I'm a fan of the two-factor authentication Google uses. In encouraging others to use it, I'd love to be able to share statistics indicating its effectiveness. Can you share any numbers regarding the reduction in account compromises among people who use two-factor authentication.
I realize such a number would have selection bias, but it's better than nothing.
I just got an email from noreply@googlesecurityteam.net that said: ================ Dear Member,
We noticed our security IP-Address detector as been disabled on your account,to avoid account been hacked or interrupted,You need to re-log in on the link below to update your IP-Address Security.
Secure is one of our most important responsibilities..
Well, this has happened to me a number of times now. My account was not only hijacked, but my websites cloned as well.
It has been suggested that some drug addicts hijacked my blog in order to use the Google adsense.
The templates on Blogger may have some flaws as well. On my account, my editing pencil. wrench and other editing tools do not show up, making it difficult to post and edit in my blogs.
Now, people keep getting me mixed up with the drug addicts who hijacked my blogs.
At the present time, it appears that I may be posting on the spoofed or cloned account and someone else has my account or is sharing it.
I use google talk from the MacOS "Messages" application, and I frequently work from a commuter shuttle or remote site (frequently == daily). So basically every time I start Messages, Google flips out about suspicious activity and makes me go throug hthe rigamarole you describe before I can use my account. Is there any way to opt out of this for those of us who simply cannot guarantee an IP address, or do we have to avoid using Google Talk while on the road?
I use Google Talk via MacOS Messages, and I do this from a laptop that is, on a near daily basis, logged in from strange IP addresses. This results in me having to re-authenticate continuously. I'm wondering if there is some way to opt out of this due to the high volume of address-switching I do, or if Google would advise me to avoid using Google Talk from my laptop?
Seriously? Just check how bad written those messages are. They're not even proper English. And that URL has nothing to do with Google. Plus Google never sends emails saying click here to login they always display content on-site.
A prolonged cyber attack targeted me by known woman cracker and IT corporate professional in the UK. After wiping jail broken IPhone (remote) and Mac BookPro, 2 weeks later she cracked I IPhone, ICloud, Apple ID- even after increased anti malware and security. A private investigator was hired after I cleared my name w/ Google following web browser hack to surf terrorist sites. Forensics report today. Perhaps enough evidence will have been obtained to prosecute and ID.
I am so upset...I have been locked out of my own account because of two step verification. I disabled it several times before on the same device, however, it always seems to ask for the codes which would be sent via text. The problems I have now are: my phone number has changed because of a recent move (didn't remember to update my Google info when I moved); my tablet device needed to have default settings reset for another issue with my bank and wiped out cache, passwords, etc.; and I have had my account for a long enough time that I could not recall when I opened it or remember who I email frequently because I mainly use it as a source for incoming newsletters, tradeshows, company updates,etc.; why can't there be a more relevant way to properly confirm that I am the true account holder? I have a vast array of personal things stored including drive docs, calendar, and other things I use each day not to mention contacts! There has to be more sensitivity for myself and others in a similar situation. It's very insulting to chase around the world of internet for answers, help, suggestions...and your company staff has been very rude to say I am screwed, no one can help, and that I need to open a new account! Does anyone suggest a good hacker??? What shall I do?
A Gmail account is set up with all known precautions in place via settings, Drive, Calendar, and external apps closed to prevent backdoor entry. Also the 2-Step verification is setup with backup email addresses and phone numbers.
Everything goes well for a very short time, then the 2-Step Verification codes are stolen and login phishing pages block activity.
The main issue is to find out how the attackers are attaching login phishing pages to Gmail login, Account Activities, Dashboard, and Security
The second concern is that if you are cautious not to use the phishing pages, then how do they login or piggy back when you log in. It feels like something is in place and it waits for login. Then after login things get changed. Notifications are turned off and Account Activity is blocked.
While attackers are in, they copy all the 2-Step Verification codes. This renders them useless. When I get locked out because of attacks, I just get routed to information pages and nothing else.
Sometimes I get the opportunity to use my backup email address. But when I do, the backup gets infected.
In the meantime, notifications are turned off and recent activity is blocked permanently. I am not savvy enough to know how to turn them back on.
The phishing pages to login with a password are useless. They don't lead to anything. They just take the password from you.
I don't know what to do outside of creating multiple gmail accounts and letting the hackers have some of the stolen ones. Other infected accounts were either abandoned or closed when they got recovered. I can't get my name back. Someone stole it a long time ago and I tried to get it back but I lost the inquiry.
