How JustAnswer Works:

  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.

Ask loadedmind Your Own Question

loadedmind
loadedmind, Mac Support Specialist
Category: Mac
Satisfied Customers: 359
Experience:  Several years experience as consultant, corporate I.T. & sysadmin.
24048999
Type Your Mac Question Here...
loadedmind is online now
A new question is answered every 9 seconds

email account hijacking

This answer was rated:

My home network has 2 ibook G4's and an Imac. My three email accounts were are hijacked within hours of each other. All had the same password; one aol, two gmail. I have changed all the passwords and now have unique alphanumeric upper and lower case passwords for each account. How do I know I don't have resident malware which will simply hijack them again? What other protection should I put in place? The hijacker was able to read my old emails and delete my contact list. 
Unfortunately, I had the same problem with my Gmail account. I can't speak for the AOL account, because, the nature of passwords allows them to be brute-forced, or, eventually cracked. You have another option with Gmail accounts though. It's called two-factor authentication. Here's an excerpt from the wiki page regarding two-factor authentication:

quote:
Two-factor authentication (TFA or 2FA) means using two independent means of evidence to assert an entity's identity to another entity. From a security perspective, the idea is to use evidences which have separate range of attack vectors (e.g. logical, physical) leading to more complex attack scenario and consequently, lower risk.

AOL offers two-factor authentication, but you have to pay for it. Frankly, I believe all those that do not have stronger password XXXXX are at risk of another attack, but it's a chance others don't yet see because they haven't been inconvenienced (hacked) as of yet. It's one of those things that, unless it causes you pain, will most worry over - however unfortunate the facts may be.

That said, I can help you setup two-factor authentication for your Gmail account to help greatly reduce the risk of having your account comprimised again. Some great news - if you have an iPhone, you can download a free app called Google Authenticator. Simply search and install from the App Store on your iPhone to get it.

Once done, here are the steps to setup the two-factor authentication for your Gmail account:

1. Download and install the app for your smartphone: Android, BlackBerry, iOS

All you need to do is install the app. The Android version will also require the Barcode Scanner app from ZXing (which is free, and tremendously useful.)

 

2. Visit the SMS AuthConfig page from Google found here: google.com/accounts/SmSAuthconfig


3. Use the smartphone app to scan the provided QR code

Once you open the Google Authenticator app, you can scan the QR code provided and it will instantly spit back a verification code.

 

4. Print your backup codes

 

5. Set up backup authentication via SMS

In the next step, you can put in a telephone number for SMS. If you ever lose your authentication keys, you can have Google send one to an authorized device via SMS. To set it up, put your number in the box and click “send”. Type in the code they text you.

 

6. Set up application-specific passwords

Some Google applications don’t honor the two-factor authentication seamlessly. However, you can generate application-specific passwords that protect those apps. Once you turn on two-factor authentication in the final step, you’ll be logged out of your Google account. Log back in using your normal password XXXXX your new second factor (the number generated from your smartphone). It will tell you that you may need to create application-specific passwords.

 

There are only a handful of malicious code that Macs are susceptible to, so the chances of your Macs being comprimised are pretty slim, but I say one can't be safe enough. I use anti-virus on my Mac, more for the benefit of those I email who are mainly PC users to ensure I'm not spreading malicious code that may have been sent from someone who sent me an email before I forward it along. Most anti-virus software for the Mac will do just fine, but I'm anal when it comes to applications hogging valuable resources from my Mac. The one I chose that seems to have the lightest footprint in terms of CPU/memory usage is Intego VirusBarrier. You can download it by typing VirusBarrier in Macupdate.com's search field if you so choose.

 

I believe with two-factor authentication & anti-virus sofware, you should be set. Let me know if you have any other questions/issues.

 

**** IMPORTANT ****
Please note I am now providing you with the option to Accept by placing an Accept button as an option. Here's what you need to know before you click ANYTHING: I do NOT want you to click Accept if the suggestion/Answer I've provided does not resolve your issue. I don't want to get paid for my work unless you're 100% satisfied. Also, please note that if you decide to click Accept and you have a followup question, feel free to use the same link you were given to that particular question and I'll be glad to assist you. If the question isn't relevant to the original question, please use the bit.ly link in my signature to open a new question with me. Thanks!

Regards,
John

loadedmind and other Mac Specialists are ready to help you
Customer: replied 5 years ago.
Actually the answer already in my hands is more than I expected and completely satisfactory. Thanks for a high value response. I just wanted to asked whether it is typical that the hacker would be able to read my account old emails and use the data to add to the authenticity of the scam. Once I deleted these from my account is it likely that they remained as a copy in the hackers hands?
Unfortunately, the answer is, it depends. If you have data that was in your inbox from previous conversations that includes sensitive information, such as the information required to authenticate your account that was used to setup your AOL account, then perhaps yes. But NOT with two-factor authentication setup on a GMail account. This is a unique set of information where two things must be provided to the email carrier before authentication, and, hence, authorization is successful.

Hopefully this information helps. If not, let me know.

Regards,
John