In coming paragraph you will get familiar with few common techniques used by hacker to hack your online accounts in common and Gmail account in particular.After that I am going to tell you what to do or not to do to protect your account and best practices to safeguard your Gmail.I will conclude with what should you do if your Gmail account is hacked.
Common hacking modes for Gmail account
- Keylogger – Keylogger is a software which is installed on a system to log key pressed. There are commercially available key logger in the market as well as a hacker may introduce a keylogger via Trojan, infected USB device etc. Key loggers can be installed on a system in a rootkit mode where you can’t see it in Windows taskbar.Additionally, these keyloggers can be configured to send log file using mail via SMTP.
- Phishing – Phishing is most common method, to hack online passwords. In phishing a hacker sends email with link of a similar page you may see while logging to Gmail,however it would be not hosted by Gmail servers.Most likely, the link of Phishing site will be again on some hacked website.As soon as you enter login and password in such page hackers gets your password.
- Firefox Saved Password – If you have accessed your Gmail account on shared computer or a friend’s PC and saved password offered by Firefox, this can be read using Firefox Tools –>Options—>Security—>Saved Password screen.All one has to do is click on “show password”.
- Using simple security question is Gmail account – Google offers 5 default question and 6th option is to have your question. Five default questions in Gmail account are
- What is your primary frequent flyer number – This question is good only if you have one.
- What is your library card number – This is the info many will have access to,not good at all.
- What was your first phone number – Again this is more or less a public information, people can do “people search” to find out all your numbers, possibly one of those is your first phone number
- What was your first teacher’s name – Anyone who has studied with you or if someone has done social engineering to find it out can guess it with some effort.
- What is your father’s middle name – Again very weak hint.
- What is your primary frequent flyer number – This question is good only if you have one.
- Getting password from less secured websites – Many people have habit to use single password everywhere Gmail, forum, small websites etc.Most of the website keeps your password in encrypted format. These password can’t be reverse engineered practically. But some of the website keeps password in clear text. How you can know if a website is preserving password in clear text.. When you choose forgot password option in websites that offers you to tell your password are for sure keeping your password in clear text.Generally, if a password is not saved in clear text website will give you option to reset password and would not send you your password. Now, suppose you share same password with a website that saves password in clear text as with Gmail account password,chances are someone who has access to user database on that website may steal Gmail password as well.
- Man in the middle attack – A hacker can intercept your communication between browser and Gmail servers using packet sniffers.They in turn can read “Session Id” used for a particular communication. Once a hacker succeed in doing that he can use your Gmail account without knowing your password.This kind of attack is possible in public wi-fi hotspot or if you have unsecured wi-fi setup at your home.
10 Best Practices to protect your Gmail account
- Update your software and antivirus program – You should update your OS, programs like MS office, Firfox, Adobe acrobat reader etc to keep it updated with current version. This will secure your from known vulnerability in software. Hackers do target a security vulnerability once it is known. Also, use a decent antivirus, there are so many options available in market but few are better than others.
- Don’t open files sent to you by unknown source – Hackers may install key logger etc by sending you executables, pdf file etc. So never open these files.
- Don’t install cracks etc from website or torrent – Cracks available on internet and torrents are full of spyware, keylogger etc. Unless you know what you are doing never use those files. They install spyware and root kits on your system.
- Secure yourself from Phishing attacks – When you get a link in email or Orkut or Facebook, make sure it is from genuine source.A hacker might send you link to something and ask you for login/password of Gmail.Site look and feel would be same as Gmail login screen but it will be not hosted at Google servers. Whenever you enter critical information like login/password, Credit card,Bank account etc make sure you check the address bar in your web browser. Its possible a page which looks similar to Gmail might be coming from something like following:
http://www.example.com/scripts/website/gmail/image/login/gethim/login.php or even bigger address.You are warned not to put your login password etc in these websites.
- Don’t save password in Firefox – This is particularly true if you are using a shared computer. Also, in case you are using a cyber cafe make sure you never saved password for your Gmail.
- Create your own security question is Gmail – As illustrated earlier Gmail default security question can be guessed with some effort. It is highly recommended to create your own security question whose answer is known to you only.This will be helpful in resetting your password if hacker has not modified your security question.For an example if you like banana just have a security question “fruit” and not your “favorite fruit”. Google have guidelines for security questions as well.
Picking a good security question and answer:
- Choose a question only you know the answer to - make sure the question isn't associated with your password.
- Pick a question that can't be answered through research (for example, avoid your mother's maiden name, your birth date, your first or last name, your social security number, your phone number, your pet's name, etc.).
- Make sure your answer is memorable, but not easy to guess. Use an answer that is a complete sentence for even more security.
- Choose a question only you know the answer to - make sure the question isn't associated with your password.
- Have a different password on other websites – You might be visiting forums, dating sites, job sites etc. Don’t have same password on those sites with that of Gmail.This will protect you from your Gmail password, it will be safe even if database of those sites are hacked given they save password in clear text.
- Enable https on you Gmail account – A man in middle attacker may intercept your session id and access Gmail account. Enable https option in your Gmail. This may slow down your Gmail a little bit. So if you are using a slow dialup connection you may not like it. But if you access your Gmail from wi-fi hot spot its recommended you turn it on. Also, if you access your Gmail mostly on broadband you not feel the difference. To enable https access use following instructions.
- Log in into your Gmail account
- Click on the link “settings” – You will find it at the top right hand side of the page once you logged in.
