Gmail account hacked

[LongTimeLurker]

I received a 'phone notification from Google that someone has logged-in to my account from a new device and I should log-in to change my password.

 

When I got home to my computer I was unable to log-in to my account, password obviously changed by the hacker.

 

So trying to use Google's "Recover my Account" service I first have to log-in to my Google account (<deleted> is that about?! I can't log-in otherwise I wouldn't have a problem!). Anyway they asked an account verification question and then told me it was the wrong answer, like I can't remember my father's middle name???. I presume this has been changed by the hacker also.

 

So my question is, how do I contact Google to tell them my account has been hacked? I can't find any email addresses for them, or 'phone contacts, or anything.

 

Fortunately the account is not my main email account and is just used for me having to sign into sites using a Gmail account. However I recently got a new 'phone and I synced all my stuff from the old 'phone to that Gmail account so I could access it on my new 'phone (but never did, I recovered it from my Samsung account). Will this info be accessible to the hacker? And what information would it contain?

 

TIA

[OneMoreFarang]

1 hour ago, LongTimeLurker said:

I received a 'phone notification from Google

Are you sure?

That is how many hackers get the information. They send a mail which is supposedly from your provider. Then you click on a link and enter your real information and that is the moment when the hacker gets your data.

Maybe that was not the issue in your case but I think all readers should be aware of this.

 

In terms of recovering your account and information: Go to the official Google page and try to answer all their questions. If you are lucky you will be able to recover your account. But maybe not. I know several people who were not able to recover their account.

 

Good luck!

 

[covidiot]

have you tried support.google.com ?

then choose Gmail 

 

 

[Dan O]

Are you sure the call came from google/Gmail?  Hackers have now started to clone the phone number I'd from legitimate companies and pose as those companies to get you to answer them and disclose security info.  It's a classic, we discovered hacking or fraud and need you to confirm info. They also clone website pages in emails with what look lake correct website to get you to Input your security info. Zelle and td bank are have this problem currently. Most valid companies dont ask you for your security questions on the phone, they use address, last 4 # of SS or a security pin sent via text message to your  phone number on file

 

 

 

 

[katana]

9 hours ago, LongTimeLurker said:

However I recently got a new 'phone and I synced all my stuff from the old 'phone to that Gmail account so I could access it on my new 'phone

Is the new phone an Android one with a Google Account? Maybe the new phone logged in automatically when you turned it on.

[catturd]

Sounds like you are a victim of a "phishing" scam and NOW your gmail account has been compromised.

 

Stop using GMAIL and use a secure email service that offers encryption and consider this a lesson learned in email security. Be advised gmail can and does READ ALL your emails. Why u think they are banned in China, they are spying on EVERYONE.

 

[richsilver]

Absolutely!  I'm certain that Google employs millions of workers to sit in little cubicles to READ ALL our emails.  I hope they find mine interesting.

 

Gmail does, in fact, support encryption.  Furthermore, using a secure email service would not have prevented the problem here if indeed it was phishing.  Google has no interest in spying on anyone, I'm sure.

[johng]

5 hours ago, catturd said:

China, they are spying on EVERYONE.

 

Yes agreed  but all countries spy on their citizens and anyone else they can get away with .. "for your own safety" 

of course ????

[johng]

6 minutes ago, richsilver said:

Google employs millions of workers to sit in little cubicles to READ ALL our emails

They have an "AI algorithm"  which would flag up  certain "interesting"  emails for  deeper inspection.

[richsilver]

And exactly how do you know that Google has "an "AI algorithm"  which would flag up  certain "interesting"  emails for  deeper inspection"?

[phetphet]

Can't help you with accessing your account, but as others have said, it could be a phishing scam. Fell for one myself.

 

What you can do to help protect yourself, is get a password manager. i.e. 1Password, Dashlane, LastPass among many others.  They will generate long, difficult to hack passwords. You only have to remember one long password of your own choice to access the app. That along with 2 Factor Authentication (2FA) should offer much better protection.

 

HTH

[DaLa]

9 minutes ago, phetphet said:

Can't help you with accessing your account, but as others have said, it could be a phishing scam. Fell for one myself.

 

What you can do to help protect yourself, is get a password manager. i.e. 1Password, Dashlane, LastPass among many others.  They will generate long, difficult to hack passwords. You only have to remember one long password of your own choice to access the app. That along with 2 Factor Authentication (2FA) should offer much better protection.

 

HTH

I have used an mnemonic for the last 10-15 years that enables me to recall all my 50+ passwords. Much similar to what you describe.  I find it really annoying though when an organisation messes up my system.  For example they place a limit on the number of character or insist I use a special character that does not fit my encryption.

