Gmail hacked?

This is a cross-post from the Umzuzu.com blog. 

The Attack

It usually starts the same way each time, you get an email from one of your contacts, "Hey, I got this weird email from you?" 

You immediately know you didn't send them anything weird or otherwise. You check your sent items for clues. Sometimes clues are right there, sometimes the bad guys have covered their tracks. What do you do now?

Technically speaking you probably weren't hacked but rather phished. In a phishing attack you become the unwitting accomplice, actually handing over both your username and password. The images below show the attack email and phishing site that's been making the rounds the past few weeks.

OFTEN THE EMAIL WILL COME FROM A "TRUSTED" OR KNOWN CONTACT AS THE ATTACKER LEVERAGES THE CONTACTS SAVED WITHIN THE VICTIM'S ACCOUNT. 

Stranger Danger

I've shown this site to several people and many of them say if the site was from a trusted person, they'd probably hand their credentials over by attempting to "sign-in".

This site is simply a form that might as well say, "give me your username and password so I can phish your account". If there is ever any doubt, never provide credentials. 

This site offers many clues that can help us determine it's part of a phishing attack. (Click here to enlarge). 

The Response

You've confirmed or strongly suspect someone besides yourself is leveraging your Gmail account to send email. What next? 

Change your Gmail password

You can do so here: https://accounts.google.com/b/0/EditPasswd or from your Gmail Settings: 

1. Open Gmail.
2. Click the gear in the top right.
3. Select Settings.
4. Click the Accounts tab at the top.
5. Click Change password in the “Change account settings” section.
6. Type your current password and your new password. We highly recommend you create a unique password - one that you don't use for any other websites. See more password tips below.
7. Click Change password.

There are also several other ways to access your Account's Security settings. 

Review your Security Settings

You can find them here: https://www.google.com/settings/security 

Review, confirm and update your 'Recovery & alerts' information as needed. This is a great opportunity to review these settings in detail to make sure everything is up to date. 

Check your Gmail Filters

The more sophisticated attacks will often configure Gmail Filters to hide evidence of the intrusion, continue to leverage your account for nefarious activities or attempt to regain access. If a Filter does not look familiar, Delete it. 

To edit or delete existing filters

1. Open Gmail.
2. Click the gear in the top right.
3. Select Settings.
4. Click the Filters tab.
5. Find the filter you'd like to change and click edit or delete to remove the filter.
6. If you're editing the filter, enter the updated criteria for the filter in the appropriate fields, and click Continue.
7. Update any actions and click the Update filter button.

Check your Gmail Contacts

It's becoming more common for the attacker to delete the victim's Contacts. We assume this is to keep the victim from warning other potential victims before the phishing emails have a chance of snaring more victims. If your Contacts have been Deleted, leverage Gmail's 'Restore contacts...' feature under the 'More' menu. 

Review additional information

If you've followed the steps above your account should be back within your control. Google does provide additional tools that can be leveraged to review additional information. 

From the Gmail footer, you can find 'Last account activity' Details in the bottom right or by visiting 'Recent activity' here: security.google.com (When accessed from Gmail, this feature also allows you to "Sign out all other sessions", very handy if you forget to sign out somewhere.) 

Last account activity will show us the recent login activity for our account - if you see Germany, China, Russia, etc. but happen to be in the United States you know your account was indeed compromised. It is common to see your mobile device log activity from other areas but they should be within the United States and relatively close to your general location.   

Protecting yourself

Leverage two-factor authentication 

Enable 2-Step Verification, commonly called Two-Factor Authentication. You can start the process here.

As Google explains:

2-Step Verification drastically reduces the chances of having the personal information in your Google Account stolen by someone else. Why? Because bad guys would have to not only get your password and your username, they'd have to get a hold of your phone.

