(OT) Gmail Account Hacked - what else should I do?

Mark Phillips mark at phillipsmarketing.biz
Mon Jan 16 15:25:41 MST 2017 

Some missing information - her PC runs Windows, and she only accesses gmail
through her browser.

Mark

On Mon, Jan 16, 2017 at 3:23 PM, Mark Phillips <mark at phillipsmarketing.biz>
wrote:

> It looks as if my wife's gmail account was hacked on Jan 9, and I want to
> see if there is anything else we have to do to clean up the mess.
>
> 1. She stopped getting any email on Thursday in this account. We tracked
> it down to a filter that sent all incoming email to Trash. We deleted the
> filter.
>
> 2. A little more digging, and we found a suspicious login from NY on Jan
> 9. She swears she was not in NY on that day....and, absent any proof to the
> contrary, I believe her. ;)
>
> 3. There was a Google Brand account attached to her gmail account, which
> we deleted. No idea what that is.
>
> 4. There are several delivery failure emails in her Trash folder like this
> one:
> Address not found
> Your message wasn't delivered because the domain houston.rr.com couldn't
> be found. Check for typos or unnecessary spaces and try again.
> The response from the remote server was:
> DNS Error: 10339950 DNS type 'mx' lookup of houston.rr.com responded with
> code NOERROR 10339950 DNS type 'aaaa' lookup of
> cdptpa-smtpin01.houston.rr.com. responded with code NXDOMAIN 10339950 DNS
> type 'a' lookup of cdptpa-smtpin01.houston.rr.com. responded with code
> NXDOMAIN
>
>
> Final-Recipient: rfc822; jham003 at houston.rr.com
> Action: failed
> Status: 4.0.0
> Diagnostic-Code: smtp; DNS Error: 10339950 DNS type 'mx' lookup of
> houston.rr.com responded with code NOERROR
>  10339950 DNS type 'aaaa' lookup of cdptpa-smtpin01.houston.rr.com.
> responded with code NXDOMAIN
>  10339950 DNS type 'a' lookup of cdptpa-smtpin01.houston.rr.com.
> responded with code NXDOMAIN
> Last-Attempt-Date: Sat, 14 Jan 2017 14:09:54 -0800 (PST)
>
>
> ---------- Forwarded message ----------
> From: Steven Walls <allison at phillipsoasis.com>
> To: Steven Walls <wallssteven1 at adsolutionpro.us>
> Cc:
> Date: Wed, 11 Jan 2017 15:21:41 -0500
> Subject: Apple Inc. is Hiring with an Attractive Pay!!!
> Need weekly pay for driving your car?
>
> Make $ 400 every week for having an AD of Apple Inc. attached to you car
> while you drive.
>
> Reply to find out more.
>
>
> Steven Walls
>
> I assume Mr Walls is the hacker (or his/her alias) and was using her
> account to send out spam emails. We have changed her password to something
> a little more obtuse than what she was using....Will have to get her set up
> with LastPass to keep her honest with her passwords.
>
> Anything else we should do?
>
> Thanks!
>
> Mark
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20170116/68758f63/attachment.html>

More information about the PLUG-discuss mailing list