Jump to content
Chinese-Forums
  • Sign Up

Watch your Gmail accounts


roddy

Recommended Posts

A couple of days ago I tried to log into my gmail account and it then warned me that it had detected suspicious acticity on my account and took me to a page which prompted me to put in my cell phone number in order to recieve a text and then enter it back in for verification.

I tried this a couple of times, but each time it said the code didn't match. Today, I just got a message to my other email account that gmail has disabled my account permanently due to 'violating terms of service'.

Not sure why they would disable my account but it is definetly a pain because I was subscribed to at least one pay site through that email. ugh.

Anyone know of other good email servers to use? or should I just make a new gmail account?

Link to comment
Share on other sites

Unless you really know your way around networking (or you're a hacker yourself), I don't think you're ever going to find out... This is the same as asking the question : "What are all the ways that a dedicated hacker could have to hack your computer ?"

Things like this happen all the time, no matter which country you're in. I was lucky to have been warned by some friends last time my hotmail account got hacked.

Just to be sure, run a complete scan of your harddrives, you may have a spyware installed somewhere. The rest is basic internet safety rules :

1- Don't let your webbrowser remember your passwords, nor any website

2- Change passwords OFTEN

3- Set complicated passwords

4- On your email account : do not open emails from unknown senders or with unspecified topics

5- Check sent emails, spams and deleted elements on a regular basis, and empty folders

...

These are a pain, I know, but it remains the best way to protect you accounts... Of course, if a skillfull hacker decides to get into your computer, there isn't much you can do...

Good luck anyway !

Link to comment
Share on other sites

Well, everyone has it's own way to remember things... And just to edit on what I wrote, a complicated password (for a computer) simply means that it has numbers and upper case / lower case letters in it. It doesn't have to be like Hk2346lzfKJ ! ^^

And, if you have trouble remembering them, you can still have them written on a piece of paper with you. Not the safest thing to do, but hackers don't usually attack you physically or rob you before breaking into your computer. Keep a copy at home and, if you loose the sheet, change all your passwords immediatly...

Link to comment
Share on other sites

1- Don't let your webbrowser remember your passwords, nor any website

2- Change passwords OFTEN

3- Set complicated passwords

Well, I have good news for you guys. A recent study has shown that changing passwords is practically a waste of effort. (See Please Do Not Change Your Password ) The catch is that most passwords are stolen through certain direct means like the one in this thread (DNS spoofing to fake servers) rather than obtained by "guessing" it. (Brute-force "guessing" attacks are the major reason it is advised to change passwords in the first place.) It is also becoming common practice to limit the number of login attempts, so a brute-force attack like that is impractical if the password is fairly long and complex. (Long and complex passwords always had some power to repel this kind of attack, but the new practices make things much safer.) This fact lessens the risk associated with keeping the same password for a long time.

I do recommend setting different passwords for banking vs. everything else, however. It is theoretically possible for someone running a small website to figure out your password and then use THAT to snoop on you at other websites. If one website has faulty security, all your accounts could be compromised. This risk is also small, and you can prevent it completely anyway. If you don't change your passwords often it is possible for you to remember at least 5 or so. It's like learning phone numbers.

Hi ansileran, I am getting old and I find memorising new things increasingly difficult.

Instead of keeping passwords on a sheet of paper, I like index cards with a binder clip. Use one card for each account. If you add new accounts you can write on more of them. Some websites are requiring security questions in addition to passwords to log in, so index cards are nice for that too. It's a flexible system. I've been thinking of writing my passwords in a book but I never had the motivation to do it in several years because the index cards are doing their job well.

Link to comment
Share on other sites

Passwords managers are a bit more secured as just letting your webbrowser store your passwords, but they still are listed in a file on your computer. Every time you unlock this file, all your passwords become accessible and there are spywares designed to look for this... Of course, being paranoid about computer security is annoying, so I guess it just depends on what your passwords protect : I would never use such a thing to store the passwords for my bank accounts but it might be fine for other things...

Link to comment
Share on other sites

What kind of Internet banking is only protected by a password though?

