June 18, 2009 by catherineofcambridge
find a friend at Google
GOOD ADVICE from a recent hijackee
Submitted on June 18, 2009
My account has been hijacked and this is my advice: If you use gmail, find some way to make friends with someone who works at Google. I know that sounds insane but it is the only way I was able to get my account immediately disabled; my boyfriend went to uni with a guy who works for Google, so I begged him for help and he was immediately able to email someone and have my account disabled. Of course I am still waiting to hear from the appropriate department in order to get my account reinstated, but in the meantime, at least I know the hacker isn’t doing any more damage.
Go on Facebook and see if you know ANYONE who works for Google, or if any of them look like they might make interesting chat buddies. 
They have an “in” we mere mortals do not.
Kate Stiteler
Tags: gmail, google, hijacking, security, solution
Posted in Uncategorized | Leave a Comment »
September 6, 2008 by catherineofcambridge
I recently received a post that stated that folks are not out there trying to hack into gmail account. Thought it might be helpful to point out the tutorial on the web that gives instructions – what to do to hack in – and it would be informational on how to avoid this. Appeared last year at the Black Hat Security Conference then picked up by the media.
You can read about this at
http://www.tgdaily.com/content/view/33207/108/
video teaching someone how to hack into gmail is at
http://www.tgdaily.com/content/view/34324/108/
Tags: gmail hacking
Posted in Gmail hijacking, google, security | Leave a Comment »
May 21, 2008 by catherineofcambridge
Thanks Joseph!
Joseph Says:
May 21, 2008 at 8:14 pm
Hi everybody. Unfortunately as you probably already know, google customer service is virtually nonexistent. Everything is done through forms. I used the following form to have them ultimately reset my password:
http://www.google.com/support/accounts/bin/request.py?hl=en&contact_type=ara&ctx=accounts&uses_apps
=no&product=other&submit=Continue
i was forced to use the form because i had no secondary email on file for them to send the password too.
it took about 6 hours for them to reset my password. Once i changed the password and logged into gmail again I accessed the Settings Tab and clicked on filters. Here i had to make sure no filters were in place that i had not set up myself. There were none in my case, but i spoke to others who had this problem. Next i checked the forwarding tab. here is where i saw the hackers footprint. He had set my account to forward all my email to a new email “joemidollo@gmail.com” and subsequently delete those new emails from my account “joemidolo@gmail.com” Once this was disabled I found no other issues.
I went through my trash and found that he had tried to access my paypal account, but that they had sent him a message locking him out.
Other then that, stay on the lookout and change all your passwords.
Good Luck!
Tags: gmail, hijacking
Posted in Gmail hijacking | 2 Comments »
February 27, 2008 by catherineofcambridge
Though I have my account back with increased security – I continue to receive emails from folks with the same story as mine. I continue to wonder why GOOGLE is so unresponsive. Again I post the questions – why is GOOGLE so unresponsive to GMAIL clients? Could someone from GOOGLE – GMAIL – or with more knowledge please address this…
Posted in Gmail hijacking, google, security | Leave a Comment »
November 6, 2007 by catherineofcambridge
Barry Schneier was the final keynote speaker. Brilliant and down to earth. When I told him about what happened with gmail he said “you’re screwed”. Turns out these vulnerabilities are common knowledge – as well as gmail’s lack of responsiveness.
Barry’s BLOG and his latest book – Beyond Fear.
Tags: security, solutions
Posted in Gmail hijacking, security | Leave a Comment »
November 6, 2007 by catherineofcambridge
Tags: gmail, security
Posted in Gmail hijacking, security | Leave a Comment »
November 1, 2007 by catherineofcambridge
It’s been a fascinating experience trying to report this Identity Theft. My account, hijacked at Logan airport, is only one of “thousands of calls” that the different agencies receive each week.
I spoke with the local police – they don’t even take the report since there are issues of jurisdiction.
I tried to report to the state police – suggested by the Boston police. After being grilled as to how this could possibly happen at Logan airport, Trooper D’Ambrose informs me they will need to take a look at my computer. No problem, I agree to bring it in for them to take a look into my cache and history. When I call to arrange a mutually agreeable time, Trooper Noonan, the tech guy, informs me that I am to leave my laptop for some undetermined length of time.
me: I’m a professor and need my computer to teach my classes, I can bring it in and wait for it, I’m happy to wait several hours if that’s what you need.
