ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel
  • »
  • Technology»
  • Internet & the Web

"My Plight" - My Gmail Was Hacked, And I'm Not Alone!

Updated on January 11, 2015

The "With Tears in My Eyes" Scam Email

[9.17.10 8:13 AM] "My Plight": The Gmail hackers got me! They've hijacked my Gmail account, blocked me out, and sent scam emails to all my contacts. The email's subject was "My Plight." It claimed I'd been mugged and needed cash.

The hackers changed my security info, password, and secondary account. They set up a bogus yahoo account which appears as the "reply-to" on scam messages. Ten minutes after the first scam emails went out, I couldn't log in. I fought "Gmail's Account Recovery Form" for days, but I did get my account back... most of it, anyway.

I'm lucky. My Gmail contacts list was wiped, but at least my email wasn't erased. Many victims of this Gmail attack lose all their email, too.

If you've got a Gmail account, read on to learn how to protect it. If your Gmail was hacked, read on for how to recover and re-secure it!

The "My Plight" Email Sent to My Gmail Contacts

They sent it to my secondary account, too

I'm writing this with tears in my eyes,my family and I came down here to London, United Kingdom for a short vacation.unfortunately,we were mugged at the park of the hotel where we stayed,all cash and credit card were stolen off us but luckily for us we still have our passports with us.

We've been to the Embassy and the Police here but they're not helping issues at all and our flight leaves in few hours from now but we're having problems settling the hotel bills and the hotel manager won't let us leave until we settle the bills. Well I really need your financially assistance..Please, let me know if you can help us out?

Am freaked out at the moment!!

[My name].

--

"I'm supposed to cut back on dangling participles, and I'm not allowed to split any infinitives for at least another week." ~ radio announcer Vin Scully after minor accident

Nice of them to keep my signature about bad grammar while inflicting it on all my friends.

How To Secure Your Gmail

1. Follow the steps here: How to Protect Your Gmail Account.

2. encrypt your Gmail.

3. Follow Google's instructions on how to secure your Gmail.

4. Download your contact list! Also note the date you opened your account.

Other Gmail Hacking Victims - Reports around the Blogosphere...

Wow. Apparently this "tears in my eyes" scam is everywhere. (See also Gmail's Suspicious emails forum, inundated with hacking victims' pleas for help when I last looked.)

Email Safety Tip

Create a secret email address you use only with online banking and/or to access credit card accounts online.

If you post on news sites, blogs, or discussion forums that require an email address, create an "expendable" email address for this purpose. Hackers harvest addresses from these sites.

If You've Had Gmail Hacked

1. Fill out the Gmail Account Recovery form.

2. If and when you get in, follow Google's suggestions for securing your account.

Yes, I Take Security Seriously - And I was still hacked.

I've been using email since 1989, before the internet was even the internet. I have never before fallen afoul of phishing, hacking or malware (knock wood). Many people are blaming the following for this rash of Gmail hacking, but I do not...

  1. Use a weak password. I use alphanumeric passwords written in an invented language and/or several dead languages (inflected).
  2. Use a Smartphone app. I do not have a Smartphone.
  3. Connect to the internet from public computers like libraries and internet cafes, or from public wifi networks. I connect inside my own home.
  4. Access mail through Internet Explorer, Outlook, or a browser with extensions (Many hackers create legitimate-looking extensions that track your activities, infect or snoop on your computer.)
  5. Share a computer. Nope. Just me and the cat.
  6. Use poor computer security. Mac OSX has a pretty strong firewall. My home network is password-protected and encrypted (I ain't saying how), and my ISP provides minimal firewall protection as well.

How Did the Hackers Get In?

I don't know for sure, but this is a big no-no:

I hate having to write down passwords, so once I come up with a really weird one, I keep it. I had actually forgotten this password, I'd had it so long: it was on my computer's keychain!

So CHANGE PASSWORDS OFTEN. (Also, never use the same password for different accounts.)

3 Days and 2 Account Recovery Forms Later

Ack, I do NOT remember the month/day/year I opened my account!

Here's Google's reply to me.

Thank you for your report. We've completed our investigation and cannot

return your account at this time. We were unable to verify that you own

this account based on the information you provided.

If you can provide additional information to verify that you own this

account, please visit

http://www.google.com/support/accounts/bin/request... and submit

another report. Whether we can return access to this account depends on

the strength and accuracy of your responses, so be sure to provide as much

information as possible. If you're unsure about specific dates or

information, provide your best guess.