Also, all new accounts allow me to see all pages within the first few minutes to half an hour. After that, the phishing login pages start and shuts down views to login, account activities, and other vital pages.
When I create a new account, the instant my phone number is entered I see a glitch in the screen. It seems like there is a flag of some sort on my phone number.
Anything containing the words Google or Gmail in the browser address bar is automatically followed or tagged or set for phishing pages.
If I try to change something or look into the registry/library/etc, there is a flash like a screen shot. I have no idea what that could be but I got better results when I entered these places and erased all traces of Google, Firefox, Chrome, etc. I still have problems with Safari. If I re-download other browsers, I seem to have more problems like they are being used for some sort of different attacking system.
The generic Gmail security information posted is not good enough. There are important things users can do to protect themselves but they have to do lots of research to find them.
I am at a loss right now. All my email is being accessed, no matter how many accounts I open. What do I do?
This is like having a world wide disease that impacts everything from school to work to health.
Either we don't have the right technology or we don't have the right consequences for these bad people.
There has got to be a safer alternative product out there.
Yes, those questions to verify the true owner... Actually, you can ask those questions wrong and still get an access.
I tried this in "password recovery" process, and they asked me bunch of questions, I intentionally answered all them wrong, except two email contacts (if you know the victom, or via SNS, it's easiest thing to guess, right?)
All the other questions - password you can remember; the time you open the account; etc, I gave them completely wrong answer.
But... those two email worked! I was able to hijack my own account. I don't even need to go to recovery email account, I could change the password on the spot.
I tried using different computer, different IP address, different browsers, does not matter.
All you need is two (may be one) contact. You can leave all the other questions blank or give them wrong answer, the account is yours!
Does it make you feel safe?
I wrote to Gmail security team but they don't seem to give a damn about it.
16 comments :
I'm a fan of the two-factor authentication Google uses. In encouraging others to use it, I'd love to be able to share statistics indicating its effectiveness. Can you share any numbers regarding the reduction in account compromises among people who use two-factor authentication.
I realize such a number would have selection bias, but it's better than nothing.
This just happened to one of our users today. I think this group of people should be called Spackers, for Spam and Hackers. They hack, then send spam.
Very nice.
I just got an email from noreply@googlesecurityteam.net that said:
================
Dear Member,
We noticed our security IP-Address detector as been disabled on your account,to avoid account been hacked or interrupted,You need to re-log in on the link below to update your IP-Address Security.
Secure is one of our most important responsibilities..
Click UPDATE NOW for verification.
Gmail Services Team
© 2013 Gmail LLC. All Rights Reserved.
=========================
Clicking on the link took me to a Google looking sign on page with the url: http://lakshyyaent.com/sites/g/page.gmail.com/gmail/Gmail/ServiceLogin.htm
Is this you or another hacking job?
2 STeps authentication,strong password,recovery option..Google still the best email
Well, this has happened to me a number of times now. My account was not only hijacked, but my websites cloned as well.
It has been suggested that some drug addicts hijacked my blog in order to use the Google adsense.
The templates on Blogger may have some flaws as well. On my account, my editing pencil. wrench and other editing tools do not show up, making it difficult to post and edit in my blogs.
Now, people keep getting me mixed up with the drug addicts who hijacked my blogs.
At the present time, it appears that I may be posting on the spoofed or cloned account and someone else has my account or is sharing it.
Google accounts appear to be hijacked often.
Antonia.
Thank you Google,I'll do my best to protect my Google account and I think Google will remain the best
I use google talk from the MacOS "Messages" application, and I frequently work from a commuter shuttle or remote site (frequently == daily). So basically every time I start Messages, Google flips out about suspicious activity and makes me go throug hthe rigamarole you describe before I can use my account. Is there any way to opt out of this for those of us who simply cannot guarantee an IP address, or do we have to avoid using Google Talk while on the road?
I use Google Talk via MacOS Messages, and I do this from a laptop that is, on a near daily basis, logged in from strange IP addresses. This results in me having to re-authenticate continuously. I'm wondering if there is some way to opt out of this due to the high volume of address-switching I do, or if Google would advise me to avoid using Google Talk from my laptop?
Seriously? Just check how bad written those messages are. They're not even proper English. And that URL has nothing to do with Google. Plus Google never sends emails saying click here to login they always display content on-site.
Thanks! I'm glad you're upping your security. I live up in Calgary, and its nice to know that my online stuff is protected.
Thanks for sharing some useful info related to Google update which will help us to identify the needed security for my site we are all expecting that.
