someone has hijacked my email account

alositha

Hi All
My email account has been taken over by some one. It is a Gmail account, I tried the forgot password option to reset the password but was unsuccessful as I can not remember my answer for the security question. I contacted the google security team about two weeks ago but there is no reply from them. As i did not use my secondary account which is a hotmail one since i opened the gmail account I can not access the reeset email sent to me by google.
Can some one please help/advise me how to resolve this. Is there a telephone number for google?
Thanks very much

fwor

Unless the Gmail address is known to lots of people, I would just abandon it and start afresh. It may help to advise Google that you have evidence that it has been hijacked and is being used for fraudulent purposes (but don't hold your breath waiting for a reply!) so that it doesn't sit there as a "black hole" forever.

Start again with one of the email addresses that your service provider bundles in with your access contract and choose a password which can't be guessed! People with bad intent can do "dictionary attacks" on your account, which try many thousands of common words, names, etc so you need to make it hard for them.

If you can, set up several email addresses, but reserve one that you only give to your friends, and is never used for internet forums, etc. This should minimise the amount of spam you get on your most important email address.

BritBrat

Just hope you don't have any debit/credit cards associated with it for use with Google Checkout.

I think it's best to delete them and add them for one use at a time.

ladymarmalade

If oyu have made transactions and have the emails in your gmail account I would cancel your cards and get new ones.

Is there a number you can call to contact the google team or is it just an emali?

JustPassingBy

alositha wrote: »

Hi All
My email account has been taken over by some one. It is a Gmail account, I tried the forgot password option to reset the password but was unsuccessful as I can not remember my answer for the security question. I contacted the google security team about two weeks ago but there is no reply from them. As i did not use my secondary account which is a hotmail one since i opened the gmail account I can not access the reeset email sent to me by google.
Can some one please help/advise me how to resolve this. Is there a telephone number for google?
Thanks very much

You're going to have difficulties resolving this unless Google get back to you. Email again. There is a telephone number on their website but it is intended for advertisers.

Does a Hotmail account lapse if it's not used? I hadn't realised that. Bit of a downer.

Brian.

JustPassingBy

fwor wrote: »

People with bad intent can do "dictionary attacks" on your account, which try many thousands of common words, names, etc so you need to make it hard for them.

Google defend against that. After a certain number of unsuccessful attempts to gain access to an account (20?) it presents a CAPTCHA. That will curtail an automated attack. I haven't the patience to find out how many more failed logins it will tolerate from a non-automated attack before it refuses to co-operate.

BritBrat

Just use strong passwords:

46p7bX2GjF7e9gFX7QbD
2N67XLnP9HxoD67863AM
MzG759hgPoGh6Whcr56F

And if you really want to make sure use stronger ones:

$u*5Y4%K5X*$RzR7n95NQ&
48bFRHDfYBbq9^F92fE58F
[EMAIL="n*!fu4UN6@298gzPrJZ2r6"]n*!fu4UN6@298gzPrJZ2r6[/EMAIL]

C_Ronaldo

Wy do people hack email accounts,

JustPassingBy

C_Ronaldo wrote: »

Wy do people hack email accounts,

Fun, monetary gain, malice, peer acclaim, being bored, social manipulation etc. Your guess is as good as anyone else's.

What is more interesting is how common it is and, when it does happen, how it is done. Brute forcing the password appears to be the least likely method. Google enforce a minimum of 8 characters for the password. To break it would require an awful lot of typing from the keyboard. That's assuming the system doesn't chuck you off after a couple of years of trying.

Brian.

fwor

JustPassingBy wrote: »

Google defend against that. After a certain number of unsuccessful attempts to gain access to an account (20?) it presents a CAPTCHA. That will curtail an automated attack. I haven't the patience to find out how many more failed logins it will tolerate from a non-automated attack before it refuses to co-operate.

Well Ok, they've done something, but that's not exactly a very strong defence. After all, if they set up an automatic checker which ran through a list of email accounts and tried "liverpool", "password" and "12345678" it would almost certainly get into more than 1% of them for a start!

If they just used the 19 most commonly used passwords, I would reckon they would easily get their success rate to
1 in 50.

Just because there are some (rather weak) countermeasures in place is no good reason to have a poor password. If you have trouble remembering them, use something like Keepass (open source & free)

http://keepass.info/

and protect that with a long passphrase.

(BTW, I do agree with your point that brute force attacks are probably in real life quite rare, but again, that's no reason to choose a weak password)

alositha

Hi Every one

Thanks very much for all the advice.

It is Long story but please read it as It may be you next. You never know.

Google emailed me this morning with reset information. I managed to reset the password. The email account is under my control (I hope). I reset all the passwords in my bank accounts email addresses and user forums. I did that at work. I formatted both my laptop and desk top just come back online and thought to share my experience with you.
By looking at my email account today I initially thought it was not used by anyone as there was 220 odd uread emails on my account. But by going back to the day I lost my control over the email account I found someone has contacted one of my contacts in Hongkong who I bought some stuff to sell from. The person who stole my account has tried to send some money or goods to NIGERIA but fortunately my contact in Hongkong has not agreed to do so.
What has actully happened was I started selling some items on Amazon recently and I received an email through Amazon asking for product details which I replied to. Then I received an email from Amazon saying "SOLD AND Dispatch Now" which is a usual email you get once you sold an item on Amazon. By reading the email I honestly thought it was a genuine one and the dispatch address was one in NIGERIA. I was worried thinking how I am going to do this because you never know what sort of problems you would come accross sending items to NIGERIA and I also have heard about Nigerian Scams before. Therfore I contacted Amazon for some advice ie how to maka refund but they advised me that these emails are fake emails and advised me what to do when selling and dispatching.
Anyway after couple of days getting those fake email I lost the control over my email account for nearly two weeks. I am praying that they haven't duplicate me.
I need more help from you.
1. Is there a organisation/telephone number where I could get some advice.
2. Can someone advice me reliable software that i can install to prevent these sort of phishing activities(I think it may be malacious programme installled somehow in my computer as my passwords can not be easily guessed as they have a name followed by some numbers).
Your support is greatly appreciated.
Thank You very much
Nuwan