(OT) Gmail Account Hacked - what else should I do?
Mark Phillips
mark at phillipsmarketing.biz
Mon Jan 16 15:23:39 MST 2017
It looks as if my wife's gmail account was hacked on Jan 9, and I want to
see if there is anything else we have to do to clean up the mess.
1. She stopped getting any email on Thursday in this account. We tracked it
down to a filter that sent all incoming email to Trash. We deleted the
filter.
2. A little more digging, and we found a suspicious login from NY on Jan 9.
She swears she was not in NY on that day....and, absent any proof to the
contrary, I believe her. ;)
3. There was a Google Brand account attached to her gmail account, which we
deleted. No idea what that is.
4. There are several delivery failure emails in her Trash folder like this
one:
Address not found
Your message wasn't delivered because the domain houston.rr.com couldn't be
found. Check for typos or unnecessary spaces and try again.
The response from the remote server was:
DNS Error: 10339950 DNS type 'mx' lookup of houston.rr.com responded with
code NOERROR 10339950 DNS type 'aaaa' lookup of
cdptpa-smtpin01.houston.rr.com. responded with code NXDOMAIN 10339950 DNS
type 'a' lookup of cdptpa-smtpin01.houston.rr.com. responded with code
NXDOMAIN
Final-Recipient: rfc822; jham003 at houston.rr.com
Action: failed
Status: 4.0.0
Diagnostic-Code: smtp; DNS Error: 10339950 DNS type 'mx' lookup of
houston.rr.com responded with code NOERROR
10339950 DNS type 'aaaa' lookup of cdptpa-smtpin01.houston.rr.com.
responded with code NXDOMAIN
10339950 DNS type 'a' lookup of cdptpa-smtpin01.houston.rr.com. responded
with code NXDOMAIN
Last-Attempt-Date: Sat, 14 Jan 2017 14:09:54 -0800 (PST)
---------- Forwarded message ----------
From: Steven Walls <allison at phillipsoasis.com>
To: Steven Walls <wallssteven1 at adsolutionpro.us>
Cc:
Date: Wed, 11 Jan 2017 15:21:41 -0500
Subject: Apple Inc. is Hiring with an Attractive Pay!!!
Need weekly pay for driving your car?
Make $ 400 every week for having an AD of Apple Inc. attached to you car
while you drive.
Reply to find out more.
Steven Walls
I assume Mr Walls is the hacker (or his/her alias) and was using her
account to send out spam emails. We have changed her password to something
a little more obtuse than what she was using....Will have to get her set up
with LastPass to keep her honest with her passwords.
Anything else we should do?
Thanks!
Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20170116/d690ac2e/attachment.html>
More information about the PLUG-discuss
mailing list