To create a new account, please visit

https://www.google.com/accounts/NewAccount

We apologize for any inconvenience and appreciate your cooperation and

understanding.

FINALLY! I've Gotten My Account Back!

Google's Left Hand, I'd Like To Introduce You to Right Hand

[9.19.10 late afternoon] When I returned to the Account Recovery Options page to fill out the form again, I noticed that my "secondary email" was no longer the hacker's bogus account (partially starred out). It looked like it might be the email I had used for the Account Recovery Form. So I tried it. YES!

I logged in and found my contacts list erased, but NOT my email. I quickly did what Google suggests to secure your account after hacking. And then I downloaded years of Gmail to Apple mail, which is not easy.

Google Is Reacting to Hackers - This is good to see...

Twitter User's Gmail Hacked
Twitter User's Gmail Hacked

I caught this on the Twitter search above. It looks like Google is battening the hatches.

IDEA: Set Up a "Hidden Mastermind" Account

Create an invisible Gmail account to manage your email

Your email address is how people know you, so you have to share it. However, it's also the way YOU log in and organize all your mail and personal data. So here's something I've created as an extra layer of securty (besides downloading all mail offline). I've set up what I call a "Hidden Mastermind" account.

How to Set Up a "Hidden Mastermind"

1. Create an email account with a VERY secure password which you change all the time.

2. Import your mail to the master account.

3. Under "Check Mail," add all your working email accounts that people know you by. So the master will now collate mail from those accounts.

4. Always send email messages from a "known" public address -- one of those people know you by -- and never by the mastermind. In Gmail, you can set a default "Send Mail As," address.

5. Set Gmail to reply with the email address a message was sent to.

6. NEVER use your mastermind address as part of a user profile or login info on any site, from your bank to Facebook (which has so many security holes it's scary).

A "hidden mastermind" account won't stop keylogging, hackers intercepting connections from Smartphones or public access points, or sophisticated Gmail Crackers. But at least it will be invisible to the majority of hackers, who are targeting email addresses they find on website profiles, forums and Facebook.

Google Responds

The rash of hacking over the weekend has reached Google's attention. I confess, one reason I made this page was to help the news go viral so they'd do something. Sorry, Google.

Anyway, Google is now going to unroll optional two-factor authentication. I think this is a good idea, provided it doesn't make it harder to get your account back.

The Bottom Line

You Get What You Pay For

Gmail is a free service. it's got useful features, but it's automated. If anything happens, you won't get much help.

So if you're depending on email for business, I am not sure Gmail is the safest choice. Email with a service provider that offers 24/7 tech support may be better. Look for ISPs and webhosts that include backup and data recovery, just in case a successful hacking attempt erases or screws up your blog, website, or email.

Have you had your Gmail hacked? Did you get your account back, or are you still waiting? Were your contacts and email wiped? Share your story below! And yes, you MAY post anonymously; just no spam or scams, please!

© 2010 Ellen Brundige

Guestbook - Have You Been Hacked, Too? - Don't Reply Until You've Secured Your Email!

    0 of 8192 characters used
    Post Comment

    • tylerabernethy22 profile image

      tylerabernethy22 5 years ago

      Mine was too! A few weeks ago!

    • LouisaDembul profile image

      LouisaDembul 5 years ago

      My husband's yahoo account was hacked this morning. Like yours, it didn't take them many minutes to change password. We have reported it to yahoo, let's hope they do something about it. People have been calling from all over the world to know if he's fine. The same rubbish about being stranded in London.

    • mythphile profile image
      Author

      Ellen Brundige 6 years ago from California

      @Cinnamonbite: Monly Python words are not good choices. Hackers run through names and any words in the dictionary.

      The password that the hacker used to break into my account was a made-up word that doesn't exist on the web, the name of a character in a story I wrote 30 years ago and never published anywhere.

    • Cinnamonbite profile image

      Cinnamonbite 6 years ago

      Nope. Not ever. I've had sites get hacked and they claim someone has my password but so what? I change passwords too often so whatever password someone might have acquired, it's long been replaced.

      I have a tactic to picking passwords. I watch Monty Python skits and write down interesting words.

    • Addy Bell profile image

      Addy Bell 6 years ago

      I haven't been hacked, but I've known a lot of people who have been. As someone who has trouble remembering passwords, it's very concerning.

