This is a post written by a friend about a recent experience with hacking and I was happy to share it here as my first guest post. I think it's such important information to get across as we are vulnerable online and maybe don't think about security as much as we should. It certainly made me decide to change passwords and check settings.
So, last week, my gmail account was hacked.
Helpfully, Google sent me a message saying someone had logged in to my account in Dublin, suggesting if I wasn't in Dublin, I might want to change my password.
As instructed, I went indoors, logged into the laptop, and changed the password on my gmail account. Unfortunately, my hacker was still logged in, and immediately changed the password again.
Since then, I have been in a battle with automated systems at Google for control (or at least freezing) of my account.
Despite being able to tell them the last password, my phone number, and the month and year when the account was set up, I don't have enough information to prove the account is mine.
I don't know if you know this, but there is no way to get to a real live person when you're dealing with Google.
You fill in a form to say that your account is hacked, they ask you for some details, they send you an email saying you have insufficient information, directing you back to the same form, which only asks the same few questions. There is no way to get more information into the loop. No way for them to know the hundreds of people on my contact list who would testify that this is my account. Or the printer of my business cards (that I've been using for years) which have the email included. Or past editions of a magazine I have been involved in for several years, which all have my email address on the back.
There is any amount of evidence of ownership of this account, but no way of getting that information into the automated nightmare that is Google.
So in the meantime, an email went out to all my contacts, saying I was stranded abroad and needed help. Not money, initially, but help. Many friends knowing my love of travel, clicked reply, This took them to a very slightly different address, and to a request that they send me money. Google have blocked that account now, realising that it was used for phishing. But even after blocking it, they refuse to accept that my account (which was used to send the phishing emails) has been taken out of my control by a hacker.
It's not pleasant, thinking that someone is reading your private messages, but even worse is wondering what they might do next. I've cancelled bank cards, in case I have inadvertently left information which could be used to take my money, but what about other people's money?
Why is it so difficult to take back control of electronic information? I have enough evidence to go to a court of law, and establish beyond reasonable doubt that this account was mine, but none of this matters. This seems to be above the law.
I accept that I was naïve, that maybe my account should have been better secured. Certainly my account recovery information could have been better. But I foolishly thought that I was being reasonably safe. I don't visit dodgy websites. My password is a 14 digit alphanumeric that is changed every few months and doesn't get used for anything else. (Number crunching the permutations would take thousands of years with current computer capacity.)
What I have learned is that nobody is safe.
And that common sense and proof of ownership doesn't apply to email.
And that companies these days have so little regard for their customers, that it's impossible to get an actual person, who might be able to see beyond the robotic loop.
I want to bury my head in the sand and never use email again, but that's not really an option in the world of work. I definitely want to only use companies that will talk to me when there's a problem, but how do we find those companies?
Part of the problem is that we are not Google's customers. We use the email service for free. Google's customers are the advertisers. They don't care who is using that account as long as someone is. They remotely scan emails, Google searches, and journeys we take using Google maps. All of this gives a picture of who we are and what we might need, to make sure advertisements are well targeted. Advertisers will pay regardless of who's using the account, and they are the paymasters here.
I'm now looking for a paid email service to replace my gmail. One that charges me for the service they provide, and realises that I am the customer. Maybe we all should?