2 factor authentication is a huge step to protecting your account. PS take a picture of the QR code and save the code to type in. Can help in authenticator recovery
On Mon, Jan 16, 2017 at 3:37 PM, Matthew Crews <[email protected]> wrote: > I'll start with the obvious. > > 1. Change her password. Use something fairly complex and UNIQUE, do not > reuse an existing password. > > 1a. Download a password manager and change ALL passwords. I would ALMOST > recommend using this for Google, but Google is one of those services you > need to memorize the password for. > > 2. Enable 2FA. I presume you are using a cell phone that has text > messaging support. Enable 2 factor authentication with her Google account, > either with SMS or with their authentication app. > > 3. Enable 2FA. Seriously, if a service has that option, use it > > 4. Install some virus scanners and look for malware. The most likely > reason her account was hacked, besides password reuse, is a drive-by > malware install from web advertising. > > 4a. A full reformat of her PC is recommended. I would use a Linux tool > like DD or Shred to completely wipe the HD, boot sector included. > > 5. Fully update her system. This includes OS updates, software updates, > driver updates, etc. > > 6. install ad-block or similar software, and/or uninstall Flash and Java, > to limit or eliminate this attack vecto > > 7. If your wife is not tech savvy, now would be a good opportunity to > teach her general safe practices for surfing the web. > > 8. Don't exclude the possibility of malware on her smart phone, if she has > one. If it's an old Android or iOS phone that no longer received OS > updates, I recommend tossing it and buy something that receives them still. > > Those are the basics. > > On Mon, Jan 16, 2017, 15:25 Mark Phillips <[email protected]> > wrote: > >> Some missing information - her PC runs Windows, and she only accesses >> gmail through her browser. >> >> Mark >> >> On Mon, Jan 16, 2017 at 3:23 PM, Mark Phillips < >> [email protected]> wrote: >> >> It looks as if my wife's gmail account was hacked on Jan 9, and I want to >> see if there is anything else we have to do to clean up the mess. >> >> 1. She stopped getting any email on Thursday in this account. We tracked >> it down to a filter that sent all incoming email to Trash. We deleted the >> filter. >> >> 2. A little more digging, and we found a suspicious login from NY on Jan >> 9. She swears she was not in NY on that day....and, absent any proof to the >> contrary, I believe her. ;) >> >> 3. There was a Google Brand account attached to her gmail account, which >> we deleted. No idea what that is. >> >> 4. There are several delivery failure emails in her Trash folder like >> this one: >> Address not found >> Your message wasn't delivered because the domain houston.rr.com couldn't >> be found. Check for typos or unnecessary spaces and try again. >> The response from the remote server was: >> DNS Error: 10339950 DNS type 'mx' lookup of houston.rr.com responded >> with code NOERROR 10339950 DNS type 'aaaa' lookup of >> cdptpa-smtpin01.houston.rr.com. responded with code NXDOMAIN 10339950 >> DNS type 'a' lookup of cdptpa-smtpin01.houston.rr.com. responded with >> code NXDOMAIN >> >> >> Final-Recipient: rfc822; [email protected] >> Action: failed >> Status: 4.0.0 >> Diagnostic-Code: smtp; DNS Error: 10339950 DNS type 'mx' lookup of >> houston.rr.com responded with code NOERROR >> 10339950 DNS type 'aaaa' lookup of cdptpa-smtpin01.houston.rr.com. >> responded with code NXDOMAIN >> 10339950 DNS type 'a' lookup of cdptpa-smtpin01.houston.rr.com. >> responded with code NXDOMAIN >> Last-Attempt-Date: Sat, 14 Jan 2017 14:09:54 -0800 (PST) >> >> >> ---------- Forwarded message ---------- >> From: Steven Walls <[email protected]> >> To: Steven Walls <[email protected]> >> Cc: >> Date: Wed, 11 Jan 2017 15:21:41 -0500 >> Subject: Apple Inc. is Hiring with an Attractive Pay!!! >> Need weekly pay for driving your car? >> >> Make $ 400 every week for having an AD of Apple Inc. attached to you car >> while you drive. >> >> Reply to find out more. >> >> >> Steven Walls >> >> I assume Mr Walls is the hacker (or his/her alias) and was using her >> account to send out spam emails. We have changed her password to something >> a little more obtuse than what she was using....Will have to get her set up >> with LastPass to keep her honest with her passwords. >> >> Anything else we should do? >> >> Thanks! >> >> Mark >> >> >> --------------------------------------------------- >> PLUG-discuss mailing list - [email protected] >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss > > > --------------------------------------------------- > PLUG-discuss mailing list - [email protected] > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen
--------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