Trooper Noonan: We need your computer for evidence. If you are reporting this, we will keep your computer.
me: for how long?
Trooper Noonan: undetermined
me: well how long will this take, I need my computer to teach my classes
Trooper Noonan: could take as long as a year – if you want to report this then you MUST bring in your computer for evidence.
Needless to say, forget that. So I call Martha Coakley’s office – Attorney General of MA who has a new initiative against cybercrime. Telling my story, yet again, I’m informed that it’s been reported, could take as long as several weeks and then MAYBE, if the supervisor deems it appropriate, someone will get back to me. Don’t expect a response for several weeks though.
In the meantime, someone continues to hack into accounts “phishing” and sending emails – especially through gmail’s vulnerabilities.
Chaos reigns…
Tags: chaos, internet crime, phishing, security
Posted in security | Leave a Comment »
October 30, 2007 by catherineofcambridge
What I did:
1. after I freaked out and felt helpless – I looked at all of my options
2. I then posted to the gmail discussion board
3. I contacted the police in Seattle and put in a report
4. contacted the FBI in Seattle, DC and Boston
5. left voice mail messages for 6-10 GOOGLE execs
650-930-3500 or 650-253-0000 I followed the prompts for dial by name/ noone ever seems to pick up the phone except the receptionist and she wouldn’t let me speak to anyone directly no matter how I expressed the urgency my situation (see #8 below)
6. I responded to 110+ phone calls, messages and a couple dozen emails
to alternative emails
7. I filled out forms at Internet Crime Complaint Center, FTC, (this is complaint form for Identity Theft) and a few others
8. I called GOOGLE first thing Monday morning – the receptionist refused to
let me talk to anyone directly
9. I filled out all of the forms requested by GOOGLE and GMAIL – all
listed in this post by others
10. I responded immediately to gmail’s response in great details
11. I contact the IT dept at the college I teach at – many students
received the BOGUS email
12. I contacted many people who actually went to the website and gave
credit card info – they canceled credit cards etc.
13. I have tried to get a contact for the website (so far unsuccessful with
this)
14. I contacted the Atty General’s office first thing this morning – see additional post for this.
Though I have my account back – the website continues to stay up and active and it seems noone can do anything despite many many calls and forms.
Hope this helps – feel free to email me @
my.account.hijacked@gmail.com
Catherine
Tags: FBI, gmail, hijacking, security
Posted in Gmail hijacking, security | Leave a Comment »
October 29, 2007 by catherineofcambridge
Great advise from one of the regular contributors to the GMAIL discussion group.
In your @gmail account
1. Clear your browser’s cookies and cache, and sign in to GMail’s UI
using the secure URL https://mail.google.com/mail/
2. Once you sign in, you would have an auth. code (a string of
letters/
digits) in the address bar of your browser, after the
https://mail.google.com/mail/?auth= . Copy the entire code for your
account.
3. Take a few screenshots of your All Mail, Contacts > All contacts,
Settings > Labels, Settings > Filters, Sent, etc. Ensure that your
email address is visible at the top-right.
4. Go to All Mail > Oldest. The first 2 mails you have received from
the GMail team would have the exact date/time of your account
creation. Note these details down.
5. Sign out of your GMail account.
In your other @non-gmail account
6. Try to search for the original Invite. Note who (name, exact email
address) had invited you.
7. Note the invitation code, given on the link, in the format: 1char -
10chars – 10chars – 8~12chars
8. Try to search for the “Congrats! Your xxxx@gmail·com has been
created” mail sent here. This would have your account verification
code. The date/time for this message would match the one in (4) above.
You may also take a screenshot of this message.
9. Sign out of this account.
Keep these information handy, you may require these in case your
account gets compromised and/or you are unable to sign in to your
@gmail account.
Extra precaution :
In your GMail account, you can conduct a search using the
·in:anywhere· string to check that no private information, like credit
card numbers, other financial or bank logins and passwords, or any
such sensitive information is available. If there is, you may copy the
information elsewhere and delete such messages both from your normal
mailbox as well as from Trash. Same goes for any attachments having
any sort of sensitive information.
Tags: gmail, hijacking, security, solutions
Posted in security | Leave a Comment »
