Someone hacked my… something... somehow
August 5, 2008 11:05 AM
What do you do when you think you've been hacked, but don't know how?
This morning, when I tried to check my gmail with my iPhone, I got an error that the username/password combination was wrong. I was connected to my home network at the time. I re-entered the password in the iPhone settings and tried check it again. I got the error that the connection to the server “imap.gmail.com” failed. Feeling funny, I went to my Macbook and changed my gmail password in the google account settings.
At lunch, I checked gmail from my work PC and noticed a spam message that got through which I found strange since gmail has been very good lately at blocking spam. The spam was sent from my account. I know that it’s easy enough to spoof this, but I did check my sent mail and there it was. Someone sent the email from me, to me. The email subject was: “Anjelina Jolie Free Video”. The content was: “The password on archive anjelina”. There was an attachment: Angelina_Jolie.rar which I did not open. It was sent at 12:32 pm. I was definitely at my desk during that time.
I quickly changed my password again, and I made sure the new one was very strong. But, what now? Check my home and work machines for keystroke programs? Check to see if my home network has been hacked? How would I go about doing this, anyway? I feel like I need to change all my passwords now – bank, social networks, etc. – but what if they are watching me… Right Now!?!
This morning, when I tried to check my gmail with my iPhone, I got an error that the username/password combination was wrong. I was connected to my home network at the time. I re-entered the password in the iPhone settings and tried check it again. I got the error that the connection to the server “imap.gmail.com” failed. Feeling funny, I went to my Macbook and changed my gmail password in the google account settings.
At lunch, I checked gmail from my work PC and noticed a spam message that got through which I found strange since gmail has been very good lately at blocking spam. The spam was sent from my account. I know that it’s easy enough to spoof this, but I did check my sent mail and there it was. Someone sent the email from me, to me. The email subject was: “Anjelina Jolie Free Video”. The content was: “The password on archive anjelina”. There was an attachment: Angelina_Jolie.rar which I did not open. It was sent at 12:32 pm. I was definitely at my desk during that time.
I quickly changed my password again, and I made sure the new one was very strong. But, what now? Check my home and work machines for keystroke programs? Check to see if my home network has been hacked? How would I go about doing this, anyway? I feel like I need to change all my passwords now – bank, social networks, etc. – but what if they are watching me… Right Now!?!
Now that you mention it, I got this same email in my gmail account, except it appeared to be from another email account that I have forwarded to my gmail. I didn't think much of it. If it helps, I haven't physcially logged in to that particular email account in over a year, so I don't see how mine could be the result of a keylogger or anything...
posted by thejanna at 11:11 AM on August 5, 2008
posted by thejanna at 11:11 AM on August 5, 2008
If you suspect your iPhone is hacked, it's easy enough to do a restore, which will basically reinstall the OS and should wipe out any nastiness that got in.
You might as well change your passwords, because it's an easy step to take.
If your PC has a trojan on it, you can try running the various trojan detectors. Run HiJack This, Adaware, and the Microsoft malware detector.
However, nothing you've said makes it sound like you have definitely been hacked. I get spam to my Gmail account from time to time, and it's easy to spoof the sender. Sometimes spammers send you email spoofing your own address to try to get through the spam filters. The fact that the email mentioned a password was not significant, since they were trying to lure you into opening their file by promising a password to a porn site. My iPhone often gets the "connection to imap.gmail.com failed" error. If you got an error saying your username/password was wrong, but you have verified that your password is actually the same as it was, I would dismiss it as a temporary glitch in Gmail, which has been very buggy lately.
posted by agropyron at 11:14 AM on August 5, 2008
You might as well change your passwords, because it's an easy step to take.
If your PC has a trojan on it, you can try running the various trojan detectors. Run HiJack This, Adaware, and the Microsoft malware detector.
However, nothing you've said makes it sound like you have definitely been hacked. I get spam to my Gmail account from time to time, and it's easy to spoof the sender. Sometimes spammers send you email spoofing your own address to try to get through the spam filters. The fact that the email mentioned a password was not significant, since they were trying to lure you into opening their file by promising a password to a porn site. My iPhone often gets the "connection to imap.gmail.com failed" error. If you got an error saying your username/password was wrong, but you have verified that your password is actually the same as it was, I would dismiss it as a temporary glitch in Gmail, which has been very buggy lately.
posted by agropyron at 11:14 AM on August 5, 2008
Your iPhone problem might have had nothing to do with a password change, but just a problem with Google's IMAP server. Your ability to go on your MacBook and change the password from there strongly suggests no one changed your password.
As the spam from you to you, that's a common tactic by spammers to avoid spam filters; they hope that by using your address as the "from," they'll defeat spam filters because the filters will think the e-mail is from a trusted sender. Check your sent items folder and confirm that it wasn't sent by someone using your account.
Not to start an OS war, but the fact that you are using a Mac significantly lowers the probability that there is a keystroke logger on your machine. It's not impossible, but it's not likely.
posted by profwhat at 11:15 AM on August 5, 2008
As the spam from you to you, that's a common tactic by spammers to avoid spam filters; they hope that by using your address as the "from," they'll defeat spam filters because the filters will think the e-mail is from a trusted sender. Check your sent items folder and confirm that it wasn't sent by someone using your account.