From what I know many banks' internet banking seems to require no more than a username and a password (e.g. Bank of China HK, Standard Chartered HK, Citibank, etc).

HSBC (HK) provides each user with a security device that generates a security code that you input when you access its internet banking. I find it very troublesome as it requires me to carry that device (although it is small). Some other banks text a second access code for input to their webpages, and this I think is more user-friendly.

Link to comment
Share on other sites

From what I know many banks' internet banking seems to require no more than a username and a password (e.g. Bank of China HK, Standard Chartered HK, Citibank, etc).

Wow, that's just making things too easy for the criminally-minded. I can't believe that anyone is willing to bank with them.

HSBC (HK) provides each user with a security device that generates a security code that you input when you access its internet banking. I find it very troublesome as it requires me to carry that device (although it is small). Some other banks text a second access code for input to their webpages, and this I think is more user-friendly.

Personally, in a security vs. convenience tradeoff, I would prefer to have banks err on the side of security. Though the GSM network is hardly invulnerable to snooping, at least they are way ahead (security-wise) of the cowboys relying on static authentication credentials.

Link to comment
Share on other sites

I have accounts in three different banks in France (other than HSBC) and the only thing require before tranferring funds is to enter your password again, so if someone steals it, then this person won't have any trouble emptying the account... Of course, the way you enter your password is more secured than simply typing it and it can't be registered by your webbrowser.

Link to comment
Share on other sites

But then there are other security measures other than passwords and codes, e.g. you need to pre-register at the bank in person, showing your ID, if you plan to transfer funds to other banks or to accounts other than your own using internet banking.

Link to comment
Share on other sites

  • 3 weeks later...

I dealt with the same issues described earlier in this thread (a month or two ago), and just today Gmail warned me that it had detected a possible unauthorized access of my account.

Unknown China (unitedlayer.com:207.7.138.117) Sep 6 (1 day ago)

I'm not entirely clear on this, since it says that it came from China, and used an "unknown access type", but the IP address appears to be in San Francisco.

Link to comment
Share on other sites

That's a Witopia IP address - not only has it tried to access your Gmail account, it's made numerous posts on these forums. Nothing to worry about, assuming you're a Witopia user (or of some other VPN, there could be reselling going on).

Link to comment
Share on other sites

  • 2 weeks later...

I've started getting the account access warnings from Gmail also - all associated with VPN use, guess it does look a bit dodgy if you're logging in from China one minute and Washington DC the next. I'm actually a bit surprised my online banking hasn't spotted this as some kind of issue.

Link to comment
Share on other sites

I've had a look, I couldn't find anything unusual when trying to log into my GMail account.

There's a few potential solutions I could think of to make your account safer:

1) Method 1

Having 2x GMail accounts, one as your main and another as a proxy account.

The proxy account which downloads email from the main account via POP, and setting up the proxy account to send emails on behalf of your main account.

I may write a paper on this later with more specific instructions.

2) Method 2

Or get a "free" * google apps email account. You'd have to have your own domain name (.com) for this which costs about $10 per year.

Your sign in address would then be http://www.google.com/a/yourdomain.com and your email could be anythingyouwant@yourdomain.com

This would skip the need for accessing http://www.gmail.com

You could also set this us to get messages from your old gmail account on it's own.

NOTE: yourdomain.com can be anything you choose that isn't taken.

IMPORTANT NOTE: Once you have a for your own email it's hard to get rid of as you'll lose it when/if it expires. So if you do this be prepared to pay $10 per year forever.

If you're interested in this, I can help, I've done it a hundred times (ok maybe about 10 really)

3) Method 3

You could use a client such as Thunderbird to download messages via POP and essentially skipping using the website - I can't guarantee they can't exploit this...

NOTE: ========> Make sure the client leaves a copy all messages on server before the first download

========================

I can't guarantee any of these but they're just some ideas.

Link to comment
Share on other sites

Join the conversation

You can post now and select your username and password later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Click here to reply. Select text to quote.

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...