    • ChemKnitsBlog2 profile image

      ChemKnitsBlog2 6 years ago

      This would be my worst nightmare. I already use https, and I recently realized how insecure my original password was! Thank you for providing us with this information.

    • mythphile profile image
      Author

      Ellen Brundige 6 years ago from California

      @greenspirit: I'm really sorry you got burned! It's so frustrating.

      Don't worry about the mastermind account suggestion I put at the end -- that's just me being extra paranoid. Try to follow Google's instructions for securing your account, though, if you can log in.

      The link is above, but here it is again:

      http://knol.google.com/k/the-c-man/how-to-recover-...

      Good luck!

    • greenspirit profile image

      poppy mercer 6 years ago from London

      I got hacked this december 26th...and chocolate offers were sent to really innapropriate contacts using a squid reference that doen't exist. The weird thing is that I haven't had anything to do with chocolate offers, although I did have an email come in from a well known and respected squidder last month that I opened. . It was a chocolate gift offer, which I ignored, but I had opened the email...oh the social difficulty!

      The second worst thing is my utter dyslexia when it comes to all the stuff you mention above. Fantastic info, but it makes my brain swim, just reading it. I have managed to change my password, but most of the other stuff is like greek to me... We've had this conversation before!

    • CCGAL profile image

      CCGAL 6 years ago

      Wow. It's scary to think how many scammers are out there trying to hack into accounts. I'm lucky so far, I've never had a problem, but this really opens my eyes to potential issues. Glad you wrote this, although I am so sorry you had this problem.

    • profile image

      WhitePineLane 6 years ago

      This is an incredibly helpful lens. As I write this, my Facebook account has been disabled because it was hacked this week. I had already taken steps and gotten back control of the account, but I think Facebook is slow on the uptake. Anyway, glad things worked out for you, and I will use some of your ideas as I change every password I can think of online. :-( *Blessed by a Squid Angel*

    • religions7 profile image

      religions7 6 years ago

      I'm a bit late to see this, but I am glad your problem got solved. The master account idea is good. IMO they should have put in two layered security years ago. I mean - people have financial information on their accounts (adsense etc.)

    • Stazjia profile image

      Carol Fisher 6 years ago from Warminster, Wiltshire, UK

      Excellent advice which I've acted on before writing this comment. Thanks for the reminder about security online.

    • profile image

      anonymous 6 years ago

      This idea to set up a "master" account is great - I immediately knew your email was a hoax because you and I had only exchanged emails the previous day about how busy you were and as Concorde is no longer operating I just knew you did not have time to visit London ;)

      However, this is excellent advice, which I shall be following as my ISP is now providing its email service through gmail.

      A very helpful lens on how to avoid having your contacts hacked.

    • jimmielanley profile image

      Jimmie Lanley 6 years ago from Memphis, TN, USA

      I don't use google mail, but I think any free email can be hacked. This is pretty freaky. Glad no one fell for the scheme.

    • mythphile profile image
      Author

      Ellen Brundige 6 years ago from California

      @HealthfulMD: Oy. It really seems like the hackers are getting more and more sophisticated. Suppose they always were, but it's scary when such old sites are finally succumbing.

    • HealthfulMD profile image

      Kirsti A. Dyer 6 years ago from Northern California

      Greekgeek. You have my condolences. I'll have to take a look to see what I need to do to back up my gmail account. We had our nearly15 year old website hacked into and it is now being labeled as a "Reported Attack Page!" Google is saying it may take weeks before they can re-review the website. I share your frustration.

    • ajgodinho profile image

      Anthony Godinho 6 years ago from Ontario, Canada

      Sorry to see this happen to you and thanks for sharing some of the details. I'm really careful, like you, and have never had my account hacked into or fallen to phishing...thanks God! Though, I've had several of my friends on FB and web-mail accounts fallen prey to hackers. Changing passwords on a regular is a good idea. Hoping that you get this resolved soon and hopefully Google can learn from this too and have some way to deal with this faster and more effectively. All the best!

    • pkmcruk profile image

      pkmcr 6 years ago from Cheshire UK

      I was so sorry to hear of your problems my friend and I am glad that you have turned it into something positive with this lens. Blessed by a passing Squid Angel :-)

    • LisaAuch1 profile image

      Lisa Auch 6 years ago from Scotland

      That is the worst thing ever, you must be so p****d, unfortunately these guys seem to stop at nothing, and care of no-one, it's crap Google have not responded. Thoughts are with you.

