Beware for Gmail hacking!

Discussion in 'General Chat' started by RHochstenbach, May 13, 2008.

  1. RHochstenbach

    RHochstenbach Administrator

    Likes Received:
    26
    Trophy Points:
    48
    Today I received the following Email, that looks like it has ben sent from Google. But I'm certain that this is a hack attempt. The message shows a link for password reset, while I haven't requesed anything.

    Code:
    To initiate the process for resetting the password for your
     Google Account, visit the link below
    
    http://www.google.com/accounts/RP?c=CM-7lMm....
    
    If clicking the link above does not work, copy and paste the URL in a
    new browser window instead.
    
    Thank you for using Google.
    
    For questions or concerns regarding your account, please visit the
    Google Accounts FAQ at
    http://www.google.com/support/accounts
    
    
    This is a post-only mailing.  Replies to this message are not monitored
    or answered.
    
    So either someone is sending this message from a fake address, or someome wants to reset my password and I get a message to confirm this.

    I'm showing this to warn Gmail users. So if you receive an Email about password resetting and you didn't requested this, then don't click any links in the message.
     
    Last edited: Dec 15, 2014
  2. Impotence

    Impotence May the source be with u!

    Likes Received:
    6
    Trophy Points:
    38
    its also quite possible someone you know has tried to reset your password for a prank / etc...
     
  3. RHochstenbach

    RHochstenbach Administrator

    Likes Received:
    26
    Trophy Points:
    48
    That could be possible, but everyone that I know doesn't have any or a small bit of computer knowledge (not enough to know about the password reset feature of Gmail) :confused:
     
  4. Impotence

    Impotence May the source be with u!

    Likes Received:
    6
    Trophy Points:
    38
    I'm guessing the email was sent to another email accounnt you own...

    all the links you posted point to google accounts

    would you mind posting the email headers?
     
  5. RHochstenbach

    RHochstenbach Administrator

    Likes Received:
    26
    Trophy Points:
    48
    Code:
    from	[email protected]
    to	[email protected],
    date	Mon, May 12, 2008 at 8:14 PM
    subject	Google Password Assistance
    But the weird thing is, that the message is sent to my Gmail address, instead of my alternative address.
     
  6. Impotence

    Impotence May the source be with u!

    Likes Received:
    6
    Trophy Points:
    38
    If you click show origional from the menu next to the reply button you get alot more information...
     
  7. RHochstenbach

    RHochstenbach Administrator

    Likes Received:
    26
    Trophy Points:
    48
    Here it is:
    Code:
                                                                                                                                                                                                                                                                   
    Delivered-To: [email protected]
    Received: by 10.100.120.17 with SMTP id s17cs116866anc;
            Mon, 12 May 2008 11:52:15 -0700 (PDT)
    Received: by 10.90.86.10 with SMTP id j10mr10905590agb.104.1210618335528;
            Mon, 12 May 2008 11:52:15 -0700 (PDT)
    DomainKey-Status: unknown
    Received-SPF: softfail (google.com: domain of transitioning 38YgoSBAKDuoMOOagZfe-ZadQbXkSaaSXQ.OaYd_TaOTefQZNMOTadMZSQ.ZX@gaia.bounces.google.com does not designate 72.14.220.25 as permitted sender) client-ip=72.14.220.25;
    Received: by 10.44.113.65 with POP3 id l65mf585107hsc.10;
            Mon, 12 May 2008 11:52:15 -0700 (PDT)
    X-Gmail-Fetch-Info: [email protected] 2 pop.orange.nl 110 [email protected]
    Return-Path: <38YgoSBAKDuoMOOagZfe-ZadQbXkSaaSXQ.OaYd_TaOTefQZNMOTadMZSQ.ZX@gaia.bounces.google.com>
    Received: from mwinf6614.orange.nl (mwinf6614.orange.nl)
    	by mwinb6204 (SMTP Server) with LMTP; Mon, 12 May 2008 20:14:10 +0200
    X-Sieve: Server Sieve 2.2
    Received: from me-wanadoo.net (localhost [127.0.0.1])
    	by mwinf6614.orange.nl (SMTP Server) with ESMTP id 8CE84280008B
    	for <[email protected]>; Mon, 12 May 2008 20:14:10 +0200 (CEST)
    Received: from fg-out-2122.google.com (fg-out-2122.google.com [72.14.220.25])
    	by mwinf6614.orange.nl (SMTP Server) with ESMTP id 7ED8D2800082
    	for <[email protected]>; Mon, 12 May 2008 20:14:10 +0200 (CEST)
    X-ME-UUID: [email protected]
    Received: by fg-out-2122.google.com with SMTP id d18so125176fga.16
            for <[email protected]>; Mon, 12 May 2008 11:14:10 -0700 (PDT)
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
            d=google.com; s=beta;
            h=domainkey-signature:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding;
            bh=3fCAPQxr27S6X75VEdTcQrSyvSjtmw1R3WzDkSM9a+A=;
            b=v10ccIoCS8mOH01BeHkp6i6cvq8OB7h4J6wPP5gQFxfJpSYsY/YZ7oFNzlzIKG8lP4yulU4VUoH2LUa2qHaMbQ==
    DomainKey-Signature: a=rsa-sha1; c=nofws;
            d=google.com; s=beta;
            h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding;
            b=V67b9Q2k6TiLovcc05snZCyN+G5EQRCSnVmsLmHTzLCF+0dAU/gvFnfYaPY7YAic4W6YJqNpwybM+gae9qqHgA==
    Received: by 10.82.124.10 with SMTP id w10mr179365buc.14.1210616049679;
            Mon, 12 May 2008 11:14:09 -0700 (PDT)
    Message-ID: <[email protected]>
    Date: Mon, 12 May 2008 11:14:09 -0700 (PDT)
    From: [email protected]
    To: [email protected]
    Subject: Google Password Assistance
    MIME-Version: 1.0
    Content-Type: text/plain; charset=US-ASCII
    Content-Transfer-Encoding: 7bit
    
    To initiate the process for resetting the password for your
    [email protected] Google Account, visit the link below
    
    http://www.google.com/accounts/RP?c=CM-7lMvJ3Z_LzgEQ7...
    
    If clicking the link above does not work, copy and paste the URL in a
    new browser window instead.
    
    Thank you for using Google.
    
    For questions or concerns regarding your account, please visit the
    Google Accounts FAQ at
    http://www.google.com/support/accounts/.
    
    
    This is a post-only mailing.  Replies to this message are not monitored
    or answered.
    
     
  8. gmailhacking

    gmailhacking Geek Trainee

    Likes Received:
    0
    Trophy Points:
    1
    I've received the "Google Password Assistance" e-mail too, when I definitely did not trigger it myself.

    A couple of weeks ago I received similar password reset e-mails from Craigslist, using the same Gmail address. It looks to me like somebody is out there trying to reset passwords for various accounts in my name, but I don't know I should report it to!

    I'm guessing the Gmail notification is legitimate, just it was triggered by somebody else?
     
  9. pinterd

    pinterd Geek Trainee

    Likes Received:
    0
    Trophy Points:
    0
    I would guess in either case somebody tried to reset your password. Like i just received the same email, only in my native language, and upon following the links i was taken to a legitimate google domain.
     

Share This Page