Wife's email was haxxored, please halp
November 23, 2010 1:57 PM   Subscribe

Does my wife need to abandon her email address?

Just received an email from the wife that says:

Are you busy these days?
I know a very good company that may be help you to shop something.
You can check it: www.okayele.com
Recently this company have promotional activity.
Most of their products have big discount that will help you save a lot
of money.
I think you will have a good time there. %--8

It's clearly spam. Another problem: this was also sent to me as a text message (not Google chat) (we both have Android phones).

So, is her account compromised? I assume Google wouldn't admit even if it was. Is changing her password enough, or should she move on to a different address or service?
posted by r_nebblesworthII to Computers & Internet (14 answers total) 4 users marked this as a favorite
Best answer: Yes her account has been compromised by a spammer. This exact same thing happened to a client of mine about three months ago and the text of the spam that got sent out under her account is identical to what you have here.

Changing my client's password seemed to be adequate -- there have been no new spam messages sent out to her contact list since the original event. If you are concerned, though, it is possible to migrate your entire Google account, as described by this Lifehacker post.
posted by briank at 2:01 PM on November 23, 2010

Best answer: It wasn't necessarily sent from her account. It is trivially easy to spoof the "From" field of an email.

Have her change the password and log out all other sessions (click the link at the bottom). Then she can check her Sent Items to see if anything was really sent.
posted by Simon Barclay at 2:02 PM on November 23, 2010 [8 favorites]

Google may mention when she logs in that her account was accessed from china/someplace far away. It should prompt her to go through some security steps.

But it depends..

How was the account compromised in the first place? Weak password or a keylogger/malware?

weak password: A password change should fix this.

malware: Scan your computer and change the password. Might or might not come up with anything. See if the account is used again for spam purposes. If it is, the easiest method is to back up files and wipe the computer.
posted by royalsong at 2:04 PM on November 23, 2010

Response by poster: Sorry for not mentioning - it's a Mac running up to date Snow Leopard. However, I think she's accessed gmail from work once or twice. Now that I think about it, should we notify her work too...?
posted by r_nebblesworthII at 2:06 PM on November 23, 2010

Have her change her password and don't worry too much about it. Like stated already, it's trivial to spoof someones email address.
posted by volatilebit at 2:06 PM on November 23, 2010

Forgot to add: Unless she's extremely unhappy with the service, I see no reason to change email addresses/services. If you have a keylogger, changing your address won't matter. They'll just pick up the new address and password the first time she logs in.
posted by royalsong at 2:07 PM on November 23, 2010

The fact that the email was to you from your wife is certainly a little worrying. But it is very common for spammers to use someone elses email address (spoofed).
posted by volatilebit at 2:08 PM on November 23, 2010 [1 favorite]

While it is trivial to spoof a from address, it would be an amazing co-incidence for a spammer spoofing your wife's address to send an email to you without having access to your wife's (or yours) address book (or possible by intercepting traffic between the 2 of you).

Have your wife change her password and check her sent items. Also check any computers either of you use to check your email account for malware.

I recently had my yahoo mail account compromised (very old account with an old password - only 5 characters) and there were several obvious signs - firstly they'd switched from Yahoo classic to the new ajax version, secondly my inbox was full of bounce emails - my address book is as old as the password was and most of the addresses no longer exists. Finally, the idiot didn't delete the messages from my sent items.
posted by missmagenta at 2:16 PM on November 23, 2010 [1 favorite]

Best answer: This happened to me so I came here and asked this question.

I changed my password to a super-secure one and followed instructions suggested my Mefites. I had no more problems... for a while, perhaps a few weeks. Then my friends and contacts started to let me know they were getting the emails about my 'friends' electronics store in China again.

I ended up creating a new email address (inserting a . between the first name and last name), just to stop my friends from the hassle (and worry that they'd be compromised). I exported the contact list from the compromised email, shut it down completely, imported the contact list to the new email and let everyone know to add a . to my address.

Haven't had any problems since.

Tl;dr: yes, change your password but keep an eye on it in case it starts happening again down the track.
posted by malibustacey9999 at 2:22 PM on November 23, 2010

Als0 your wife should log in to gmail and scroll down to the bottom of the page. She'll see this "Last account activity: 19 minutes ago on this computer. Details" Clicking "details" will give you a list of the last few times the gmail account was accessed which might highlight something weird.

Keep in mind that her gmail password may be the same as another less secure password that she may have set up, which may have been the access point for this problem. I'm assuming she's accessing gmail via the web and not via the Mac mail program?
posted by jessamyn at 2:25 PM on November 23, 2010

Response by poster: Right, access is via web. I guess we'll start with password change and see what happens.
posted by r_nebblesworthII at 2:44 PM on November 23, 2010

In these cases it's also important to review any "challenge/response" answers you may have associated with the account to confirm they have not been changed.

e.g. What is you mother's maiden name

If you are super paranoid you may wish to consider changing all of those values to something that has not been accessed by the attacker.
posted by bottlebrushtree at 3:07 PM on November 23, 2010

Best answer: Don't forget to check:
1) Have any forwarding addresses been sent up in your wife's account? That is, are copies of her mail being sent somewhere else?

2) If an alternate mailing address has been set up, is it still correct? The hacker might have changed it to one that s/he controls.

3) If you have any reason to think that someone has accessed your email account, check or change your passwords on all online sites. This is because:
a) Some sites still send you a password via email;
b) most online sites let you change your password after sending a confirmation email to you, and your hacker would have been able to log on, ask for a password change, and intercept the confirmation email.
posted by Joe in Australia at 3:29 PM on November 23, 2010

Also note once your account has been compromised, the contact list can be copied. After that, even if they are locked out, the From: field can be spoofed and spam sent to your old contact list. One test for this is to create a new fake contact after resetting the password -- if that contact also gets the new spam, they are still finding their way into your account probably through a keylogger.
posted by benzenedream at 3:41 PM on November 23, 2010

« Older Boyfriend is scared to think about the future....   |   Pressing pork matters Newer »
This thread is closed to new comments.