Two-factor authentication would have foiled the phishing attack detailed in this post. Once your computer is authenticated you won't have to use two-factor authentication every time but anytime a new computer tries to access your account, two-factor authentication will be required. This strikes a good balance between convenience and security. Today many modern services offer two-factor authentication, you can learn more about other services offering this feature here. 

Never trust an unknown or unexpected login page

If you're going about your business on the web and are unexpectedly asked to provide credentials, stop. Never login to a page you don't recognize or don't expect. Always review the URL of the site requesting credentials. If anything looks 'phishy' close the window and attempt to access the service as you normally would from a trusted URL like Gmail.com or Drive.Google.com  

Leverage a good password

Keep your password secure. Don't share your password with others. In Gmail leverage Delegate Access rather than shared passwords. Don't have a single password for the whole office. If you ever think your password may have been exposed, be proactive and change it. 

Never use your primary email address and password as a username/password combination for other sites. 

Many services will allow (or require) an email address as a username, while convenient this can also be problematic if you use the same password for that site as the associated username for your email account. For example, Forbes was recently attacked by hackers who gained access to everyone's username. 

THE SECURITY MESSAGE CURRENTLY ON FORBES.COM, FEBRUARY 17TH, 2014. 

If your email address here is your primary email address and you used the same password for that email account and Forbes, you're at a greater risk of having your account compromised. While Forbes states that passwords were encrypted we can't know the strength of the encryption or if it was fully implemented. Bottom line, we don't want our primary account password in more places than it has to be. Increased points of exposure and passwords don't mix. 

Chromebooks. Beyond Client-Server

Currently the #1 Best Seller in Computers & Accessories on Amazon.com is the Samsung Chromebook.

I'm very bullish on Chromebooks and ChromeOS and have been since testing the prototype devices almost exactly 2 years ago today. I'm excited by Chromebooks because they're simple. Simple is good.

Simple is the opposite of complex and as famed technologist Ray Ozzie notes in his Dawn of a New Day memo, complexity is not cool.

Complexity kills. Complexity sucks the life out of users, developers and IT. Complexity makes products difficult to plan, build, test and use. Complexity introduces security challenges. Complexity causes administrator frustration.

As someone who often plays the roll of administrator, or managing others playing this roll, I have a particular appreciation for the awesomeness that is simplicity. Ray Ozzie feels the same way as Leonardo da Vinci did some 500 years ago as he stated, “Simplicity is the ultimate sophistication.” Some things never change.

Blackberry and Outlook sitting in a tree...

Research in Motion (RIM), the company behind Blackberry smartphones, is in the midst of one of the greatest company collapses in the history of business. If you're interested, tech-centric publication The Verge provides an excellent overview of events. The company itself has lost about 80% of its value in the last 12 months. You don't need to be a geek or financial wizard to figure out the problem. Bottom line, people aren't buying Blackberry phones anymore. At Umzuzu we encourage people and companies to move away from Blackberry devcies as quickly as possible but rarely do they need any additional encouragement from our team - they're making this move on their own.

There are many factors contributing to RIM's collapse into oblivion. A failure of leadership will certainly be at the heart of dozens of articles, business school case studies and books written about the once iconic company. RIM's collapse is also a direct result of a technology trend called consumerization.

Wikipedia describes the concept: 

Consumerization is an increasingly accepted term used to describe the growing tendency for new information technology to emerge first in the consumer market and then spread into business and government organizations. The emergence of consumer markets as the primary driver of information technology innovation is seen as a major IT industry shift, as large business and government organizations dominated the early decades of computer usage and development.

RIM didn't build phones for the consumer, they built phones for "the enterprise" - specifically for the IT department. Little know fact, consumers and employees are one in the same. Steve Jobs and the team at Apple were extremely aware of  this and built the iPhone first and foremost for people. It wasn't IT who first introduced the iPhone and later Android devices into the enterprise - it was the business user. People loved their iPhone, a device that served them better than their Blackberry in every conceivable way. The iPad has followed almost the exact same path into the corporate hallways of businesses of all sizes. 

