Gmail fail! Please help!
November 21, 2009 6:37 AM   Subscribe

Gmail shame! My account was accessed and all my contacts were spammed. How do I keep this from happening again?

I'm not even sure the spam was really sent from my account:it doesn't show up in my sent folder. However there was an entry in 'account activity' that I'm pretty sure wasn't me accessing my account. I already changed my password (which, I admit, hadn't been changed in years). I use the latest version of firefox on my macbook (i don't even know if this is relevant, but whatever). How do I keep this from happening again??
posted by genmonster to Computers & Internet (7 answers total) 3 users marked this as a favorite
 
Run a bunch of spyware scanners (AdAware, Spybot S&D, Spyware Terminator, etc.) on your machine, as well as AVG. If you're running Windows do an update.

And don't just change your Gmail password. Change your secondary email address and your security question.
posted by turgid dahlia at 6:49 AM on November 21, 2009


This happened to me too (firefox, mac). I have many accounts connected to my gmail, so I went out and changed my password on every single service I use. Sucked, never tracked down the source.
posted by wingless_angel at 7:00 AM on November 21, 2009


turgid dahlia is right but there's also SMS recovery to check. Go to your account settings, then click on "change password recovery options", and make sure it's all yours, including the SMS.

Please also think about if you've used the same password on any other sites. It's common for the bad guys to break into one site and then try the passwords on other sites...
posted by sergent at 7:16 AM on November 21, 2009


In addition to the virus checkers to make sure you don't have something capturing data locally, make sure your new password is hard to guess (and not on a password list somewhere). There are bots out there **constantly** attempting to break into web-based (and other) email accounts.

You can make it easier on yourself by using phrases combined with numbers and special characters. Use memorable phrases that mean something to you - like "Spammers, stay out of my gmail!" could become something like #S,s0omGm41L!

Some basic guidelines here. And be sure not to pick any passwords from here. :)
posted by jenh at 8:49 AM on November 21, 2009


It could be that someone was spoofing your address. Can someone who received spam from you send you the message header? That might indicate if it was sent from google's servers or from somewhere in China or Russia or wherever. In any case, change your passwords
posted by Burhanistan at 10:43 AM on November 21, 2009


There is also a GMail option to always enforce the use of HTTPS for connectivity to GMail. This can be important if you use any public wifi access points since people can can capture your credentials over the air as you work otherwise.
posted by mmascolino at 3:10 PM on November 21, 2009


Use separate passwords for all the sites you visit, and store them in something like KeePass. If you are on your personal computer and allow (say) Firefox to store your passwords, use a master password (in the browser settings), and make it secure. This master password is entered each time you start the browser and allows Firefox to auto-fill your passwords. Then, any time you leave your computer, close your browser.
posted by IndigoRain at 10:39 PM on November 21, 2009


« Older What history / philosophy books should I read next...   |   wintry mix Newer »
This thread is closed to new comments.