(moved from old website – previously posted 5.3.2010)
The main reason I started blogging was to help people out, since they have helped me through my various searches. Today, we had an incident that needs to be shared with as many people as possible. My husband’s gmail account was hijacked for several hours today. Someone hacked it and changed his password, as well as every option to send a reset password to him through email, text message, etc. We were extremely lucky that Google reset his backup email to another account he still owns, but wanted to warn others to be wary. The “cloud” is great, but not infallible. It is important to understand that if you are not paying for an account, your rights are extremely limited. I’m a huge Google fan, so I’m not advocating booting Gmail, but just taking a few precautions:
1) Make sure you back up your Gmail (or hotmail, yahoo, etc.) account. If you have Mail, Entourage (Mac program), or Outlook or Outlook Express (PC), you can set them up to receive your gmail through POP. When you set up the account, use this page to see how to receive Gmail through the email client that is local to your machine: http://mail.google.com/support/bin/answer.py?answer=12103
Yahoo and Hotmail will have similar support sites. Just type in Yahoo pop settings or Hotmail pop settings to your search engine.
2) Back up your contacts. This is easy to do through Gmail. Just go to Contacts and hit Export. They will lead you through the export,and then you will have them on your local machine. This is important, because you will want to send a mass email to all of your contacts as soon as you find that you have been hacked, because you really do not want them to send money to the hacker. I know this sounds ridiculous, but trust me–someone will think about doing it. We had at least one person who actually had dialogue with the hacker about paying his bill by credit card vs. the Western Union payment requested.
3) Make sure you know your Gmail information. Check out this link to see what information you will need in order to re-access your account: https://www.google.com/support/accounts/bin/request.py?ara=1&hl=en&contact_type=ara&ctx=ara
In our experience, you didn’t have to get every question correct, but we can’t guarantee this will always work. My advice — make sure you know the answer to each of these questions.
4) If you are lucky enough to get control of your account again, check all of your settings. Derek found he wasn’t receiving emails, and closer inspection revealed that the account was set to forward to an unknown Yahoo account. In case you want to torture someone when you are having a bad day or are just bored, here’s the email: email@example.com. Feel free to send them spam, sign them up for annoying subscriptions, or any other creative, but evil, idea you might have.
5) This may be overkill, but I would suggest you change all of your passwords for Ebay, Amazon, Paypal, etc.—just in case.
I hope you never have this problem, but hopefully this will save you some headaches if you do.