At 5:46AM the morning of May 19, 2010 I received an email from a client’s Gmail address (the address used in from/senders). The contents of the email tipped me off that it was probably the result of an earlier Gmail phishing attack (and that my client was not in fact shopping at snnsn.com).
I did a little research and did note that Google was the victim of at least 2 well publicized phishing attacks in 2009:
One in October:
And another Phishing attack earlier in the year in February:
Below is the subject and body of the email:
Subject: A gift!!!
My friend sent me a digital camera a few days ago,which he bought at a online shop,and I am using the camera right now,I find it is original and really has superior quality,and the price is absolutely competitive in the market,he told me the company website<www.snnsn.com>, I find they have a full range of products,and there are a great many members there,You can spare some time to log on their web to have a check,there must be something that interests you!
One interesting aspect of this email from the Gmail phishing attack was that they chunked off a couple of my client’s contacts covering first names starting with only 2 letters (in this case d through e). Below was my immediate reply to my client in response to this spam email:
At the moment I can’t find much more than this initial report (for this particular spam mail). If this looks like emails from your gmail account contacts then you’re account has been compromised (there’s been a few reports of phishing attacks on Gmail from 2009). You’ll want to change your password with one that’s at least 8 characters, a combination of letters and numbers, at least one uppercase and a special character.
After a bit more research I found a nice post in the Google support forums aptly named, “Help, spam has been sent to all of my contacts from my gmail account! How do I report this?”.
The most popular answer contained the following important tips:
If your account has been compromised/hacked/stolen you will need to check and fix at least all of the following settings.
But first you need to check the bottom of the Inbox and make sure your account is not open at any other locations. If it shows additional locations, open the Details window and “Sign out all other sessions”.
Settings -> Accounts and Import -> Google Account Settings -> Change Password [pick a new secure password]
Settings -> Accounts and Import -> Google Account Settings -> Change Password Recovery Options [verify secret question, SMS and recovery e-mail address]
Settings -> General -> Signature [make sure nothing as been added]
Settings -> General -> Vacation Responder [make sure it’s disabled and empty]
Settings -> Accounts and Import -> Send Mail As [make sure it is using your correct e-mail address]
Settings -> Filters [no filters that forward or delete e-mail]
Settings -> Forwarding and POP/IMAP -> Forwarding [disabled or correct address]
Settings -> Forwarding and POP/IMAP -> POP Download [disabled]
Settings -> Forwarding and POP/IMAP -> IMAP Access [disabled]
In that same post there are an additional number of links referencing valuable information on how to harden your Google Gmail account and hopefully prevent or at least mitigate any future damage from these Gmail Phishing attacks.