The hacking of Gmail accounts has been a constant occurrence for several years now. Those who have had their own accounts hacked know that Gmail notifies users when their accounts have been compromised or if attackers have tried to access their account from an unknown machine, and Google instructs them to create a new password to make their accounts are secure again.
But users who only create a new password may very soon find that their accounts have been compromised yet again. That’s because once hackers have accessed Gmail they have a variety of tools at their disposal to keep accessing it without needing to know your new password. If your Gmail has been hacked, take these steps to ensure it is truly secure:
Check Your Filters: The easiest way for a hacker to keep accessing your email after you’ve supposedly re-secured your account is to set up forwarding rules that push your emails to them.
Under Settings->Forwarding and POP/IMAP, check to make sure that ‘disable forwarding’ is selected. Then check your filters list and make sure there aren’t any rules set up to forward email to any address you don’t recognize.
Check Password Recovery Settings: The next easiest way for a hacker to maintain access to your account is to alter your password recovery settings.
Go to settings->Accounts and Import->Google account settings->Change password recovery options->Email.
Make sure an additional recovery email address wasn’t added. Also check to make sure that neither the SMS number nor the security question has been changed. A crafty attacker will keep the security question the same but change the answer to one that they know.
Check Documents and Calendars: Gmail offers lots of tools beyond just email and each one offers attackers more backdoors to your account. If you have Google Voice, check to make sure your voicemails and text messages aren’t being sent to additional addresses. Next, check Google Drive (formerly Google Docs) to make sure your documents are shared only with people you know you’ve authorized. In the Calendar settings, click ‘reset private URLs’ in the private address section – that changes the private address that can access your calendar. Then click the ‘Share this calendar’ tab and make sure there aren’t any email addresses in there that you don’t recognize.
Check for Rogue Applications: Because Gmail is an entire suite of applications and not just an email account, you’ll have to check to see if the attacker added his own malicious application. These days we give applications all sorts of permissions and don’t think twice about it; an attacker can add their own application that gives them full access privileges to your account, so make sure you recognize all the applications in your account – and for your own sake, find out what permissions they have and determine if you’re really comfortable with what you find.