Gonna give me a hack attack
November 30, 2010 11:26 AM   Subscribe

So many savvy friends have been gmail-hacked lately that I'm freaking out. Please give me the latest advice.

I'm on a Mac, I've got a strong gmail-only password, and I try to believe that I've got pretty good sense when it comes to phishing links, etc. But my whole life is in the g cloud, and the thought of my contacts/emails/documents disappearing is making me completely ill.

Please give me your most current and best advice on backing up my life and preventing data catastrophe. Thanks!

One caveat with software: my current (and beloved) machine is an old-school PowerPC G5. Lots of new stuff won't run.
posted by cyndigo to Computers & Internet (21 answers total) 13 users marked this as a favorite
Well, gmail itself always runs over https. So that means you're safe from Firesheep-style attacks. The most likely way for you to be hacked would be a trojan / keylogger on your machine. While these are less common for Macs they do exist. I don't know anything about anti-virus/anti-trojan software for Macs, but I bet someone here does.

The other potential threat is logging in from an untrusted machine (like a internet cafe, or a friend's infected machine). Again the worry is keyloggers grabbing your password.

Most likely your friends got hit by something like that, or just had really weak passwords (even people who should know better sometimes stick with weak passwords).

Also, go to settings -> Google Account settings -> Password recovery options in gmail and add an SMS password reset number, an alternate email, and check your security question. These will all aid in recovering your account if anything does happen.
posted by wildcrdj at 11:42 AM on November 30, 2010

I have added IAntiVirus, a free Mac antivirus that updates and works silently on your machine.
posted by Postroad at 11:51 AM on November 30, 2010

> machine is an old-school PowerPC G5. Lots of new stuff won't run.

This is your biggest problem. The first rule of computer security is keep your software up to date. Each time a security flaw is found, two things happen. First, the author of the software fix the flaw and distribute a patch. Then, virus authors look at the patch, figure out what was patched, and write viruses to exploit computers that haven't installed the patch yet.
posted by gmarceau at 11:53 AM on November 30, 2010 [1 favorite]

I'm running a PPC G5 also... are you on OS X 10.5.8?

That's the end of the line as far as the MacOS goes on your hardware, but you can still run the current releases of Firefox & Safari. Worth the upgrade (unless of course you need to keep running older versions of other software.)
posted by omnidrew at 12:02 PM on November 30, 2010

Have you backed up your mail (1,2,3) documents and contacts? That will help with the piece of mind.

Your password is strong, but what about your security question?
posted by Busy Old Fool at 12:03 PM on November 30, 2010 [5 favorites]

If it's the same thing that's going around among my friends and family, it all apparently has something to do with facebook.

You might want to use a throwaway email address as your facebook login address, and at the very least make sure the passwords are different between your email and facebook accounts. Also, get rid of any third party apps you may have added and don't add anymore from now on.
posted by Sara C. at 12:03 PM on November 30, 2010

Response by poster: From what I understand, one of the biggest problems is that when an account is compromised, the hackers immediately go to settings and change the password recovery options. Seems like there should be a better control for this.

gmarceau, I'm sure you're right. But I'm not in the position to buy a new Mac today, so.
posted by cyndigo at 12:04 PM on November 30, 2010

I believe the gmail password recovery options are set so changes don't take effect for a week or two, for exactly that reason.
posted by Jairus at 12:14 PM on November 30, 2010

FWIW, when I was hacked it was actually quite easy to regain control of my account through google's usual channels.

It was mainly annoying because they'd sent out emails to everyone in my contact list claiming I was being held hostage at a B&B in Wales and needed money right away. Which I'm still feeling the fallout from - every time I run into a work contact who got that email they say, "I see you managed to escape the grasp of those evil British hotel schmucks..."

They also deleted my whole contact list, had things forwarding to somebody else's obviously hacked account, and otherwise tweaked around with my settings. But that was the worst of it. They didn't use my gmail to get access to any other online accounts, and neither did they dig around for other sensitive information that may have been archived in the body of past emails. They just wanted my contacts, for the most part.
posted by Sara C. at 12:15 PM on November 30, 2010 [1 favorite]

Haven't heard about this one. A good way to stop it would be to run Facebook and Gmail in separate browsers. Say, Facebook in whatever you normally use and Gmail in Firefox. That way any Facebook worm doesn't have a chance of stealing your Gmail cookie (remember to logout of Gmail first on your Facebook browser).

