I previously wrote about how you should take time and change your passwords. At the time it was in response to Google saying that:
The intruders do not appear to have stolen passwords of Gmail users …
Well, two instances have occurred to friends and family recently that have me even more concerned. The first instance involved my wife receiving an invite to view a friend's photos. It was late at night and she signed up to the site only to wake up the next morning to a barrage of e-mails from her friends asking her if they should sign-up to the same site. Needless to say, she never gave the site permission to search through and e-mail her contacts, but that's exactly what it did. This was more than a month ago and we're still receiving acceptance messages from friends who the site e-mailed without my wife knowing.
The second instance just occurred yesterday and happened to a technologist that I know. It seems that hackers somehow got into his Gmail account and hacked through his password, which was made up of a random name and a number. He thinks that maybe a merchant account that he used may have been compromised, but he's not sure.
The payload in the above case was far from harmless. First, they e-mailed his contacts that he needed money (more on that below), then they deleted his contacts and changed his security question and e-mail address for password recovery. The only thing that tipped him off was that his Gmail activity listed IPs going into his account. When he saw this he logged off all accounts, changed his passwords and has moved on.
The reason I titled this article the way I did is that had he backed up his contacts, he wouldn't be exactly where he is now--sitting with an empty contacts list. In this case he had trusted the Google cloud, just like millions of us do, but that's exactly what was compromised.
Many people don't think about having to backup their cloud--myself included--but after hearing this experience I figured I'd take the time to walk you through how to backup your Contacts from Google just in case. While you're at it, take the time to change your passwords, too.
Backing up your Cloud is pretty easy these days, you just have to remember to do it. For Google Contacts you go to Google.com/contacts and then click on Export. From there it's pretty self explanatory. Most cloud-based services offer similar export options, and I recommend that you explore them and perform the backup options as soon as you're done reading this article.
Once you're done backing up everything, make sure to check the list of IPs that have been accessing your account. Gmail offers that at the bottom of the screen, but most services will offer up similar information these days, too.
In summary, you never know when you might be hacked so change your passwords, backup your cloud-based services, and check to see if you have any unauthorized visitors poking around your cloud.
The e-mail that prompted this article is below. Since it came from a friend, I was momentarily concerned. Then I remembered seeing something similar so I reached out to him, outside of e-mail, to make sure he was OK.
Subject: Bad News
I'm writing this with tears in my eyes,We came down here to England for a short vacation and i was mugged at gun point last night,at the park of the hotel where we lodged all cash,creditcards and cell were stolen off me, thank God we have our life and passport.
I've been to the embassy and the Police here but they're not helping issues at all,they asked us to wait for 3weeks but we can't wait till then. Our flight leaves in less than 3hrs from now and we are having problems settling the hotel bills.
The hotel manager won't let us leave until we settle the hotel bills.you can speak with him through this number +447024074948 his name is James Williams. we are freaked out at the moment
you can wire the money to me through westernunion all you need is Name on my passport and location below.
Name: [his actual name]
Location: 61 Hyde Park Gate - Kensington London sw7 5bb Kingdom