Thank God!. I was getting worried. But how exactly was it determined that all the users were phishing victims ? Also was makeuseof.com admins contacted ? Were they also victims of phishing attacks ?
Wow. I am so stoked that Matt Cutts puts this info out there on Twitter and Friend Feed. Till him, I thought Google was a bunch of jerks who hated web masters. Keep the Tweets a comin Matt.
Some websites sometimes suggest to look for contacts already using the service by entering our gmail address and password. How can we be sure they won't store our login information ?
I am happy to know that Gmail is secure. However there are 2 things which we need to consider :-
1. It's highly unlikely that tech savvy people who are the authors of reputed tech blogs like MakeUseOf will fall prey to a phishing email.
2. If, according to the Gmail team, the hacker got access to victim's gmail accounts then why did he just created a filter and left it ? Why didn't he change the passwords and tried to get more information out of the account ? Even if his intention might have been just to capture the domain, I don't think a hacker would just leave a gmail account with vital information, after creating a filter. So may be he didn't get access to it. May be he just ran a script and created a filter.
There could be other things. I love Google and Gmail but for some reason I am finding it hard to blindly trust you guys on this matter. I just hope that this thing doesn't happen again to anyone.
I have seen this happen to several people. The issue is not phishing.
In all cases, filters were injected into their gmail accounts via other sites while they were logged into, but not at, gmail or other google sites. Their gmail password was not compromised.
Filters are set up to silently forward emails to an outside account, often in Vietnam.
The most common case involves finding a gmail address associated with a domain registered through godaddy. From godaddy's site, they can initiate a domain transfer to another godaddy account that they have set up. The confirmation emails with an easy, one click, "secure" link that godaddy sends to the gmail address they have on file are then silently moved (by the filters) to the attacker's outside email.
With the email, they can click the link and take ownership of the domain. They then transfer it to an external registrar.
Good luck dealing with ICANN if this happens to you.
They often try to ransom the domain back to you. If this happens, you can get the FBI involved.
Hey Chris, I contacted Aibek over at MakeUsOf and he said no one from Google has contacted him. I'm curious who the GMail team spoke with since his site was one of the biggers one referencing the old exploit?
All freemailers I know have a much bigger vulnerability: There's only one password, used for both administatrive and usage tasks. This is a deadly sin. If you work on an untrusted PC or in an open environment (Internet cafe), your password is at risk. With the administrative capabilities, the account thief then can change password, secret question, and secondary e-mail. Then it becomes quite difficult to get your account back (a friend of mine has already lost two accounts that way - and apparently in Vietnam, the support query to Google doesn't work - Vietnam seems to be the center of Google Mail attacks ;-).
It would be very helpful for such environments if there was a mere-use login password, which would not allow to do any harmful changes (that includes deleting e-mails). Only normal communication should be possible.
I don't consider freemailers with the current authentication architecture "secure", unless you use a controlled PC (your own, free of trojans and without people looking over your shoulder) to access them. Wrong thinking: Especially freemailers are used in untrusted environments.
I do not know if the problem I encountered today with my gmail account has anything to do with this problem, but someone managed to use my gmail address and gmail address book to post a spam email to all people in my address book using my gmail address as sender.
I have been the victim of a few type of attacks. One in which I received an email telling me about a job, and so I opened the email and visited the site to see if they are legit. Once I visited the site, there was malicious code that automatically hacked my email account and sent an email to all of my contacts, telling them the same thing, they have a job and to see if they are interested...how can this happen??
I don't care what they say there is something wrong with gmail right now! I only access my gmail through MY mac and iPhone. I never use a web browser because it is all set up through Apple Mail. The other day I accidently clicked on the sent mail from server & noticed all these emails sent from my address. There is nothing being sent from my Mac just of a web browser so I changed my password & security question from a random letter/number combination to another new one. Well guess what in the two days since I did that it has sent out more & I have not had my Mac on since I did it. Google needs to look into this right away so my address does not get black listed. Of course it would help if I could contact them to report this but there is nothing that I can find.
I loss my gmail too. I lost my adsense account. I'm that that stupid to fell for a phishing scheme. I've send email to google prof that I own the account. But they did not reply. I will keep struggle to have my account back.
@Clement: that's a great question. We recommend you only enter your Google credentials to Google owned properties. Entering them elsewhere risks phishing, or having them stored and handled less securely than with Google. We support OAuth for contact list access. Sites should be using that to request access to your contact list. Check out the post preceding this one for more.
@Abhijeet / Brian: this really is a case of a large scale phishing scam. From a technical point of view, it's easily possible to distinguish phishing (or other causes of credential loss such as malware downloads, inappropriate credential reuse, browser compromise etc.) from web app bugs. Unfortunately, the scammers are becoming extremely sophisticated and are capable of tricky techniques that can deceive even tech savvy people. Some examples include highly targeted phishing campaigns, professionally created e-mails and web pages, plausible sounding domain names, and even SSL certificates for these fake domains. The filter issue is widely misunderstood. The bad guys have simply determined that precision filters are the best way to achieve their goals. They don't want to change your password because that gives away their presence in an account, and all they are waiting for in this case is interactions with the domain registrar.
