PDA

View Full Version : Google says it thinks my account has been compromised



tuiruru
22-03-2011, 09:28 AM
So, is this legit?

It's asking me for my mobile number. If I haven't got a mobile I have to fill in a form giving about 5 e-mail addresses, which obviously I can't remember cos I just type in the people's "nicknames".

Do I go thru' with what they're asking?

Thanks

Speedy Gonzales
22-03-2011, 09:31 AM
Can you get into it? If you can, dont worry about it

tuiruru
22-03-2011, 09:34 AM
Hi Speedy

No - it comes straight up with the attached

Speedy Gonzales
22-03-2011, 09:35 AM
Guess you'll have to fill in it then. if it were an email, then it may have been dodgy. Cant do much if you cant get on the site itself

tuiruru
22-03-2011, 09:36 AM
And if I try and get to GMail thu' the little app GMail notifyer there's no e-mail showing up

Chilling_Silence
22-03-2011, 09:38 AM
Yeah it's a new security measure. All legit.

http://www.google.com/support/forum/p/gmail/thread?tid=57887270026d559a&hl=en

tuiruru
22-03-2011, 09:38 AM
Guess you'll have to fill in it then. if it were an email, then it may have been dodgy. Cant do much if you cant get on the site itself
OK - I'll let you know how it goes.

tuiruru
22-03-2011, 09:54 AM
two texts, one automated phone call, three different codes 'cos they obviously "crossed each other in the post and a password change and I'm in.

Thanks for the swift replies guys :thumbs:

utopian201
22-03-2011, 09:56 AM
How does receiving a code on your phone verify it is you? Couldn't anyone put in their number and then google would think it was you?

8ftmetalhaed
22-03-2011, 10:27 AM
The area would match (nz) and they might have asked him for a mobile number or other detail in his account signup.

Chilling_Silence
22-03-2011, 10:31 AM
Yeah Facebook have done similar things, alerting you that it's the first time you've signed in from a certain IP range or whatever, or if the reverse DNS resolves a different ISP? I'm not 100% sure on how it works but basically they ask you to verify your "friend" from about 10 different sets of photos. Very clever stuff, works brilliantly!

Halwende
22-03-2011, 10:37 AM
I had a text from Google once asking if I wanted my password reset, it basically said if not do nothing - so someone was trying to reset it on my account. They didn't get in because of that...

tuiruru
22-03-2011, 11:05 AM
Well I did wonder about the phone number thing - I hadn't given them one previously as far as I remember. Once I'd got the code they sent me I did have to re-set my password, so I might change that again. I do have to get a new IP address automatically every morning in order to connect to the net, so I suppose that could have sparked an alert.

One "interesting" thing is that, despite starting the lappie a couple of times, the gMail Notifyer app hasn't automatically connected to the net yet.

I'll try it again

Chilling_Silence
22-03-2011, 11:15 AM
A new IP won't trigger it. Only if you were to use an IP from a different ISP perhaps, or an IP Range with your ISP you've never used before? I'm not 100% sure...

tuiruru
22-03-2011, 11:36 AM
Yeah, well now it's locked me out again and have had to go thru the rigmeroll of applying for a new password, which they will then send to another e-mail account "usually within 24 hours"!! :angry

A couple of questions they required filling in were, basically if you were invited to join Gmail who sent the invitation, and, the month and year you first set up the account!!:horrified :groan: :stare: :waughh:

Chilling_Silence
22-03-2011, 01:22 PM
Sounds odd. Screenshot?

tuiruru
22-03-2011, 01:30 PM
Well!!!!

Something/body had got at my G Mail Account - it seems to have grabbed the address book and sent out an e-mail with, with my name at the top, and nothing else in it except a link.

Anyway, I sent out a "blanket" email to everyone in the address line to tell them not to follow the link. Do any of you feel secure enough to test it out for me?

As part of the "authentication process" of them knowing that the "warning" letter was from me I'm telling them to follow the link to this thread and view the photo I've posted here (taken by the cay last night whilst he was playing wit the digital camera) that I've already sent them

Any suggestions as to what to do next?

Thanks

Edit Just thought - they may not be able to see it if they're not an F1 member - still, i'st the thought that counts

tuiruru
22-03-2011, 03:43 PM
Having had a closer look of the 42 addressees that the Spam was sent to only nine are on a mailing list that I use regularly, and that I copy and paste into the BCC box on the outgoing mail from a sticky on my clipboard manager (The "missing" addresses are in my GMail address list tho'.

So, anybody got any ideas why the situation is like that?

Pain in the bum!

kahawai chaser
22-03-2011, 04:58 PM
If it becomes cumbersome, and if you need Gmail in a hurry, you could try create another Google account/Gmail. You can do multiple sign-ins for Gmail accounts, and a few other Google services. Or use a temporary disposable email service like 10 minute mail. (http://10minutemail.com/10MinuteMail/index.html)

tuiruru
22-03-2011, 05:09 PM
If it becomes cumbersome, and if you need Gmail in a hurry, you could try create another Google account/Gmail. You can do multiple sign-ins for Gmail accounts, and a few other Google services. Or use a temporary disposable email service like 10 minute mail. (http://10minutemail.com/10MinuteMail/index.html)

Hi Kahawai

Yep, I've had another GMail account for ages, plus another that is totally not Google.

The one that was hacked is up and running again so I'll see how it goes. I've notified all the people on the Spam e-mail list, now I suppose I'd better let the others know just in case!

waldok
22-03-2011, 08:40 PM
Hi Tuiruru

If you haven't already done so, the routine I ask friends and family to go through when this happens is:
1) Install all security updates on your PC that you use to access the account.
2) Do a full virus check to make sure there's no malware sniffing out your passwords.
3) Change the webmail password to something strong (e.g., http://www.random.org/passwords/)
4) Configure all your account/password recovery details. It's very difficult to recover an account if you don't have this set up. I'm not sure where to find this in Gmail but in Hotmail you click on your name in the upper right, then on Account.
5) Only use trusted PCs to log into your account.

cheers
W

tuiruru
22-03-2011, 08:44 PM
Thanks Waldoc - I've got most of that covered, but it's always good to get lists like that because most of us will miss something out!