Slashdot Mirror

← Back to Stories (view on slashdot.org)

Escalating Gmail/Spamming Attacks

Posted by kdawson on from the be-careful-out-there dept.

We've been getting submissions about an uptick in compromised Gmail accounts in the last few days, but nothing that could be substantiated. Robert McMillan did a bit of digging and now reports in PC World that "Google is investigating a growing number of reports that hackers are breaking into legitimate Gmail accounts and then using them to send spam messages. The problem started about a week ago but seems to have escalated over the past few days. ... [I]n forum posts, Gmail users note that the hackers appear to be sending spam via Gmail's mobile interface — which gives mobile-phone users a way to check their Gmail accounts — and wonder if there may be a bug in the mobile interface that is allowing criminals to send the spam. ... Google says there's no Gmail bug. ... 'Spammers may sometimes use a mobile interface to access accounts they have already compromised because it's simpler for bots to use this method at large scale.'" Here's how to tell if your Gmail account has been accessed by bad guys, and what to do about it.

4 of 139 comments (clear)

  1. Got mine too by gander666 · · Score: 4, Informative

    And I had a pretty secure password. Now it is much more secure.

    I got lucky, noticed the odd activity (from Texas no less) and jumped all over fixing it.

    --
    Suppose you were an idiot and suppose you were a member of Congress ... but I repeat myself. - Mark T
  2. Happened to me last week by tylersoze · · Score: 3, Informative

    Yeah this happened to me last week and had a secure 8 character password made up of random letters and numbers. I'm not sure if it was a hack or maybe I just got sloppy and used that same password on some other site were I also provided my e-mail and they somehow got it that way. I'm not sure if I had the SSL setting enabled because when I went to set it, neither the http or https radio button was set. I had also just written up an automated perl server monitoring script a few days before that would use the account to send an automated message (via SSL) but that could have been coincidental, who knows? All they did was send Viagra spam to all the contacts. I immediately changed the password and also made the security question/answer nonsense since I can remember my damn password. Only check the mail from my Macbook or iPhone.

  3. Re:Happened to one my accounts as well by icebraining · · Score: 3, Informative

    I would imagine a spammer wouldn't just brute-force random accounts?

    GMail shows a captcha after a few tries.

    --
    Dilbert RSS feed
  4. Re:/me too by DKalkin · · Score: 3, Informative

    obnoxiously there's no way to report the incident to google. all the help stuff is self-serve and the "send feedback" link is a closed beta.

    It's irritatingly hard to find, but there is a way to report it. http://mail.google.com/support/bin/answer.py?hl=en&answer=50270 My significant other's account got hijacked yesterday and Google did react less than half an hour after we filled out the form.