Measures to Prevent GMail And Orkut When Hacked

A few things you should NOT do if you don’t want your account to be hacked into:-

• Don’t run any scripts (javascript codes etc) that are forwarded to you on your Orkut account or GMail.
• Don’t ever paste any link or code in your browser’s address bar if you aren’t completely sure about it.
• Don’t choose passwords which are too easy and similar to the username. For example, if your username is xyz@gmail.com, your password shouldn’t contain similar letters or sequences such as “xyz1”. These are easy to guess and hence easier to hack into.
• Don’t save your passwords anywhere on your hard drive or browser’s history in case you’re on a public computer.
• If you are planning to get Windows reinstalled from a professional, make sure youdelete all cookies and history because you never know what the computer guy would wanna do.
• Don’t add people you don’t know because you can never be sure which hot looking girl can turn out to be a coke drinking chip munching hacker.
• If you do think you got hacked, DON’T PANIC immediately.

Now, some things you should do to keep your account safe:-

• Use difficult passwords which contain alphanumeric as well as numeric fields and characters such as “_” and “.” if they are permitted. I know you’ve heard it millions of times but it helps, trust me it does.
• Always sign out when you’re done checking e-mails and using your account. Closing your browser when you’re still signed in is the worst thing you can do.
• Another neat trick would be to use a separate Google ID for Orkut so that even if that does get hacked into, you don’t lose much important stuff. You will only need to inform the people that the account has been hacked and hence they shouldn’t open or send any e-mails to the concerned ID. However, if you’re using the same ID that is used for Blogging, other purposes, then you’ll be stuck badly. This is because if some service sends you a notification message and the hacker opens that, it’s probable that he would be able to enter the other account without having to know the username or password for that because the services assume that the person using your e-mail ID is actually you.
• Don’t share e-mail ID’s. Your girlfriend wants to know the password for your e-mail ID and you tell her. The other day, you break up and your girlfriend finds a new guy and they hack your account as revenge. You’re dead dude. If you’re a girl, be even more careful. Guys are crazier, over possessive and revenge prone so don’t give him the password to the account which contains vital information. If though you have shared, make sure you change the password the day you have a break up.
• Read the instructions of the website on which you are making an account. Orkut clearly states that you should NOT paste any scripts in your browser’s address bar. I hadn’t read that and so I pasted one. That’s why I’ve been thinking my account will be hacked for the past couple of days. All the people who clicked on that link had their accounts hacked, well except me. Orkut’s help is here.
• Backups are helpful. You can download your contacts and your Google Reader items from your Google account in different formats and these can be used in the new account.

Now, what to do when you know your account has been hacked? I’ll tell ya. But first step is, DON’T PANIC!

There can be two possibilities if your account gets hacked into. They are:-

• You still have access to the account.
• You don’t have access to the account.

If you still have access to the account, consider yourself lucky and immediately do the following things:-

• Go to your account settings page and change your password. Set it to something difficult and make sure it’s different from the one you had earlier. It should not be guessable incase somebody knows your old password.
• Change your security question and set it to something only you know. For example, don’t use questions like “What’s my pets name?” because anybody who knows you might know your pet’s name too and hence can hack into your account.
• Change your alternate e-mail address to another account.
• Check the “Sent Items” folder. If the hacker is careless enough, you’ll get to know what they’ve been doing to your account from here. Read all the sent e-mails and try to manually reverse the things that have been done. First step would be to e-mail all the people and tell them to not open the previous e-mail incase they haven’t already.
• Log into your account regularly and keep an eye around to make sure it isn’t being compromised still. If it is, it would be logical to give this account up and slowly shift to a new one. But you’ll have to do this in a way the hacker doesn’t notice. For example, make sure the account looks exactly the same as it used to when you’ve shifted. You can always outsmart a foolish hacker and you should know that.

If you don’t have access to your account, there are still chances you’ll get it back without much damage. So firstly, DON’T PANIC!

• When you are trying to log in, click on the “Forgot Password” option. You will be asked the secret question, answer that and the new password will be sent to your alternate e-mail account.
• GMail has the “I cannot access my account” option. In case some clever hacker used Javascript to disable that option, you can reach the password recovery page indirectly. For example, if I try to click that link in my Firefox, it automatically shuts Firefox down. You can go to their main help page by clicking here.
• There are chances that the hacker captured your account, changed your password, security question and alternate e-mail ID. In this case, you would think the account is gone but there are still ways to get it back. This can be done by asking GMail to conduct an inquiry into your account. Instructions and links are in the following points.
• You might remember that when you created your GMail ID, you got a code verifying the creation. If you still have that code saved in your alternate e-mail account somewhere, you can use this link to ask the Google people to conduct an inquiry based on the information you provide to them. In case you don’t have the verification code, you don’t need to worry because that isn’t necessary. If you do have it, it’s good because that will help them make sure you’re the real owner. Enter all the information and tell them all about how you’ve been using the account and which websites are associated with it in the “additional information”. The more information you give them, the more are the chances of you getting your account back safe and sound.

If you’re an advanced user and need to know how exactly your account was hacked, I can tell you as much as I know. There are two basic ways in which your account can be hacked:-

• Someone managed to get your password. In this case, changing the password will solve your problem.
• Somebody used advanced techniques to hack into your account. This is dangerous because even if you change your password, you are still at risk. This is done by using Javascript. There are chances you got tempted into pasting some javascript code into your browsers address bar and your account got hacked. In this case, immediately open your browser, clear all private data including history, cache and cookies. This way, the browser will forget the code and the hacker *might* not able to hack into your account anymore. However, you can never be sure so it’s better to be secure.

If your account is still hacked, well then you can safely PANIC!!