10

A friend of mine came to me for help with this issues. Her Gmail account has been hacked and keeps sending out spam emails to her contacts. This is happening to her on a monthly basis. Each time it happens she changes her password. She also went through and tweaked all her security settings. However, even after having done all this repeatedly, when she goes into her "Device activity" in her Google Account settings, it keeps showing an unauthorized Android device that belongs to the hacker. It doesn't give her the option to remove it from her devices either.

It looks like the emails aren't being sent from her device (they're sending spam emails to her whole address book and spoofing the from address to make it appear to come from her). However, we still want to know how to rid this device from her account.

Devices & Activity

Brett G
  • 201
  • 1
  • 2
  • 4

2 Answers2

7

She must be missing something...let us try this:

First read about the google answer on "someone is sending spam from my email" here as they state it there: "

  1. The message was spoofed, forging your address as the sender.

  2. The original sender used your address as a reply-to address so that responses would be sent to you.

Neither of these possibilities indicates that your account was compromised..."

There are two ways to check for that:

  1. Get a copy of the email, including headers, and check the originating IP address to see if it was not one you could have been using

  2. If you’re receiving bounce messages from a bunch of email addresses for people you’ve never heard of

If your account was spoofed, they simply created an email that had fake details (usually the “From” or “Reply-to” address), and there is very little you can do to stop this.

If in fact your account have been hacked follow this:

Now if this don't work then we can suspect that the attacker may be regaining the password after she changes it (e.g compromising her pc or if she changes to a not so different password he may be able to brute force it again fast phishing attacks and etc ) if thats the case then i recommend the usual : only change the password via a phone and do some AV scan on all her pcs.

Another possibility is that her password has been leaked on another site especially if she reuse her password everywhere so she may want to choose for a unique password for gmail for now.

Freedo
  • 2,253
  • 5
  • 18
  • 28
2

I think your friend has a phone hacked: a malware can stealthly receive and conceal 2-factor codes, then transmitting them to the attacker

Alexey Vesnin
  • 1,565
  • 1
  • 8
  • 11
  • 1
    This is exactly what is happening to me. I removed gmail from my phone completely and will no longer use any services on the phone that is linked to my account. Of course having said that, one cannot then use Google App store etc. But it is possible to use a proxy account. The other issue is that since my account has been hacked, ALL my documents on Google drive have most probably ALSO been compromised!! The FORCED tie-in of the gmail account with other services is a good idea for google as a business, but a terrible one security wise. – Beezer May 23 '19 at 07:30
  • Was the phone hacked or just the number slammed ? – mckenzm Aug 02 '19 at 02:40