Compromised Email

A friend of mine had his security compromised a few days ago when someone managed to steal some information from him and cause further damage. He called and wanted to know things he should do.

I told him to assume his home computer, or all of them, was compromised and I encouraged him to use a different platform (a chromebook in this case) to start resetting his passwords and revalidating his information. Leave his likely compromised home computer alone for a while. Turn it off.

He started down this path and then re-logged into his email account (gmail in this case) and changed the password.

I wasn’t with him at this time but a few minutes it occurred to me that he ought to look at the filters or rules that he had put in place to process his email so I sent him that message. I don’t know why I thought of this as I don’t recall thinking of it or reading about this before, but I just thought he ought to look at his filters. He looked.

Someone, had put a filter in place to block certain inbound emails and send them elsewhere.

So, his email had been compromised and the perpetrators had been clever enough to put filter rules in place to further hide the compromise as long as possible. Amazing. I had never considered this before and I’m still thinking about its implications.

If you get your email or computer compromised, you really need to start over on a new platform and then methodically regain control of your accounts. And, turn on two-factor authentication wherever you can.

Be careful out there.

2 thoughts on “Compromised Email”

  1. Hi Mark,

    This is a very good point. I never thought of this. I will have to revalidate all my filters. The challenge is that I have too many filters in my gmail. For future I will have to write a app to alert me if any of my filters is modified. Looking into it now.

    Thanks for blogging about this.

    Saqib

    1. Let me know if you figure out how to write something that notifies you of new filters being created. It is almost a filter that notifies you of new filters or deletions/modifications of existing filters (including itself). Thanks for stopping by Saqib.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s