    • profile image

      RebeccaE 6 years ago

      Yep, gotta go change my passwords, but again, it is important to have strong passwords, I know it is a hassle but it is important,t hanks for the heads up.

    • Wednesday-Elf profile image

      Wednesday-Elf 6 years ago from Savannah, Georgia

      Thanks for letting us know. My son just switched his email account to Gmail recently. WHY do scammers & hackers have to give people so much grief. Sure hope you get it straightened out soon.

    • profile image

      ohcaroline 6 years ago

      Thanks for the up and up on this. You have to be vigilant on the internet these days. Best wishes on this problem.

    • jptanabe profile image

      Jennifer P Tanabe 6 years ago from Red Hook, NY

      Wow, thanks for sharing your experience of being hacked. My daughter's hotmail account got hacked a couple of times. Don't these hackers have a life!

    • mythphile profile image
      Author

      Ellen Brundige 6 years ago from California

      Thank you, everyone! And thank you, Joan! It's good to have friends. I hope I've saved a few others the frustration of my last 24 hours.

    • joanhall profile image

      Joan Hall 6 years ago from Los Angeles

      Hope things get straightened out for you soon. I've never had an email account hacked, but I can see that there are some security steps that I really should take. Thanks for sharing.

      (BTW, this lens gets an Angel blessing and a feature at SquidAngel At Your Service.)

    • LotusMalas profile image

      LotusMalas 6 years ago

      I'm so sorry! Thank you for the helpful tips on how to secure Gmail. I haven't been hacked yet - I hope I didn't just jinx myself :-O

    • profile image

      anonymous 6 years ago

      Sorry to hear about your trouble! I've never been hacked (knock on wood) but, with an internet email account like gmail ~ isn't it Google's problem the account was hacked more than yours? I'm not sure how a Web email account would have anything to do with your computer unless they hijacked your computer to do it. I can see that the strength of the pw would matter, but you'll have to explain the rest. I'm on a Mac, too, and I'm still very careful but I am downloading and re-exporting everything after reading this, just in case. I started adding punctuation to my alphanumeric passwords, if they can be used, about a year ago, and like you it's not easy words with some numbers...no no no. You've taught me a bunch of computer tricks though, thus why I take it seriously when you say your account was hacked. I do hope you get everything back the way it was. Best of luck!

    • daoine lm profile image

      daoine lm 6 years ago

      I'm so sorry to hear about this. What an awful experience. I hope you recover your account intact and quickly.

    • ssuthep profile image

      ssuthep 6 years ago

      This is frightful. I have had other email accounts hacked before and the hackers used it to send spam mails. My hosting company suspended my account until I could prove that I wasn't the one sending it and that my account was hacked. I have lots of important information on my Gmail account and your lens is like a wake up call for me to be more diligent with email security. Great lens.

    • mythphile profile image
      Author

      Ellen Brundige 6 years ago from California

      @jenms lm: Ack. I didn't look at all the comments. They are alarming, aren't they? I may leave the link there just to hammer the point home. I doubt any of the folks posting there are actually successful hackers, but it certainly is a sober reminder how many WANT to be.

    • jenms lm profile image

      jenms lm 6 years ago

      I'm sorry to hear about that, but thanks for the tips - did you notice the comments in the getpcmemory page linked to under "get links?" interesting.

    • mythphile profile image
      Author

      Ellen Brundige 6 years ago from California

      @religions7: For a while it didn't hit me, but knowing all my Gmail could be erased -- ALL of it, including my last email from my mentor who passed away two years ago -- I am just kicking myself for not making sure I saved every last message and contact.

      I've spent the day carefully going through all my different profiles and accounts from most vital (bank account, credit cards) to least (fanfiction, old social forums) creating new, different, unique alphanumeric passwords for every one. Changing all the sites where my contact info was set to my gmail account to point to my ISP-related account. I even created two new accounts on my ISP, including a new "bank account, credit cards, Paypal only" email address which will not appear anywhere else.

      I'm tired. I'm glum. I may have lost six years of stuff. Most of it wasn't vital, just old memories, online friends. Most of the important stuff I have stored somewhere. But not all.

    • religions7 profile image

      religions7 6 years ago

      Oh boy. This is worse than I thought when I read about this in the forums. I do hope you get your account back. If my gmail was hacked, I'd be freaking out - mainly because of all the other info in my google account. Off to 'secure' my account right now. and password protect my password files.

    • profile image

      anonymous 6 years ago

      There are a lot of problems like this on gmail, it is really very common.