How To Tell If Your GMAIL Account Has Been Hacked By A Phisher

Recently there have been publicized cases of two well known websites, whose domains were 'stolen' and held for ransom. The latest case was with makeuseof.com, where fortunately the site owner was able to take back ownership of his domain name.

To the casual everyday Internet surfer, domain names and Internet technology to run a web site is probably something that is not easy to understand and may be of no interest to you

But, what should be of interest to you is how the thief was able to easily gain control of their GMail accounts, with out their knowledge, and how you can check your GMAIL account, NOW, for signs that your account settings were altered by the same phisher.

This type of phishing attempt can happen to anybody, including you.

To understand how the phishing scheme worked, Google's Online Security Blog issued this explanation after verifying it was not a security vulnerability in Gmail (such as the one found in 2007):

With help from affected users, we determined that the cause was a phishing scheme, a common method used by malicious actors to trick people into sharing their sensitive information. Attackers sent customized e-mails encouraging web domain owners to visit fraudulent websites such as "google-hosts.com" that they set up purely to harvest usernames and passwords. These fake sites had no affiliation with Google, and the ones we've seen are now offline. Once attackers gained the user credentials, they were free to modify the affected accounts as they desired. In this case, the attacker set up mail filters specifically designed to forward messages from web domain providers.

Basically, the thieves (phishers) sent the web site owners an email, that look legitimate, with a link to a website where they eventually got accessed to their GMail accounts. Once they had access, they set up filters that forward all emails to to the phisher email address, giving them control to intercept emails and deleting them after they were forwarded. The owners had no idea it ever happen, only to find out after their web site domain was stolen.

How To Tell If Your Gmail Account Has Been Hacked.

The first thing you want to do is check to see if there are any filters that you did not create. To do this, access your GMail account and click on Settings link (top right of page).

Then click on the Filter tab and verify there are no filters that were NOT created by you.

If you have no filters, your settings will look like the screen shot below.

If you do have filters, examine them carefully and verify they are yours. If you see anything suspicious, take a screen shot and delete the filters you do not recognize.

Next, you will want to tighten up security on your Gmail account. If you do not use POP or IMAP, click on the Forwarding and POP/IMAP tab and disable Pop and IMAP. Also if you have no use for Forwarding, disable it as well.

When finished, make sure you click on the Save Changes button at the bottom of the screen.

While these settings won't bullet proof your GMail account from ever being hacked, using common sense will help reduce the risk by following these simple guide lines:

• when accessing your GMail mailbox, always use HTTPS. You can make this the default setting by clicking on Settings \ General tab, scroll to the bottom and in the Browser connection section, select Always use https (click Save Changes button to save changes).

• verify that no one else has accessed your GMail account by check the latest account activity stat.

• always logoff your account after you are finished checking email. By doing so, you completely eliminate any future unknown script injections when your GMail session is still active while you are surfing the Internet.

• use common sense. Never click on links in emails that you are not sure of, and never open emails when you do not recognize the senders name.

For more information on phishing, check out the article: Tips On Spotting Fake Emails And Phishing Attempts.