Not to start an OS war, but the fact that you are using a Mac significantly lowers the probability that there is a keystroke logger on your machine. It's not impossible, but it's not likely.
posted by profwhat at 11:15 AM on August 5, 2008
Also, be careful not to run random spyware-removal tools, because a lot of them are actually spyware or trojans in disguise. Stick with well-known names, and be careful to download them from the well-known sources. Check wikipedia or cnet.com to find the right sources.
posted by agropyron at 11:15 AM on August 5, 2008
posted by agropyron at 11:15 AM on August 5, 2008
Oh, since the PC is your work computer, you might not want to run the spyware removal tools on it. Contact your IT department if you see anything fishy, but as stated above, there's no real reason to think you're hacked.
posted by agropyron at 11:17 AM on August 5, 2008
posted by agropyron at 11:17 AM on August 5, 2008
It could have been this.
Regardless of what happened or how, your first step is to change your password.
posted by Class Goat at 11:24 AM on August 5, 2008
Regardless of what happened or how, your first step is to change your password.
posted by Class Goat at 11:24 AM on August 5, 2008
(Which you did.)
posted by Class Goat at 11:25 AM on August 5, 2008
posted by Class Goat at 11:25 AM on August 5, 2008
I also had an iPhone gmail IMAP error this morning. It happened a few weeks ago (to numerous people according to online help questions), so I think it's just part of Gmail still being in "Beta" after all this time.
posted by shinynewnick at 11:28 AM on August 5, 2008
posted by shinynewnick at 11:28 AM on August 5, 2008
Yeah, I guess it just weirded me out that the first error I got was incorrect password and when I put my password in again the error changed to the IMAP error.
I did check my sent mail and the email is in my sent box. I didn't realize spammers could mess with the sent mailbox, I thought that they could only spoof the sender.
Anyway, these answers are making me feel better.
posted by studentbaker at 11:35 AM on August 5, 2008
I did check my sent mail and the email is in my sent box. I didn't realize spammers could mess with the sent mailbox, I thought that they could only spoof the sender.
Anyway, these answers are making me feel better.
posted by studentbaker at 11:35 AM on August 5, 2008
I think you're overly paranoid. It doesn't sound like you were hacked. Just coincidentally the gmail server was down, and you got a spam message.
posted by wongcorgi at 11:35 AM on August 5, 2008
posted by wongcorgi at 11:35 AM on August 5, 2008
I think you're overly paranoid.
I think a good dose of paranoia is very healthy when it comes to computer security issues.
posted by agropyron at 11:46 AM on August 5, 2008
I think a good dose of paranoia is very healthy when it comes to computer security issues.
posted by agropyron at 11:46 AM on August 5, 2008
I suspect that some PC you have set up to use your gmail account as a mail server somewhere is infected with a spambot. The fact that the spam does show up in your sent mail box means that it was almost definitely sent by someone (or more likely, something, being a spambot/trojan) with access to your gmail account, likely by virtue of you having a password saved in your favorite mail client on a PC somewhere. I would recommend making sure your virus scanners are up-to-date on all the PCs you use, and running a full scan, just to be sure.
posted by jferg at 11:58 AM on August 5, 2008
posted by jferg at 11:58 AM on August 5, 2008
I too got that same "Anjelina Jolie Free Video" spam in my gMail inbox this morning. It was forwarded from an old email account from my university that I have set to automatically forward to my primary inbox. I haven't noticed anything weird beyond that.
posted by phrayzee at 12:08 PM on August 5, 2008
posted by phrayzee at 12:08 PM on August 5, 2008
GMail's been kind of flaky all morning for me too. The bad-pass error is spurious. It works again later.
posted by rokusan at 12:15 PM on August 5, 2008
posted by rokusan at 12:15 PM on August 5, 2008
Yeah, i get that kind of message on my iPhone from time to time. Almost certainly unrelated to the spam. It doesn't necessarily mean Gmail was down either as can usually access it via Safari instead if there's something important.
Remember - if your password had been compromised and changed (if the iPhone message had been legit) then you wouldn't have been able to get on to the account from the PC either...
I suspect that the appearance of the item in your Sent Items was simply down to Gmail being too "clever" for its own good. It looked at the spoofed From address, got spoofed itself and decided the message was sent by you, and so shows it in your Sent Items.
And if someone had hacked your account, I'm sure they would have better things to do then using it to send spam to itself! ;)
posted by saintsguy at 12:23 PM on August 5, 2008
Remember - if your password had been compromised and changed (if the iPhone message had been legit) then you wouldn't have been able to get on to the account from the PC either...
I suspect that the appearance of the item in your Sent Items was simply down to Gmail being too "clever" for its own good. It looked at the spoofed From address, got spoofed itself and decided the message was sent by you, and so shows it in your Sent Items.
And if someone had hacked your account, I'm sure they would have better things to do then using it to send spam to itself! ;)
posted by saintsguy at 12:23 PM on August 5, 2008
I also got this email today, through one of my much older accounts, that forwarded on through to GMail. It was "from" that older account as well. I wouldn't worry. I wouldn't open up that RAR, either. (Surprised GMail's virus scanner didn't block it and all mentions of that email when the interwebs got flooded with them.)
posted by disillusioned at 12:30 PM on August 5, 2008
posted by disillusioned at 12:30 PM on August 5, 2008
Got that same spam email myself, from and to a sneakemail address of mine. Don't worry about it being in sent mail -- Gmail automatically puts email that appears to come from you in there (for good reasons to do with it allowing you to send as other people and pull other accounts in as POP)
posted by bonaldi at 12:40 PM on August 5, 2008
posted by bonaldi at 12:40 PM on August 5, 2008
This thread is closed to new comments.
posted by sharkfu at 11:09 AM on August 5, 2008