@Aswin: you can use https://mail.google.com/ in all browsers. https://www.gmail.com/ needs something called "SNI" support. Firefox and Opera have had this for a while. I believe Chrome and IE7 have it when used on Vista.
I came across this blog after my wife asked me to look into how gmail account can get hacked.
Over the course of last month or so her class mates and activists have had or having their gmail account hacked. Where emails have been forwarded, new emails sent out and passwords being reset; in one instance a de-activated account was re-activated and used. I am dumbfounded how it is being done, we are talking about 10 to 15 accounts over a weekend.
I thought about key-loggers, brute force. The phishing could example of a couple of instances but not the send out of new emails from their account.
So if you have any advice or recommendation that would be great. I initially told them to send an email to google about it and then where JUST direct to "take the matter to the police" which I was shocked to hear.
My wife's email was hacked and deleted. She was able to access it on friday and saturday when she logged in, it said cannot find account. Now when I reply to email from her, I get an error saying: Account not found.
This also means that google picassa photos were lost, all sensitive information in emails was lost, probably credit card information in google checkout is not "secure" anymore. Also lost many documents in google docs.
Recovery page does not help.
I am not concerned: How safe is it to use gmail or google services. What if my account gets deleted?
i dont know how but i know for sure that one guy read all mails i didnt give him my password he dont have access to my computer my email is - amoslevy@gmail.com the guy that read my mails - smgjsk@gmail.com
January 19 I've got big trouble now.Someone hack of my gmail account. He did stupid things with my account. Now i can't open its and he change of my password my email is - streetracer7288@gmail.com Who can explain for that. plz contact to me kevin.007@hotmail.co.uk
To regain access to an account, please see this form. This link to the Gmail privacy and security page contains some great information too, including how to avoid being a victim of phishing, malware, browser bugs, etc.
25 commentaires :
Thank you for the information.
Thank God!. I was getting worried. But how exactly was it determined that all the users were phishing victims ? Also was makeuseof.com admins contacted ? Were they also victims of phishing attacks ?
Better in that way, we are a lot staying in calm!
Wow. I am so stoked that Matt Cutts puts this info out there on Twitter and Friend Feed. Till him, I thought Google was a bunch of jerks who hated web masters. Keep the Tweets a comin Matt.
U could use this post to ask users to "Use Chrome than IE, for better security" A marketing opportunity missed. ;)
@ Laksham Prasad: You are assuming that Chrome IS more secure? :P
Really Chrome is secure? Maybe more than FireFox.. but then again my Toaster is more secure than FireFox.
Aibek, the guy behind MakeUseOf.com pointed 5 fingers at Google !!! and now thats a perfect reply. Thanks!
Some websites sometimes suggest to look for contacts already using the service by entering our gmail address and password. How can we be sure they won't store our login information ?
I am happy to know that Gmail is secure. However there are 2 things which we need to consider :-
1. It's highly unlikely that tech savvy people who are the authors of reputed tech blogs like MakeUseOf will fall prey to a phishing email.
2. If, according to the Gmail team, the hacker got access to victim's gmail accounts then why did he just created a filter and left it ? Why didn't he change the passwords and tried to get more information out of the account ? Even if his intention might have been just to capture the domain, I don't think a hacker would just leave a gmail account with vital information, after creating a filter. So may be he didn't get access to it. May be he just ran a script and created a filter.
There could be other things. I love Google and Gmail but for some reason I am finding it hard to blindly trust you guys on this matter. I just hope that this thing doesn't happen again to anyone.
I have seen this happen to several people. The issue is not phishing.
In all cases, filters were injected into their gmail accounts via other sites while they were logged into, but not at, gmail or other google sites. Their gmail password was not compromised.
Filters are set up to silently forward emails to an outside account, often in Vietnam.
The most common case involves finding a gmail address associated with a domain registered through godaddy. From godaddy's site, they can initiate a domain transfer to another godaddy account that they have set up. The confirmation emails with an easy, one click, "secure" link that godaddy sends to the gmail address they have on file are then silently moved (by the filters) to the attacker's outside email.
With the email, they can click the link and take ownership of the domain. They then transfer it to an external registrar.
Good luck dealing with ICANN if this happens to you.
They often try to ransom the domain back to you. If this happens, you can get the FBI involved.
Hey Chris, I contacted Aibek over at MakeUsOf and he said no one from Google has contacted him. I'm curious who the GMail team spoke with since his site was one of the biggers one referencing the old exploit?
Any chance that GMail Notifier will also honour the "Always use https?" setting for polling and upon a double-click?
