Stop your Gmail account being hacked into by scammers
This time, hackers picked the wrong uncle to target.
My grown-up niece Rachael is somewhere in South America. She's there with her long standing partner, now fiancee. Both lawyers, they decided to take some time out before the serious stuff of organising their wedding.
There's normally no reason why Rachael gets in contact with me other than to wish me “happy birthday” or to say hello on one of her rare trips to London (she lives and works in the far north of England). This is usually in person on the phone.
But yesterday, while I was searching my emails for the latest press release from the Insolvency Service warning against landbanking scams (at least £30m lost so far and that's probably a massive underestimate as many victims are too ashamed to report their loss), I found one from Rachael. In fact, I found two – one in each of the mailboxes I use daily.
This surprised me. She doesn't normally send me emails. And why would she send me two?
So I decided to look more closely.
What the hackers sent
The first was headed “Hey tony we haven't spoken in a while”, it went on to say “heard you were looking around for a job”, pointing me to the website of something called London Business Journal.
This is not a publication that I had ever come across. And, strangely enough, neither has Google. But more of this magazine later. The first problem to solve was why was Rachael sending me this link.
The second, a minute later, a second arrived. It said: “Hey Tony how have you been? as soon as i started this my life changed in an instant.” The link here also goes to the London Business Journal.
The clue lies in the fact that it arrived in both email inboxes at almost exactly the same time. For the sad fact is that Rachael's Gmail account has been hacked and all her contacts taken for this message. Rachael is not alone.
Gmail account hacking is rife
Late last year, I wrote about my friend Lynne whose Gmail account was also hacked, resulting in all her contacts receiving an email headed “Terrible news” which purported to report how she was in London, penniless and passport-less following a robbery. The email invited her friends to send her money via Western Union. At the time, she was living in the US but, even if she had been in London and robbed, she has enough resources not to need to send out emails begging for help. Any cash sent would, of course, be collected by the scammers.
During the past few days, The Observer reported the case of journalist Rowenna Davis whose Gmail account with 5,000 names had been hacked. Each one was sent a message saying she had been attacked and robbed at gunpoint in Madrid. The phoney message said she had lost her phone, credit cards and money. A Western Union account had been set up in her name to receive money sent to “help” her.
Needless to say, Ms Davis had not been attacked nor had she been in Madrid.
During this period, she was unable to use her email – the hacker later offered to sell it back to her for £500. At least, my false Rachael did not ask for money.
Instead, both links led to a series of home-working and money generating machine scams – all promising instant money. The London Business Journal, which promises “making money has never been so easy” oddly, uses dollars for all the amounts it claims you can get. It says “single moms and teenagers are making money from home”.
Hacking into Gmail and a number of other email accounts is not too tough. There are even videos on youtube which claim to show you how to get into an account and steal passwords and names.
The probability is that my niece's account was broken into because she had used it at an internet cafe or dodgy hotel – when you are travelling around, you often have no alternative. It remains to be seen in what state her email will be when she finally gets it back.
Stop your Gmail account from getting hacked!
Following the targeting of Gmail accounts by hackers, Google has created a new measure you can take to protect your Gmail account from hackers.
It’s called ‘two-step verification’. It adds an extra layer of security to your account, so that as well as needing your password to log in from a computer, you will also need a special code that is sent to your mobile phone.
If you click ‘remember verification’, you won’t need to re-enter the code on that particular computer for 30 days. But if you attempt to log-in from another computer, you’ll need your phone with you in order to get a code again, or you won’t be able to log-in at all. So it’s perhaps a bit inconvenient. That’s the price you pay for peace of mind!
As for ensuring you don’t fall for this scam - the best advice is that if anything arrives from someone you know which looks wrong, then it is wrong. Don’t respond!
Follow me on twitter @tonylevene1