- On “General” tab look for the section “Browser Connection”
- Check radio button “Always use https”
- Go at the bottom of the page and look for button “Save changes”
- Click on “Save Changes”
- Log in into your Gmail account
- Have alternative email and mobile number on your account – Google have option to have alternative email address and phone number in your account. Please do configure it and have a email id which has a different password and you don’t access it often.However, these options are only good to reset the password if hacker has not touched your alternative email id and mobile number. It’s entirely possible that hackers have got your password but they have not changed it but just monitoring you. You may change (configure) these setting by accessing following link https://www.google.com/accounts/UpdateAccountRecoveryOptions?hl=en
- Forward your some of the important mails at another email account – Preventive measures are good. If you have not deleted your old emails send your some of the mails to a different email id. The mail you should choose to forward is the mail you got from Gmail when you signed up.The mail you get from Orkut when you signed up.THIS IS MUST DO FOR EVERYONE.This will be useful if you Gmail ever gets hacked.Better safe than sorry.
How to know that your Gmail account is compromised
- Password is no more working – When a hacker changes the compromised account’s password, your password will not work.You will know instantaneously as you can’t login. However, when hacker is just monitoring you he may not change the password.
- How to know that account is compromised when password is working -
- Some of your mails are read even when you have not read it
- Go to “settings” –> “Forwarding and POP/IMAP” – In the “Forwarding” section does “Forward a copy of incoming mail to” is configured to some mail id of not yours? It means account is hacked.Change password immediately.
- Does POP/IMAP is enabled and “POP is enabled for all mail that has arrived since DATE”.Where date field is not blank even if you are not using POP.
- At the bottom of Gmail page, Gmail gives you last account activity information. If you have something like below,it normal.It says you di d something with your Gmail 2 hours ago on this computer.
- Some of your mails are read even when you have not read it
- Now Let’s see what is different in picture below. It says account is open in 1 other location whose public IP is 118.95.14.91.That is suspicious unless you have opened another Gmail session on a different machine or Gmail in another browser.Even if it says last account activity at 8.8.8.8 or some think like that, you may check it if you opened the account from office or other location.Generally if you are using an ISP the first 2 portion of dotted IP Address will remain same.This will change if you are using it from office at day time and at home in evening.
- How to do an IP address lookup and find where my Gmail has been accessed from? There are sites which shows your IP address on internet.I will use http://www.4321.in website for further explanation.Go to the website, below the main widget in page, it will have string like “NQ Client Info - IP: 118.95.14.91 - OS: win xp - Browser: fx 3.6.3”.Where 118.95.14.91 is my IP visible on internet. This IP address belongs to my ISP. To query more about this IP address.Click on the “tab” ,” whois IP”.By default it will fill the text box with IP address you have accessed. Now click on > button.For me it brings like following information.I am copying pasting first few line here.It shows IP belongs to organization SIFYNET. They are my ISP. So I am satisfied.
% [whois.apnic.net node-2] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html inetnum: 118.94.0.0 - 118.95.255.255 netname: SIFYNET descr: Sify Limited descr: Chennai, India country: IN admin-c: HS51-AP tech-c: HS51-AP remarks: remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+ remarks: This object can only be updated by APNIC hostmasters. remarks: To update this object, please contact APNIC remarks: hostmasters and include your organisation's account remarks: name in the subject line. remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+ changed: hm-changed@apnic.net 20070827 mnt-by: APNIC-HM mnt-lower: MAINT-IN-SIFY status: ALLOCATED PORTABLE source: APNIC
- No suppose IP address last accessed or open at other location belongs to someone on different ISP or in a different country, I have reason to believe that my account is compromised.What should I do in these situations, I should run a virus/malware scan on my computer and change my password and security questions immediately.
- Now Google has even provided a better solution.In the images shown above there is a link called “details”.Go Gmail pagea dn at the bottom try to locate it and click it.For me it brings following information.First column always says browser, as I only access Gmail from web. I am safe. If you see other access method like POP3 while you don’t use POP3 you are compromised.If you see different IP addresses in second column,try to do lookup as explained earlier using http://www.4321.in .Google has a good guide about how to use this information. Last activity information.
- Google sends suspicious account activity alert as well.I have not seen it so far,but have you got one?
What to do after account is hacked
- Account is hacked you do have access to your Gmail account – Run a spyware and virus scan on your computer.Once its complete, change password and security question of the account.
- Account is hacked and hacker has changed the password – This will be useful when hacker has changed your password but not security question or secondary email address in your account. Follow the link.
- Account is hacked and hacker is changed secondary email as well as security questions – In these situation the email forwarded to secondary accounts will be useful.Remember, I have recommended “Forward your some of the important mails at another email account”.You will be asked when you signed up for account.When you activated the 4 different services on Google.Use this link to request Google for assistance.
great sirji....
ReplyDeleteGood you like it.Amitava
ReplyDeletethank u.. dat was really hlpful..
ReplyDeleteDear friend please tell me how to my friends gmail password pleaase help me my friend
ReplyDeletegud yar
ReplyDeleteLovely !! :) :)
ReplyDeleteReally works thanks for this stuff really good
ReplyDeleteDear Sir,
ReplyDeletethis is my pleasure to meet you through this blog it's have so useful info for all the gmail user.
thanks for shareing the info with all of us
very nice, u've been of help to many ppl. Appreciated..
ReplyDeleteGood but tell how to hack it
ReplyDeleteThanks a billion!
ReplyDeleteNot so easy to hack my account cmajor07@gmail go ahead and try it :) you will not succeed.
ReplyDeletehey frnds plz help my frnd to get password back plzzz
ReplyDelete