 

I find it laughable that some of my  passwords with 12 characters , thus 50to the power 12  (50^12 = 2 4414062500 0000000000 combinations) only obtains a score of 'FAIR'  from their security perspective.

[moogradod]

If you are using IMAP - where your emails are stored on the Google email server -, then create a local folder in your email client on your PC with subfolders for In- and Out-Emails for each important email adress you have. Then just backup ("copy to") to these folders from time to time and you will have the emails stored on your PC instead on the mail-server of Google.

 

As you would as well backup your whole PC to an external harddisk from time to time (I hope for you) these backups would then be saved as well in a security copy of your email profile.

 

If you have a NAS server you can easily create a makro that saves your email profile to this server for offline storage using even free (but extremely excellent) programs like FreeFileSync that you can download from the net.

 

Besides I am as well convinced that Google reads everything you write and receive. Of course there are not people reading the texts but large server farms do that automatically. Same for telephone calls by the way. At least the American Government is doing this - has been in the press and on TV. So do you think other big nations would not do the same ?

 

There are fabulous email services available that could avoid at least the email part. One example is the Swiss based Protonmail. For telephones you should better be a member of the secret service having access to encrypted telephone gear.

 

Do not forget your browser and search engine, either. Google reads and stores some of your search data. DuckDuckGo for example does not.

 

So at least you can prevent that you loose some important emails. Avoiding being hacked is again a different matter. There are various methods to strengthen Password Security as was partially pointed put above already. Then there is the service "haveibeenpwned.com" to check if your data have been compromized in a larger known attack.

[worgeordie]

1 hour ago, richsilver said:

And exactly how do you know that Google has "an "AI algorithm"  which would flag up  certain "interesting"  emails for  deeper inspection"?

I thought that was the CIA's job, or is it NSA ? ????

regards worgeordie

[johng]

16 hours ago, richsilver said:

And exactly how do you know that Google has "an "AI algorithm"

 

How do you know they don't ?  if they don't ( I suspect they do) then some other "agency"  surely has.

 

15 hours ago, worgeordie said:

that was the CIA's job, or is it NSA ?

 

Exactly, if Google isn't doing it themself then one of those others agencies will be doing it  maybe even on Google servers  with or without their knowledge/permission..that's what they do  spy on people !

 

15 hours ago, moogradod said:

Besides I am as well convinced that Google reads everything you write and receive.

 

Me too.

[fdsa]

google reads your emails for marketing purposes (automatically builds a top of keywords used in your messages to show relevant ads)

nsa reads your emails for terrorism purposes (if you write anything pro-Trump or agains BLM then expect consequences)

 

google:// snowden leak

 

 

[LongTimeLurker]

On 5/7/2021 at 3:20 PM, OneMoreFarang said:

Are you sure?

That is how many hackers get the information. They send a mail which is supposedly from your provider. Then you click on a link and enter your real information and that is the moment when the hacker gets your data.

Maybe that was not the issue in your case but I think all readers should be aware of this.

 

In terms of recovering your account and information: Go to the official Google page and try to answer all their questions. If you are lucky you will be able to recover your account. But maybe not. I know several people who were not able to recover their account.

 

Good luck!

 

 

Not sure actually, but I AM sure that I have not set up my 'phone number for use with this 'burner' account.

 

BUT, I don't access emails on my 'phone so it was when I got home that I tried to access Gmail on my laptop.

[OneMoreFarang]

10 minutes ago, LongTimeLurker said:

 

Not sure actually, but I AM sure that I have not set up my 'phone number for use with this 'burner' account.

 

BUT, I don't access emails on my 'phone so it was when I got home that I tried to access Gmail on my laptop.

ok

 

the big question (in your case and in general) is: Did you access Google the way you always do it, i.e. with a button or you type in google.com? Or did you follow a link which you received in a mail?

 

Security tip: Never follow any links in mails like that. Always connect manually or with a link which you are sure is correct. If i.e. Google has something to tell you then they will tell you when you logon to their official site.

[LongTimeLurker]

On 5/7/2021 at 6:44 PM, covidiot said:

have you tried support.google.com ?

then choose Gmail 

 

 

 

Yes, the first thing I tried and got nowhere with it.

 

BUT

 

I tried it just now and WAS able to recover my account.

 

Seems that Google blocked the attempt to sign in with my password as it was on an unfamiliar device, although from the way their message was written, the password was correct.

 

So, thanks to your suggestion, I tried again and it worked.

 

THANKS

[LongTimeLurker]

Problem solved now guys, thanks for all replies.

[gamb00ler]

21 hours ago, richsilver said:

And exactly how do you know that Google has "an "AI algorithm"  which would flag up  certain "interesting"  emails for  deeper inspection"?

Perhaps he's just projecting what he would do.