A prolonged cyber attack targeted me by known woman cracker and IT corporate professional in the UK. After wiping jail broken IPhone (remote) and Mac BookPro, 2 weeks later she cracked
I
IPhone, ICloud, Apple ID- even after increased anti malware and security. A private investigator was hired after I cleared my name w/ Google following web browser hack to surf terrorist sites. Forensics report today. Perhaps enough evidence will have been obtained to prosecute and ID.
I am so upset...I have been locked out of my own account because of two step verification. I disabled it several times before on the same device, however, it always seems to ask for the codes which would be sent via text. The problems I have now are: my phone number has changed because of a recent move (didn't remember to update my Google info when I moved); my tablet device needed to have default settings reset for another issue with my bank and wiped out cache, passwords, etc.; and I have had my account for a long enough time that I could not recall when I opened it or remember who I email frequently because I mainly use it as a source for incoming newsletters, tradeshows, company updates,etc.; why can't there be a more relevant way to properly confirm that I am the true account holder? I have a vast array of personal things stored including drive docs, calendar, and other things I use each day not to mention contacts! There has to be more sensitivity for myself and others in a similar situation. It's very insulting to chase around the world of internet for answers, help, suggestions...and your company staff has been very rude to say I am screwed, no one can help, and that I need to open a new account! Does anyone suggest a good hacker??? What shall I do?
A Gmail account is set up with all known precautions in place via settings, Drive, Calendar, and external apps closed to prevent backdoor entry. Also the 2-Step verification is setup with backup email addresses and phone numbers.
Everything goes well for a very short time, then the 2-Step Verification codes are stolen and login phishing pages block activity.
The main issue is to find out how the attackers are attaching login phishing pages to Gmail login, Account Activities, Dashboard, and Security
The second concern is that if you are cautious not to use the phishing pages, then how do they login or piggy back when you log in. It feels like something is in place and it waits for login. Then after login things get changed. Notifications are turned off and Account Activity is blocked.
While attackers are in, they copy all the 2-Step Verification codes. This renders them useless. When I get locked out because of attacks, I just get routed to information pages and nothing else.
Sometimes I get the opportunity to use my backup email address. But when I do, the backup gets infected.
In the meantime, notifications are turned off and recent activity is blocked permanently. I am not savvy enough to know how to turn them back on.
The phishing pages to login with a password are useless. They don't lead to anything. They just take the password from you.
I don't know what to do outside of creating multiple gmail accounts and letting the hackers have some of the stolen ones. Other infected accounts were either abandoned or closed when they got recovered. I can't get my name back. Someone stole it a long time ago and I tried to get it back but I lost the inquiry.
Also, all new accounts allow me to see all pages within the first few minutes to half an hour. After that, the phishing login pages start and shuts down views to login, account activities, and other vital pages.
When I create a new account, the instant my phone number is entered I see a glitch in the screen. It seems like there is a flag of some sort on my phone number.
Anything containing the words Google or Gmail in the browser address bar is automatically followed or tagged or set for phishing pages.
If I try to change something or look into the registry/library/etc, there is a flash like a screen shot. I have no idea what that could be but I got better results when I entered these places and erased all traces of Google, Firefox, Chrome, etc. I still have problems with Safari. If I re-download other browsers, I seem to have more problems like they are being used for some sort of different attacking system.
The generic Gmail security information posted is not good enough. There are important things users can do to protect themselves but they have to do lots of research to find them.
I am at a loss right now. All my email is being accessed, no matter how many accounts I open. What do I do?
This is like having a world wide disease that impacts everything from school to work to health.
Either we don't have the right technology or we don't have the right consequences for these bad people.
There has got to be a safer alternative product out there.
How do you stop such attacks?
Thank you for your help.
Yes, those questions to verify the true owner... Actually, you can ask those questions wrong and still get an access.
I tried this in "password recovery" process, and they asked me bunch of questions, I intentionally answered all them wrong, except two email contacts (if you know the victom, or via SNS, it's easiest thing to guess, right?)
All the other questions - password you can remember; the time you open the account; etc, I gave them completely wrong answer.
But... those two email worked!
I was able to hijack my own account. I don't even need to go to recovery email account, I could change the password on the spot.
I tried using different computer, different IP address, different browsers, does not matter.
All you need is two (may be one) contact. You can leave all the other questions blank or give them wrong answer, the account is yours!
Does it make you feel safe?
I wrote to Gmail security team but they don't seem to give a damn about it.
Post a Comment