One thing I'll say about facebook: don't click on the random links you're friend 'like' especially if they are those sensational crap sites. For example, "OMG!!!!! CHECK THIS OUT!" or "SEE WHAT THIS GIRL WAS KICKED OUT OF HER HOUSE FOR DOING" or any of the random booby links. Every one of them is spam/worm/or worse. What they do is they overlay your browser content area with a transparent layer and no matter where you click you trigger their javascript code that reposts it on Facebook and other bad things.
posted by sbutler at 12:19 PM on November 30, 2010

Oh, and if you gave Facebook your gmail password in the past (to import your gmail contacts, for example), remove any remaining linkage from the Facebook side (don't know how/if there's a way to do this) and maybe change your password. I really don't know much about how Facebook used the Contacts API (before Google shut it off), but it's possible they have your gmail password stored somewhere?
posted by wildcrdj at 12:50 PM on November 30, 2010

I'm not sure if it's an issue on the Mac, but I run no-script on my PCs to prevent unwanted applications from running in the web browser. I also use an Adblock Plus subscription that tracks malware sites. Between both of them, most browser-based attacks are thwarted to prevent account hacking.

Sophos does have Mac anti-virus software. While I have nothing but great things to say about their PC products, I did install their Mac AV software last year and was underwhelmed (this is when it was mainly for corporate use). I haven't tested their new version.
posted by jmd82 at 1:35 PM on November 30, 2010

Never use the same password for more than 1 app. Use different passwords for Facebook, Gmail, your blog, Metafilter, etc.

My personal paranoid conspiracy theory is that Facebook - more to the point, unscrupulous, un-vetted Facebook apps and usage of the plugin - is the weak point. I know several people who have had this problem, and recent Facebook usage is the common denominator for all of them.

(Of course, so are things like "eating dinner" and "driving to the grocery store." So who knows. Correlation/causation and all that.)

posted by ErikaB at 3:10 PM on November 30, 2010

Don't let stuff use your address book. "See if your friends are on BlahBlahSocialMediaBlah!" kind of things. It's rude anyway, but I've seen apps that make you think you're not really agreeing to do that but you are. Even (what I thought was) fairly reputable sites like LinkedIn are doing that sort of thing.

(I too blame Facebook for at least 90% of these "hacking" incidents.)
posted by Lyn Never at 3:33 PM on November 30, 2010

OMG I'm so glad you asked this. I had my Gmail hacked on Saturday and it was very traumatic.

They didn't do anything more nefarious than send simple spam containing just a link to all my contacts - no changing of the password or recovery options - but it freaked me out so much because I am SUPER careful. I run malwarebytes and spybot and I'm careful about where I click and what I download, so I just couldn't figure out how such a major breach could have occurred. It made me realize how much I depend on gmail and how devastating it would be if I ever lost my account.

I'm careful about where I click, but not about passwords. I had the same one for almost every website. I just changed them all.
I don't fall for the Facebook scams but I have older, naive friends there who seem to constantly be getting viruses and infections. Maybe because my facebook had the same password as my gmail, somehow facebook provided a way into my mail?
posted by CunningLinguist at 3:53 PM on November 30, 2010

>> I have added IAntiVirus, a free Mac antivirus that updates and works silently on your machine.

The problem isn't a virus, it is someone tricking you into entering your login/pass somewhere, so this wouldn't help a bit. Additionally, show me the link of any actual OSX virus and I'll buy everyone in here a copy of this silly antivirus software. There aren't any viruses on the mac. None, zero, zilch.

As a rule of thumb, I never check my email or login to other accounts I have on friends computers, especially when traveling.

Also, if you get a link or email that doesn't seem right. Always enable the privacy settings so that cookies aren't saved, etc.
posted by darkgroove at 5:12 PM on November 30, 2010

Just adding that I'm the idiot who had the same easy password for everything until I got a message from Gmail saying that my account was accessed by an IP in Nigeria. Still trying to figure out Keepass but that was a little freaky. I'm concerned because it doesn't seem like they did anything besides access my account so if anyone can explain, please MeMail me. Thanks.
posted by kat518 at 6:06 PM on November 30, 2010

Yeah, I'd bet my hat it has something to do with being logged into gmail (possibly even just google) while some awful web script goads you into clicking something that's really something else.
posted by gjc at 7:12 PM on November 30, 2010

Also, a rather obvious precaution, but one that not too many seem to take advantage of: Don't let the answer to your security question be something obvious! Set that as a separate, unique, alpha-numeric code as well.
posted by hasna at 11:14 PM on November 30, 2010

This article about a blogger whose account was stolen says that one of the things Google will ask you for, in order to prove it's your account, is your most frequently contacted email addresses. It offers a link that tells you how to find this info. I personally store that info in KeePass (your KeePass notes are also encrypted) and check it quarterly when I change my password (which, incidentally, is randomly generated by KeePass and is at least 16 characters long). Is quarterly too often? Maybe, but it's not that much of an inconvenience... takes all of 5 minutes to do it. Have I ever been hacked? Nope.

Most of the rest of the article just reiterates what's been said here.
posted by IndigoRain at 11:51 PM on November 30, 2010 [2 favorites]

Response by poster: Thanks for all the great suggestions! I didn't mark a "best answer" as there were so many good answers, but the article IndigoRain linked and also the different browsers suggestions were especially helpful.
posted by cyndigo at 10:34 AM on December 1, 2010

« Older And I'm Not Even a Twilight Fan   |   Surrender, Freeman! Newer »
This thread is closed to new comments.