gmail-hacked

I admit it; my email is my life, my second name, my license plate in the online world. My PayPal account is associated with it, all my online jobs point to that email. I thought that setting up a password of 50 characters long would be enough, but I have chosen only words and numbers. That’s how I almost got hacked.

Another huge mistake that I made was to be logged in all the time. This is silly, especially when you’re basically living online, like I do. That’s when I realized that I depend so much on Google. I use Google Reader, Google News, Google Calendar, Google Books, Google+, Adsense and other products.  You may ask, why do I use them? Well, because they are good, simple and they suit my needs.


So, how did the hack happen? Was I that dumb to let a foreigner destroy my online identity or as one’s activity grows on the web, you become an easy target for them. How do big bloggers protect their email accounts, one could ask? I know many that use the same, basic Gmail account. Why their accounts don’t get hacked?

The Basics of Your Gmail Account Security

First of all, you need to set up a strong password, and by strong I mean using not only letters and numbers but also symbols like these “*, /, #, ^, &, -. +” and make it quite long, I’d go for a minimum of 30 characters. After that, save your password  somewhere in your computer in a .txt file, but don’t name it “password” or something relevant. If you’re afraid that your own computer could get hacked, then print your password and keep that small sheet in your wallet.

Also, if you are not sure what anti-virus or spyware software to use, download the Google Pack and choose from there. It’s not wise to have multiple anti-virus software installed, so pick one and you’re set up. If you are still unsure, you can choose one of these free antivirus software.

Remember, when you created your account, you were asked a security question and you have also picked a secondary, recovery email address. Make sure that the secondary email address is also secured and has a solid password. It could be an email that you use to speak with your friends and family or created only as back-up. Just make sure to have its logins also printed on that important piece of paper.

Suggested Read: Ultimate Guide to Secure Your GMail Account

Some Extra Steps You Must Take

Even if you have set up a solid password, don’t forget to change it. I am not sure how often, but for the sake of regularity, do it once a month. If you have a Gmail account, Google suggests updating your recovery email address, your phone number and your secret question.

Sure, once the hacker is in, he can change some of those things, but setting up the 2-step verification can make his breaking-in real hard. But even that can get tricky if you’re planning to travel for a long period. So, be careful to change your phone number before you leave. Yes, I know, taking care of your email is like taking care of a baby, it requires responsibility.

Also, make sure to check the website that has authorized access to your Gmail account and the POP/IMAP. The hacker could be stalking you and analyzing your moves (as he did with me), so be careful to check from time to time whether there is someone else logged into your account.

You can do this by clicking details at the bottom right of your Gmail page. You can see there whether there is somebody else logged into your email account. What you wanna do is hit the sign out button

Once you’re there, check if you see other geographical locations beside the ones from where you accessed your email.

After having signed out from all other locations, go to Mail Settings > Accounts and Import

and see whether the hacker has left a “gift” for you in that section. Remove it if he has managed to get there. If you’re inside Mail Settings, why not check the https connection type as well.

What to do if You’ve Been Hacked

Luckily for me, I was near my computer at an early hour, which makes me suspect that the hacker was watching closely my activity as he struck when I wasn’t expecting it – during the night. Obviously, I tried inserting my long password five times in a row, then even restarted my computer. After that, I cleared the web history and the cache. I suggest that you don’t repeat my errors as this gives time for the hacker to make all the changes inside your mail settings so that he could restrict you from recovering your account. Act immediately, don’t wait.

You should remember some email contacts with whom you’re exchanging emails quite often. Also, if you don’t have labels, then create some as in the recovery process the support team will ask you this.

In my case, the hacker was pretty clever and he changed the security question, the secondary email and even the phone number. I was quick to react and have chosen the “I no longer have access to these” option.  After that, you will find a pretty detailed form where you will be asked about labels, email contacts and Google services that you use. You should indicate the approximate dates.

The Google support team answer arrived in less than 10 minutes and this saved my ass. I quickly recovered my email account and sighed.

How to Prevent The Hacking and Other Reminders

Right after recovering my account, I went for a 80 characters password, with more than 30 symbols in it, then printed it along with the password for my secondary email, which is also a solid one. After that, I installed another anti-virus and a spyware, I have chosen something from the Google Pack, namely avast! as I already have Super Anti Spyware. Then I went to see the gmail page details to see from where the jerk attacked and saw his IP and found his exact geographical location, but even if he’d managed to make some harm, I wouldn’t have known what to do against it, since an IP adresss is not a person.

I know I may sound like a broken record, but always check for viruses and malware, at least once per week, make sure to update your security tools and also the operating system. You should be careful about your browser as well, check for third-party applications and always download the latest version; Chrome or Firefox are secure browser, albeit Internet Explorer 9 has scored some nice security results as well.

Always check the attachments  and don’t forget to back-up your mail. Don’t read spam mails and whenever a spam hits your inbox, remember to mark it as spam so it will not annoy you anymore.

Also, don’t repeat the error of not logging out. But, the biggest mistake of them all is to believe that it can’t happen to you. It can and it will eventually if you’re not going to be extra careful about it.

