At first, I thought it was funny. Here’s a friend sending me a goofy e-mail about being stuck in Nigeria and needing cash. Ha ha. Nice joke. So, I replied with a similar message about being in a South African prison and needing money to bribe the guards.
Well, it turns out that it wasn’t a joke. No, she’s not trapped in Nigeria, but instead the e-mail that came from her Gmail account was from a hacker. Apparently, many Gmail accounts have been hacked into. D’oh!
I’m relatively computer savvy, and I always pay suspicious attention to e-mails that seem to come from friends and relatives on other e-mail accounts. Yet, somehow, I was blindsided by this. Somehow, I thought Google was above being hacked or something? Sheesh.
Of course, this goes way beyond a simple prank e-mail. Thanks to Google’s insistence that you never need to delete anything and the convenience of having all your stuff accessible online, most people have years worth of e-mails in their archive folder. Emails with bank account numbers, usernames, passwords, other e-mail addresses, friends and family names and numbers and addresses… My friend immediately went to her eBay and Paypal accounts and, sure enough, there was unauthorized activity using her Gmail address.
So, here’s what you need to do (immediately):
- Change your Gmail password to something stronger than your cat’s name.
- Install PwdHash to encrypt your password everywhere online!
- Always use Firefox and install the CustomizeGoogle add-on. This add-on has a cool option to make sure you’re always accessing Gmail using a secure (https) connection.
- Remember (or change) your secondary email address or your security question in Google, so that you have a way back into your account when the hackers change the password.
- Backup your Gmail account data.
- Never archive emails that contain passwords or other sensitive data. Clean up the trash bin of those too!
There are some other good suggestions (and horror stories) in this thread.