Consumerization says, "nom nom nom"

Consumerization is a relatively new trend in technology. The term itself was used for the first time about 10 years ago. A majority of people, especially those in corporate IT, underestimate the impact it will have over the next decade.


What's the next iconic brand in consumerization's path? My guess is Outlook.


Like the Blackberry, Outlook is usually viewed as a necessary evil, the price of working in the "corporate world". Outlook can work well depending on the amount of continuous investment the firm is willing to put into their desktop and server infrastructure. In the SMB environment, Outlook is often a primary source of user frustration, lost productivity and general IT issues. 


Microsoft also sells their Enterprise Agreements (EA's) to the IT department. But people have started to reconsider their options. They forward their messages to Gmail, they share their schedules via Google Calendar, and business units at the world's largest enterprises regularly leverage Google Docs and Sites without their IT department's help much less permission. It's just easier.


I leveraged Social Radar to conduct a quick little test. Social Radar lets me research billions of online conversations in a few seconds. Here we look at a couple of basic phrases over the past 12 months ... see an interesting comparison? 

Consumerization transfers purchasing power, and the influence that comes with it, from large businesses into the hands of the individual. I wonder what they'll chose?  

Goodbye RIM

RIM had a horrible 2011 but 2012 will be much, much worse. Personally I doubt RIM will make it to 2013 as an independent company. I can't think of a buyer because I'm not sure why anyone would buy the firm but something is going to give in 2012 and it won't be reality.

The consumerization of technology is just starting to impact corporate IT environments and unfortunately for RIM, they're right in the crosshairs. The days of the corporate issued Blackberry are quickly coming to an end. Employees from the boardroom to the summer internship program have all gotten their hands on an iPhone or Android device. They got a taste of an experience created just for them and the Blackberry became a necessary nuisance, if it continued to be part of their life at all.

The Internet is the most disruptive technology in human history. Unfortunately for RIM, the most utilized app on smart phones is the browser. Surfed the web on a Blackberry lately? A look at the newspaper industry, the most obvious victim of Web 1.0's text and links, provides a clear illustration of how disruptive technologies can impact business models.

Now, just think of people you know who have Blackberry devices. That chart over the past few years would look very similar. Turns out a tiny little keyboard that clicks isn't a good match for the entire World Wide Web. You'd think RIM executives would have seen that coming, too busy being successful yesterday to think about today much less tomorrow. Web 2.0 is now in full swing. 

RIM's devices and data network are obsolete. The world has moved on. RIM will make an exceptional case study for business students taking disruptive innovation 101. 

Disruptive Technology 101

Cloud computing is a great example of a disruptive technology. The term was coined by Clayton Christensen and he developed the idea in both articles and books, The Innovator's Dilemma covers the concepts in great depth.

Disruptive technologies are, just that, to established markets and vendors. Think of MP3 players' impact on the market for CDs. Disruptive technologies put companies like Borders out of business.

Disruptive technologies often have common attributes. For example they are typically first adopted in seemingly insignificant markets and typically at lower costs than the established technologies. I was reminded again today of cloud computing's disruptive attributes.

First, U.S. News and World Report released their list of top 100 universities in the United States.  Google took the opportunity to announce that 61 of these universities are powered by Google Apps for Education. These students are learning new ways to communicate and collaborate.

Second, news about the finalists coming out of TechCrunch Disrupt, which is a conference geared at giving young new companies a platform to flash their stuff. One of the nice things about mail exchange (MX) records, which let people email each other, is that they're public. We can look at the MX records for some of the most exciting new companies around. Everpix, Bitcasa, Pressly - and on and on and on - these companies all leverage Google Apps for messaging. Next time you read about a cool new or young company, enter their url in http://www.mxtoolbox.com/ to see what comes back - chances are excellent you'll see the names of Google's messaging services.

Google Apps has moved well beyond education and new business, with clients like the General Services Administration, but its domination in these two critical sectors is telling.