passwords comes news of my partner’s Gmail account being hacked over Christmas.  No, she doesn’t read this blog (neither does my mother), so the password was not particularly strong.

I’m sure such a fate will not befall you, dear reader, since you are armed to the hilt with good password generation advice. Nevertheless, you may find it interesting to hear what the digital deviant got up to once they gained access to her account.

The first sign something was up came when I received an email message titled ‘Merry Christmas‘ from my better half gushing about the brilliant Macbook Pro we’d purchased from website X.  Her knowledge of the machine’s features was quite good, especially since we hadn’t bought any computing equipment from anywhere in recent memory.  I fired back a six-worded reply; “You need to change your password“.  It turns out a few people from her address book were more forgiving and simply queried whether she had intended to send the message.

Thankfully, Gmail notified her when she logged in with a nice big red banner message saying the account had been accessed from China.  A quick look at the ‘last account activity’ log (see the link in the footer of your Gmail screen) confirmed that the account had been opened via a couple of different Chinese IP addresses around the 27th and 28th of December.  The glaring red ‘this seems odd‘ notification instructed her to change her password if the access was unexpected, which she dutifully did.

Funnily enough my message, and those from others, never hit her inbox.  After a little digging we found that they were instead automatically archived and forwarded to a random Yahoo! email account – a setting that remained active even after the password had been changed.  Had we not been living together it may have been a little while before she realised the account was compromised in this way.  The spam messages sent from her account had also been deleted, along with everything in her trash folder.  Tricksy.

To cut the story short, we had to trawl through her account settings with a fine-toothed comb to make sure all filters, forwards and addons were legit in addition to the password change.  Your loved ones should do the same if they get the red message from Google.

At this point we don’t know if her email history has been downloaded.  There would have been nothing stopping the spammer from doing so.  Thankfully the password was only used on one other (non-critical) site, so the damage should be limited.  Still, it is a nice reminder of the down-sides of cloud-based storage.


ShortURL to this Post:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s