Sunday, June 2, 2013

Message: Your G-mail has been hacked

Synopsis:  GMail has been hacked is a scam

An SMS text message from number 18184735086 (1-818-473-5086, or other numbers),

Message #90261: Your G-mail has been hacked. Text back to VERIFY to take a call to reactivate your account. 

Or Your GMail Profile has been compromised.

Or Your Gmail has been compromised by hackers.  We need to call to verify your identity.  Reply with 'READY' when you are ready to take the call.

This is a scam.

Besides the fact that Google would never spell their service as "G-Mail" (it is Gmail), and would an official message from Google have such terrible English?  And would Google use the word "hacked?" - of course not.  With those observations aside, if Google did detect your account was compromised, they would shut it down and make you come to them to re-activate.  Like your bank, they do not send messages about account information.  All of these clues are flags that say ignore this message. 

What should you do:

1.  Nothing.

Do not reply to the text message.
Do not even bother changing your Gmail password.  You were not hacked.
Do not bother reporting the scam - it is fruitless.

This is a 'phishing' expedition, nothing more.

They are looking for information.  The perpetrator is building a database of likely users.  Your number was randomly generated and they hope you have a Gmail account.  Hotmail and Yahoo users can see similar messages.

Still Paranoid?

If you want to make sure your account was safe, log in.

If your account were hacked, the first thing they would do is change the password, locking you out.  Being able to login indicates nothing happened.  When logging in, do not use any links provided in another text message or email -- instead, go directly to "" - this way you won't arrive at a spoofed-login screen.

Consider checking your account's last activity.  From the main Inbox, look at the bottom footer.  Click "Last Account Activity: Details".   This gives a full report.

Optionally, go to "Account" settings by clicking the upper-right pull-down near your account picture's thumbnail.  Choose "Account Information."  On the displayed screen, note the last login date (this is the login prior to this one) and note the country where it was logged in from.  If this all seems reasonable, once again, do nothing.

Google has more on Last Account Activity with more in-depth reporting: 

Related Article:
Confirm and Protect your Gmail Account with these easy steps

What if you Replied:

From around the web, those who did reply to the text message, report another text saying, "please enter the verification code -44- when we will call you."  There might be a message about your Voice Mail being setup or other such nonsense.

All that happened is you confirmed your phone number is accepting text messages and a gullible person responded.  Your name and number will be sold the the highest spam-bidder.  Expect a lot of Viagra messages.

One person, after replying, reportedly got a call from "Gmail Support" and was charged $99 to unlock the account and install "lifetime protection." Oh my gosh!  No!  She was completely ripped off and adding insult to injury, she gave away her Visa card and the farm. 

Google 2-Step Verification

When I first saw this message, I did a double-take, and then laughed.  I use Google's 2-step verification.  My account could not be hacked -- even if they knew my user-id and password, they can't log in.  

With two-factor authentication, I use my normal User-ID and password and then a few seconds later, Google sends a text message to my cell phone.  In a secondary Google login screen, I type the numeric code from the text message.  Only then can I open my account.  This technique works with both smart and non-smart cell phones.

It works like this: 
    Login with something you know (your credentials)
        + something you have (your phone)

The only way to get past this is to kidnap me and my phone.  Details on Google's 2-step verification can be found here: link:  Two-step verification

Update:  2014.11  -- Google now has an app, "Google Authenticator", which is faster and better than an SMS text message.

What if you don't have your phone?  You can't login.  However, when you first engage this service, Google provides a short list of longer emergency codes that only you know.  Print these and file in a drawer should you ever need them. 

Other GMail Protection Steps:
Keyliner Article:  Protect your Gmail Account.

Other details:

The phone numbers sending the text can come from literally hundreds of different locations.  Here is a sample phone number list from around the web:

2102016341   210-201-6341
2622084748   262-208-4748
3317257397   331-725-7397
3605620248   360-562-0248
4174131642   417-413-1642
5087841859   508-784-1859
6465048392   646-504-8392
7075066468   707-506-6468
7243157540   724-315-7540
8032655725   803-265-5725
8082655725   808-265-5725
8649771320   864-977-1320
9142364339   914-236-4339
9142364339   914-236-4339

The Reply message can be a variety of keywords, including
-SEND CODE-, etc.

All the changes in the message are to work past spam filters and to make the message sound unique.

Related Article:
Confirm and Protect your Gmail Account with these easy steps

Other articles of Interest:
Cleaning Windows Startup Programs (streamlining your boot times)
Using Microsoft's free virus scanner (MSE)
Speeding up slow USB devices

Interesting article on GoogleTwo-Step hacking.  This does not dim my appreciation for what Google has done:  Bypassing Google's Two-factor Authentication

Not that you will need this, because your account was not compromised:
Google Account Compromised:

No comments:

Post a Comment

Comments are moderated and published upon review.