My Dad's gmail got hacked...
October 25, 2014 7:49 PM   Subscribe

I think my Dad's gmail account got hacked while he was in Cambodia at the start of the month. We have no idea how. What should we do beyond changing the password and alerting the banks and credit card companies?

The gmail account sent out phishing emails a couple of times (pretending to his email contacts that he'd sent them a scan pdf which was really trying to get them to give their passwords), and then my Dad stopped using it. The hacker appears to be accessing the email from Dubai (my Dad is in China, did not visit Dubai any time recently) - accessing it almost every day until Oct 20th when for whatever reason they stopped. The hacker switched browsers - from Chrome to Firefox to Pale Moon, all on Windows.

I have now changed the password and asked my Dad to alert his banks and credit card companies. My Dad does not know much about computers etc. (I am not an expert either, but know a bit more)
What other precautions should we take? Thanks so much for any advice!
posted by zresearch to Computers & Internet (7 answers total) 3 users marked this as a favorite
 
Changing the password is fine, but you should check the settings to make sure the email isn't forwarding anywhere, isn't set up to be accessed through other inboxes, and isn't set up to work through another client (like POP/IMAP). Those settings will appear both in your gmail "settings" section "the little mechanical wheel button on the top right of your screen. When logged in, just go here: https://mail.google.com/mail/u/0/?tab=wm#settings/general

Other important stuff to check is in your account settings, which will be here: https://www.google.com/settings/security You should also see if any services/apps are connected to it and turn those off ("account permissions") unless they are legitimate. He may want to add two-step verification or something to add more security.
posted by AppleTurnover at 7:58 PM on October 25, 2014 [5 favorites]


You should also look at https://security.google.com/settings/security/activity which details your account activity. You can identify suspicious logins
posted by mulligan at 8:02 PM on October 25, 2014 [2 favorites]


I would put a hold or freeze on his credit with the major agencies.
posted by 724A at 9:50 PM on October 25, 2014 [1 favorite]


Thanks everyone for the answers so far!

I should also have mentioned that my Dad's accounts are in China and the UK.
posted by zresearch at 9:57 PM on October 25, 2014


um, I mean his financial accounts not his email account
posted by zresearch at 11:20 PM on October 25, 2014


Two-step authentication and always logging out will make the account much more secure in the future.
posted by willem at 2:49 AM on October 26, 2014 [1 favorite]


He likely got hacked when he entered his username and password on a computer he doesn't control. Maybe he logged-in in Cambondia? Only 2FA will protect against this (as wllem says). But it won't protect against someone hijacking an already logged-into account - use the link mulligan included to monitor that.

He can easily be hacked again unless he changes his password recovery questions and answers, and checks his backup e-mail address is under his control.

If you want to be thorough, all of the accounts that use this gmail account should also be considered compromised: new password and same procedure there.
posted by devnull at 3:48 AM on October 26, 2014 [1 favorite]


« Older What type of retirement service am I looking for?   |   Great Acoustic Covers Newer »
This thread is closed to new comments.