Blog‎ > ‎

What To Do Now That You Have Hacked Someone's Gmail?

posted Aug 12, 2013, 1:14 PM by Info@ HelpAsNeeded   [ updated Aug 12, 2013, 1:17 PM ]
Now that we have your attention--no, we are NOT suggesting that you hack anyone's email, but rather, we want you to help you recognize it and fix it.

Last time we wrote about a Facebook scam that invited targets to give away their Facebook id and password (http://tinyurl.com/has20130720).

Here's another nasty trick.

First, before you hack into your target's Gmail account, create a Hotmail account that is similar. For instance, if your target's email is barack.obama@gmail.com, create barack.obama@hotmail.com. Next, log into your target's Gmail account and change the "reply-to" setting to the new email that you have created.

while still logged into the target's Gmail, send out your scam from the hacked account--"Help me, my family and I are stranded in some poor village where we came to feed the homeless. Wire money!," or something else. Be sure to delete copies of your sent emails when you are finished so that the target doesn't catch on.

Now, anyone who simply hits "reply" to your email will send emails to you, the hacker.

WHAT TO DO--FOR USERS

If your Gmail has been hacked--or if you want to know whether your Gmail has been hacked--follow these steps:

- from Gmail, click on the gear icon in the top right;
- click "settings;"
- click "accounts;"
- find "Send mail as," and look to see whether a "reply-to" address appears.

If no "reply-to" entry appears, then there is nothing to worry about--replies will come back to you automatically.

If the "reply-to" entry isn't something you recognize, edit or delete it altogether. NOW CHANGE YOUR PASSWORD!

WHAT TO DO--FOR ELIST ADMINISTRATORS

Unless you moderate every message that comes through your elist (Listserv, Yahoo! Groups, Google Groups, etc.), there isn't any way to prevent messages from your users who have been hacked this way from getting through. When you encounter such messages, my recommendation is that you suspend the account until the target indicates that the hack has been corrected.

While this has been focused on Gmail, the same exposure and issues exist with other email accounts.

Follow us @HelpAsNeeded.

Let us know your thoughts.
Comments