All freemailers I know have a much bigger vulnerability: There's only one password, used for both administatrive and usage tasks. This is a deadly sin. If you work on an untrusted PC or in an open environment (Internet cafe), your password is at risk. With the administrative capabilities, the account thief then can change password, secret question, and secondary e-mail. Then it becomes quite difficult to get your account back (a friend of mine has already lost two accounts that way - and apparently in Vietnam, the support query to Google doesn't work - Vietnam seems to be the center of Google Mail attacks ;-).
It would be very helpful for such environments if there was a mere-use login password, which would not allow to do any harmful changes (that includes deleting e-mails). Only normal communication should be possible.
I don't consider freemailers with the current authentication architecture "secure", unless you use a controlled PC (your own, free of trojans and without people looking over your shoulder) to access them. Wrong thinking: Especially freemailers are used in untrusted environments.
I do not know if the problem I encountered today with my gmail account has anything to do with this problem, but someone managed to use my gmail address and gmail address book to post a spam email to all people in my address book using my gmail address as sender.
I have been the victim of a few type of attacks. One in which I received an email telling me about a job, and so I opened the email and visited the site to see if they are legit. Once I visited the site, there was malicious code that automatically hacked my email account and sent an email to all of my contacts, telling them the same thing, they have a job and to see if they are interested...how can this happen??
I don't care what they say there is something wrong with gmail right now! I only access my gmail through MY mac and iPhone. I never use a web browser because it is all set up through Apple Mail. The other day I accidently clicked on the sent mail from server & noticed all these emails sent from my address. There is nothing being sent from my Mac just of a web browser so I changed my password & security question from a random letter/number combination to another new one. Well guess what in the two days since I did that it has sent out more & I have not had my Mac on since I did it. Google needs to look into this right away so my address does not get black listed. Of course it would help if I could contact them to report this but there is nothing that I can find.
I loss my gmail too. I lost my adsense account. I'm that that stupid to fell for a phishing scheme. I've send email to google prof that I own the account. But they did not reply. I will keep struggle to have my account back.
Thanks all for your great comments.
@Clement: that's a great question. We recommend you only enter your Google credentials to Google owned properties. Entering them elsewhere risks phishing, or having them stored and handled less securely than with Google. We support OAuth for contact list access. Sites should be using that to request access to your contact list. Check out the post preceding this one for more.
@Abhijeet / Brian: this really is a case of a large scale phishing scam. From a technical point of view, it's easily possible to distinguish phishing (or other causes of credential loss such as malware downloads, inappropriate credential reuse, browser compromise etc.) from web app bugs. Unfortunately, the scammers are becoming extremely sophisticated and are capable of tricky techniques that can deceive even tech savvy people. Some examples include highly targeted phishing campaigns, professionally created e-mails and web pages, plausible sounding domain names, and even SSL certificates for these fake domains. The filter issue is widely misunderstood. The bad guys have simply determined that precision filters are the best way to achieve their goals. They don't want to change your password because that gives away their presence in an account, and all they are waiting for in this case is interactions with the domain registrar.
@Aswin: you can use https://mail.google.com/ in all browsers. https://www.gmail.com/ needs something called "SNI" support. Firefox and Opera have had this for a while. I believe Chrome and IE7 have it when used on Vista.
I came across this blog after my wife asked me to look into how gmail account can get hacked.
Over the course of last month or so her class mates and activists have had or having their gmail account hacked. Where emails have been forwarded, new emails sent out and passwords being reset; in one instance a de-activated account was re-activated and used. I am dumbfounded how it is being done, we are talking about 10 to 15 accounts over a weekend.
I thought about key-loggers, brute force. The phishing could example of a couple of instances but not the send out of new emails from their account.
So if you have any advice or recommendation that would be great. I initially told them to send an email to google about it and then where JUST direct to "take the matter to the police" which I was shocked to hear.
My wife's email was hacked and deleted. She was able to access it on friday and saturday when she logged in, it said cannot find account. Now when I reply to email from her, I get an error saying: Account not found.
This also means that google picassa photos were lost, all sensitive information in emails was lost, probably credit card information in google checkout is not "secure" anymore. Also lost many documents in google docs.
Recovery page does not help.
I am not concerned: How safe is it to use gmail or google services. What if my account gets deleted?
i dont know how but i know for sure that one guy read all mails
i didnt give him my password he dont have access to my computer
my email is - amoslevy@gmail.com
the guy that read my mails - smgjsk@gmail.com
January 19
I've got big trouble now.Someone hack of my gmail account. He did stupid things with my account. Now i can't open its and he change of my password
my email is - streetracer7288@gmail.com
Who can explain for that. plz contact to me
kevin.007@hotmail.co.uk
To regain access to an account, please see this form. This link to the Gmail privacy and security page contains some great information too, including how to avoid being a victim of phishing, malware, browser bugs, etc.
Publier un commentaire