12-06-2011, 02:07 AM
|
#1 |
|
Prospect
Join Date: Dec 2011
Posts: 2
|
Gmail Hacking
My daughter's gmail is being hacked into on a weekly (or more frequent) basis. She is running OS X, changes her pw frequently and is still being compromised. Could this be a keylogger? Any suggestions as to find the root cause of this and/or stop this from happening? She's at her wits end.
Much thanks for any help. G |
|
|
|
12-07-2011, 02:20 PM
|
#2 |
|
MVP
Join Date: May 2004
Posts: 2,012
|
Start using 2 factor authentication.
Hacked by who? What evidence is there that's it's actually being accessed? Strong passwords? Who would have had access to install a keylogger? |
|
|
|
|
12-07-2011, 02:50 PM
|
#3 |
|
Prospect
Join Date: Dec 2011
Posts: 2
|
She has no idea who is doing the hacking.
Her gmail shows the last login in Virginia. She knows no one in Virginia. She is using strong passwords and changes them frequently. No one has access to her home computer. I know this makes zero sense, other than the fact that she may have inadvertently downloaded a corrupt file that is accessing her account. |
|
|
|
|
12-08-2011, 01:49 AM
|
#4 |
|
MVP
Join Date: Aug 2009
Posts: 1,119
|
Does she use that same password on other sites? One of those may have been compromised. Use different passwords on each site.
She also needs to watch out for "helpfull" things like sites that claim to connect you to others, all you have to do is supply your account. Social engineering usually works a lot better than technology. |
|
|
|
|
12-08-2011, 03:30 AM
|
#5 | |||||||||||||||||||||||
|
League Commissioner
Join Date: Sep 2003
Location: Tokyo
Posts: 6,045
|
Does it frequently show the same place? Maybe your service provider uses a gateway in Virginia. |
|||||||||||||||||||||||
|
|
|
|
12-08-2011, 11:42 AM
|
#6 |
|
MVP
Join Date: May 2004
Posts: 2,012
|
How many times has Virginia or some other location showed up in the access list?
Is she using 2 factor auth? Check the filters and forwarding settings for anything that might be sending incoming messages to another email account. Run a reverse DNS lookup on the IP that is listed for that Virginia access (and any other unknown hits). This will help identify if it is just a weird hop from your own ISP. From Gmail's Activity Information page you can select to "Sign out all other sessions". It's possible that the access is coming from another machine that she left signed in. I forget if changing your password does this automatically; if not, change it and then click this button to be sure that you've reset everything. To be honest, it's weird that she still has access if someone else is getting in. That likely means that they're stealing the login credentials without needing a password (ie. from a shady site that she has also visited). If they were getting the password I don't see why they wouldn't just change it to lock you out; at least, that was my experience. |
|
|
|
|
12-09-2011, 07:33 PM
|
#7 |
|
Guest
Posts: n/a
|
Try to log into the gmail account and scroll to the bottom where it says "last account activity" and click on the "details" link. This will show you details in all the current logins and their current ip addresses. Mark down all the ip addresses and track them down to see if they are recognized. Sign off all the active sessions from that page as well.
Once you have logged off all the other sessions (assuming that there were any), log in from a different Mac or pc (one that presumably is safe and not hacked) , change the password on the gmail account and wait a couple of days to see if the account still gets hacked. Make sure you choose a suitably complicated password (8-12 chars) using upper & lower case, numbers and special chars such as $,! or ~ |
|
|
 |
| Tags |
| gmail, hacker, help me |
| Thread Tools | |
| Display Modes | Rate This Thread |
|
|
Linear Mode
