Sunday, August 29, 2010

The Phishing saga...

Recently, I was a victim of a Phishing scam. I am usually careful and do not click on links in email.
Here are some details of how I fell for it , and most impotantly how I got control of my email account back:

The Attack -
1. It was 1:00 A.M, just finished watching a movie and was checking my mail before I go to sleep. I saw this strange mail "Click here to view fotos" from my school friend whom I am connected to in orkut. The sleepiness combined with curiosity made me click on the link (nothing bad happened).

2. Next, I was shown the usual orkut login for entering my username and password. Trust me it was an exact replica. I did see the URL, it had orkut in it. I logged in(that was my mistake). My orkut home page was shown. I immediately realised something was wrong.

3.I thought the mail was some spam. So I deleted the message immediately. Unfortunately, I did not realise that I had entered password into a rogue forged website.

4. The next day I tried logging in into gmail, but could not. My first reaction was to run antivirus scans thinking that my system was affected by virus, trojan, etc.

The Recovery-
1. I now tried to reset password for my google account. It gave 3 options:
  1. Send mail to this mailid "****@g****.c**"
  2. Answer security question
  3. Submit info
2. I could not use the first option, because the email id had been changed( mine was yahoo). The second option was disabled since security question is only asked if you have not logged in to your account for 24 hours. So I had to choose the third option.

3. The 3rd option involved filling in the ARF (Account recovery form) where they ask a lot of questions such as
  • when I received the invitation for gmail and from whom,
  • what google services I use,
  • what are my blogs in blogger,
  • mail IDs to which I frequently send mail,
  • names of 4 labels in my gmail account (I have abt 11 labels),
  • when was the last time I accessed
  • mail id for sending "reset" details
  • my last working password...etc.
4. They said they will resolve it in 24 hrs

5. The next morning (after 24 hrs) so I submitted again. Still no response so submitted again in the evening. Each time I submitted I gave different 4 labels in my mail account (I had 11 :-) ). I maintain a offline gmail account through thunderbird so I referred it for the correct spellings of the labels.

6. Voila! The 3rd submission was probably most accurate and I received a response in 10 min, at my Yahoo mail. This time I could choose the 1st option (send mail to ****@y****.c*.i*). And then I was able to successfully reset my google accounts password. Had to chcek all filters and forwarding rules to ensure mails are not forwarded without my knowledge.
I checked my "sent mail" to ensure what mails were sent out from my mail.

7. One strange thing I noticed when I logged into orkut I was part some orkut community whose description was in Malayalam(so probably a Mallu guy phished me).

That ends the story........



Comments are welcome on this blogpost.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)