Here's how someone who had malicious intent could set you up with a Gmail account and then later hack into your new mailbox and contact list: First, they need a secondary account that isn't a Gmail address.

A Yahoo or Hotmail address would work fine. Now, when they generate an invitation for you, they type in your first and last name, but their email address.

The invitation is sent to them and they forward it along to you, cut and paste it into a friendly response to your request ("Try this link for an account:") or even just redirect the message so it appears to have come directly from Gmail. But what's different now is that the secondary email address is theirs, not your non-Gmail account:





You sign up, fill in the fields indicated on the Gmail signup form, leave that without thinking because "heck, it's probably just a referral" or similar, and then use your Gmail account without thinking about it again.

Some time later, when the hacker figures you've used the account enough that you'll have a good address book, lots of mail in your archive, etc. they go to the Gmail signup page and click on "I forgot my password":



They select to have a new password generated and sent to the secondary mail address - which is their email address, not yours - and you're now locked out of your account while they can pretend to be you as much as they'd like.

It's a bit convoluted, but if you are signing up for a Gmail account, make double sure that where it says "Secondary mail" that you have your own address, not someone elses address.

Note that you can also change this once you're logged in to your Gmail account by going to your Google Account Information and clicking on Security Question and Contact Info.

0 Comments

Post a Comment