Avoiding the Gmail Scam cracker
A “cracker” isn’t a southern derogatory term – it’s someone gaming a computer or Internet system (or both) for personal and nefarious gain.
What brought this to me was an email from an associate, who was reportedly over in London (suddenly) and had been robbed a gunpoint – now needing a wire transfer. Which, of course, I’m too happy to help with, even though my savings are hardly enough for myself these days.
But I was given Western Union’s web address and went to their site to find locations. While there, I then looked up their page on fraud. And that page matched in their description what I had received in email:
Hello,
I’m sorry for this odd request because it might get to you too
urgent but it’s because of the situation of things right now, I’m
stuck in London with family right now, i came down here on vacation ,
i was robbed, worse of it is that bags, cash and cards and my cell
phone was stolen at GUN POINT, it’s such a crazy experience for me, i
need help flying back home, the authorities are not being 100%
supportive but the good thing is i still have my passport but don’t
have enough money to get my flight ticket back home, please i need you
to loan me some money, will refund you as soon as I’m back home, i
promise.Thanks
And of course none of that occurred – my friend was busy working on his meditation and marketing in a nearby town. He emailed me shortly after to tell me so.
Of course, this got me curious how it could have happened.
The Gmail scam hack heard ’round the world
The exploit for Gmail hacking was posted some time ago, as covered at GHacks.Net
But even though that’s nearly a year ago, it is apparently still possible to get your gmail account hijacked.
And the result of this can be very hazardous to professional business, as David Airey found out last summer when his business domain was moved after he left on vacation – however, due to the outpouring of friends and strangers willing to help him, he got all of his domains back and is piecing back his SEO standings (and hopefully that is accomplished by now).
What you can do to protect your gmail account
Essentially, the way they get your data is to hack into your gmail account when you browse online – a filter is inserted into your gmail through some web-designed sabotage, which then forwards anything with “password” over to that site.
Some solutions:
- The trick is to not be logged into your Gmail account at all times. It’s that “sign in” button over at the end of your Google Toolbar. Keep logged out except when you are actually accessing your email. And don’t browse with your gmail tab open.
- Another solution is to use Firefox and search for security plug-in’s which detect fraudulent websites.
- And many say not to use Gmail for your business traffic at all. If you have webhosting, it probably also has free email accounts which you can set up and manage yourself
- If you do use Gmail, some say to access it through Thunderbird or similar, like you would if it were a hosted account. Never access through your browser.
- My friend also had his Yahoo account hacked at the same time. And since that was his backup email, it was difficult for him to regain access to his Gmail account. So your back up should be a non-freebie email provider.
- This exploit apparently only (hopefully) works over wireless – and the workaround is to check gmail through a client rather than directly.
- Always use https://mail.google.com – and log out each time.
Of course, this rolls into best business practices, that you check your email on a set schedule and then get out of it and not spend time chatting away all day. And check out ITPro for their take on best business practices for this.
Your own simple precautions are as above – and add to this to check any filters you’ve set up in Gmail to be sure that they are all yours.
That this exploit has been known about for a year and is still effective is not good news.
But now you know…