115
SHARES

 
Managing Editor

is the Managing Editor of Technically Personal. When he has some extra-time, he writes about Windows 8 apps and reviews them on Wind8Apps. Believes that technology is the main engine of civilization. Send him a tweet or make him your Facebook friend

 
 
  • http://starblogger.net Daniel

    Congrats man for recovery your Gmail account. It look like that you have not use the 2-step verification?

    In my case: I use a strong antivirus, the 2-step verification and a forward account. It means I seldom login to the main account. One more thing: Google Adsense is also living in another one. Anyways, your suggestion is so important to everyone.

    • Radu Tyrsina

      Thanks Daniel!

  • http://www.hacktabs.com Anoop Sudhakaran

    Its sad to hear you got hacked, But happy to hear you recovered without harm. First of all no hacker would be stupid enough to let you have his IP so ofcourse he used a Proxy to access your account and next if you are sure that the IP is not a proxy then open your most recent contacts and check the header to match IP…if you are lucky you might find the IP of the person else you will get the Google server IP. Also printing out password is not a good option from my point of view. But ya as you suggested a pretty long password with chars help! :)

    • Radu Tyrsina

      Well, you can print it and carry it with you, in your wallet, where your personal ID is, for example. Or, you can put it into a jar and burry it :D

  • Saurabh

    awesome post brother
    Thanks!

    • Radu Tyrsina

      Thank you ;)

  • http://www.cravingtech.com Michael Aulia @CravingTech.com

    80 characters password!! Wow.. I guess there is no way you can be hacked now. I really need to follow your direction, after my iTunes and Twitter account got hacked a few weeks ago… *sigh*

    • Radu Tyrsina

      ha ha :) well, what can you do.

      I’d suggest keeping your password on a flash drive or maybe using some cloud services. Obviously, there’s no total protection

  • Kenneth

    another awesome post from techpp! thanks Raju!

    • Radu Tyrsina

      You are welcome Kenneth

  • Kelly M

    Nice gmail security tutorial
    I really need it

  • http://techdraginfo.blogspot.com/ shenoyjoseph

    i usually surf internet with HTTPS connection only in order to secure passwords from third party users.

  • Adam

    i guess the hacker did not have anything else to do; get a life, hacker! You make people’s lives miserable and that is not something to be proud of. Even just the intention of harming someone’s livelihood makes you nothing but a savage.

  • John methew

    Is there any way that i block any mail address.. bcoz there is company sending me mail for advisement daily. they send daily 10-15 mails to me..plz help

  • http://imraan.in Imraan

    thanks for sharing. Looking forward for more good stuffs.

  • http://www.bytekiss.com Atul Kumar

    Everyone should read….thanks for sharing

  • Chaitanya

    Hi Raju,

    Thanks for this post, I am stuck in the same situation as yours.

    The Hacker has hacked my gmail and he changed the primary and secondary contact information, secret question (it says temp question) everything has been changed.

    I filled the form and submitted the form, till now i dint received any response from google/gmail. After 24hrs i filled the form again waiting for the response now. I dont know if they dont respond on weekends.

    Can you please help if there is any other way than this to get my id back, I have lot of sensitive information in that account.Please help me

    • Radu Tyrsina

      I managed to get my account back so quickly because I knew a lot of info about my email, such as Labels, most used email contacts and so on. Try to be as precise as it gets as it will ease the recovery process.

      At least, it helped me!

  • JDA

    so we got hacked, emails from my gmail account, went out asking for money, via western union, money was sent, can’t get into my computer, password was reset..help

  • http://www.netrival.com Anand Kumar

    Need some cleanup. Google Packs are no longer available. Rest all is awesome.

  • Cindy

    I have a doubt. Can any spyware installed on my computer be handy for hackers to hack my password?

    Coz I always make sure to turn on the privacy check on my browser so that no cookies are stored. However, I saw my account being hacked when i went through the IP addresses from which my account has been accessed.

    I’m sure someone was behind that. I’ve also heard people saying that even if you try to switch on the privacy check in your browser, installing spyware would let hackers gain access to your acc easily. Is this true?

    Please clarify? I’m waiting for your reply

    • http://www.maindevice.com Radu Tyrsina

      it’s better to get an antispyware

  • misha

    i got hacked, and my emails are being used against me in a case i am fighting. I am not sure if gmail keeps a track of ip address from 3 days ago or even more. Has anybody got any ideas..

    • http://www.maindevice.com Radu Tyrsina

      yes, it keeps

      • misha

        where can i find this information pls.

  • http://www.maindevice.com Radu Tyrsina

    search online for “free antispyware”

  • misha

    where can i find this info please. And if i get the ip can i actually find who the person is

    • http://www.maindevice.com Radu Tyrsina

      no, you can’t. an IP is not a person.

      you said you were looking for a method to combat spyware…

  • http://ningtech.com Ankit

    well i copied my registration information time date et.c so this is not a problem for me !

  • http://www.techtipsworld.com/ Akash Arora

    Thanks for sharing this useful post :)

  • http://www.LatestOnNet.com/ GovindChoudhary

    That was really a great post bro..Thanks for sharing your experience.. got many new things in this post :)

  • http://www.technotipsblog.com/ Joshua S

    Time to Add 2-step verification to post..