Hacking always makes the headlines and in recent weeks and months, there have been several high profile cases where major organizations have lost control of a vital part of their network. The focus tends to be on the high profile social media sites, Facebook and Twitter and certainly in Twitter’s case, the mechanics have proved to be far easier to hack.
The fact that these two major players hit the headlines more than others can often mask the danger to other parts of your network that remain vulnerable and one area that receives slightly less publicity is Google Apps. However, if you look beyond those eye catching headlines about Lady Gaga’s Twitter account, you’ll find that Google can be equally susceptible to attack.
In May 2013, Satirical Online Magazine the Onion had its social network hacked by the now famous Syrian Electronic Army. Once again, the compromising of Twitter hit the headlines but the Onion’s Google Apps were accessed at the same time.
Like most of these attacks, the accounts were hacked after a careless employee clicked on a spam link sent by the attackers.
“Once the attackers had access to one Onion employee’s account, they used that account to send the same email to more Onion staff at about 2:30 AM on Monday, May 6,” said the magazine’s online blog post which highlighted the events in great detail.
Once again, the focus was on Twitter during the aftermath of this case while little media attention was placed on those equally precious Google Apps.
If you’re looking for a definition of irony, how about the case of Twitter who had their own Google Apps hacked in July 2009? Once again, the attack began by stealth after a company employee lost access to his own Google email account and the hack spread from there to attack the entire network of the renowned Social Media site.
Over the course of the day email accounts, calendars and other personal information were compromised and for once, a high profile target meant that the hacking of Google Apps really did make the news.
What’s at Stake?
If a criminal gets access to your Google account, the first aspect to be compromised is your email account. You may have even received a spam communication from a contact stating that they are stranded in some obscure country and they need money wired immediately.
Usually this type of scam is easy to identify – a key mistake can frequently be spotted by Google account holders in England when the writer says they are stranded in Scotland but have fortunately held on to their passport – an unnecessary requirement for travel within the UK.
Here’s some actual text from a real communication:
“I made a trip to Scotland (United Kingdom) unannounced some days back. I got messed up in Scotland, stranded in Scotland, fortunately passport was back in my hotel room.”
However, some scammers can be far more sophisticated, but it’s not just your email that’s at risk. Calendars and Google+ accounts are compromised and if you have purchased domain names via Google, the criminal can manage them while claiming the potential to drain any Adsense earnings.
It’s an old cliché but prevention is far better than cure, particularly when it comes to regaining access to your apps. Google are notoriously difficult to contact, even in extreme emergencies so what should you do to safeguard your account?
- Associate your account with a phone number – This is very easy to set up and if anyone, including yourself, requests your password then you will receive a message via SMS.
- Create a separate email address – Google can send recovery details to a new e-mail address in the event of your account being compromised and this can save a heap of time and hassle. Set up a second account even if you use it for nothing else.
- Test the system – Log out of all your Google accounts and start the recovery process. Then, in a real emergency, you will know that the system works!
- Check your IP address – Your unique IP address will appear in the footer of your e-mail account and if it changes or just doesn’t look right then change your passwords immediately. This could be a sign that you are under attack.
Information to Note Down
If you are involved in a long recovery process then Google will ask for certain information so it will help to note the following in advance.
- The month and year that you opened your account
- The month and year that you chose any add-ons – Adsense, Blogger and so on
- The top 5 contacts from your in / outbox
- The names of any separate labels that you have made
Google Hacks may not grab the headlines but they can be very distressing for the individual involved. However, with a little care and by following these simple steps, you can help to keep all your personal information completely safe.
This guest post was written by Kevin Raposo, a blogger for SimpliSafe Home Security. Kevin covers issues related to security, crime, safety, and tech. When Kevin isn’t writing, he’s usually playing the drums, wrestling with his nephew, or volunteering his time at the local zoo. SimpliSafe is a leader in the home security field.