How PlayStation Network Attack, Password Reuse And Unmonitored Account Resulted in Mass Phishing

Today seemed like just another day. Little did I know, in a span of about 20 minutes, the resulting set of events would be hugely embarrassing for me. I had barely woken up, when my phone started going bonkers with notifications coming from emails, chats & twitter replies. A glance at the notifications indicated that my email account had been compromised and phishing emails had been sent to every one in my contacts list.

The Analysis

I logged into my Google Apps email account and had a look at the recent account activity details, nothing out of the ordinary there.

Gmail Recent Account Activity

Checking the sent mail folder indicated that no emails had been sent in the recent past. It occurred to me to check my other Gmail account.

And indeed, soon as I logged in to my Gmail account, there was a huge red mark indicating activity from China.

Gmail Suspicious Activity


Sure enough, the Sent folder had a copy of the spam mail

Spam email

So, what went wrong? It all boils down to a culmination of the PlayStation Network hacking,  some bad habits from my yesteryear and some nice features from Gmail which resulted in the phishing email to look like it came from my current domain account instead of the old Gmail account.  Let’s have a look at each vector:

  1. PlayStation Network break-in
  2. Not monitoring my email account
  3. Password Reuse
  4. Send mail as and Reply-to set to my domain address


PlayStation Network break-in

PlayStation network was hacked recently, with all 77 million accounts compromised as a result of this break-in. I firmly believe this is the primary reason behind my  email account being compromised. The fact that my email account was accessed from a China IP barely 2 days after the break-in before sending off the mails is proof enough to convince me that the user information was sold off to spammers in China.

Not monitoring my email account

Before switching over to my Google Apps account, I had been using this Gmail account. Once the Google Apps account had been setup, I migrated all my contacts and mail over to my Google Apps account. Furthermore I had also used Google Apps’s Auto Forwarding to ensure that any stray email to the old id would get fetched and forwarded automatically to my new account. This resulted in me never monitoring the account. If I had monitored the account, I would have noticed the big red mark under Gmail’s unusual activity and would have changed the password right then.

Password reuse

You’ve heard this before lots of times, and probably are guilty of it – password reuse refers to using the common password across most/all of web services that you use. What starts as convenience turns out to be a single point of failure – just access to this one password is enough for spammers / hackers to gain access to all your accounts.  In my case even though password reuse is something I had kicked out quite some time ago ( thanks to LastPass), back then when I had setup my accounts – I had used the same password for Gmail & PSN. With spammers getting access to my password with the PSN break-in and my failure in having used the same password – getting access to my account was easy.

Send mail as and Reply-to set to my domain address

Gmail has this nice “Send mail as” feature – basically it allows you to send email originating from one Gmail account to appear as originating from another Gmail account(that you have access to, of course). I had used this feature, along with Reply-to set to my current email address during my stages of migration from Gmail to Google Apps. Post migration, however I let these settings remain as-is and did not change them.

End result of all of these:

  • My Gmail account was broken in
  • All the contacts in my contact list were spammed with phishing email
  • To make this worse, they appeared to have originated from my domain account, instead of the dormant Gmail account.

So, what happened then?

As I had mentioned above, soon as the email was sent, I received numerous emails, IMs, and twitter replies about phishing mail being sent from my account. I used the steps outlined by Keith in his earlier post about how to handle a situation like this. I changed the password on my prior Gmail account immediately(mind you: my previous password was not a dictionary password – and neither was it easy to guess or brute force). I sent an apology email to the unintended  recipients  of the phishing mail. (Un)fortunately, Gmail had already marked mails coming from that account as suspicious and that my account might have been compromised so I had to reply to some people mentioning that the second email was a genuine one from me.

Learnings from this event

As a Super User, I take pride (and great pains as well) in knowing and trying to ensure that accounts were never compromised. Today’s account has been a huge embarrassment – and a learning experience for me. To summarize:

  • The ghost of your past bad practices will return!
  • Never, ever let any account, especially as critical as email – even if it dormant – go unmonitored. If you aren’t using it, close it or delete it.
  • On event of any service break-in – always change the password!
  • Don’t use the same password for each service




Gmail Displays Suspicious Message Warnings From Hacked Accounts

Back in 2008, had introduced a new feature which allowed you to track suspicious access to your account. This feature was gradually made more prominent in 2010 through Google Suspicious Login Protection. Google has in fact taken this protection further with the introduction of two-step login verification thanks to Gmail accounts in China being hacked and several other security measures they have put in place.

However, your Gmail account can get hacked nevertheless (Read: How to find if your Gmail account is hacked and what to do) and there is nothing you can do about it. But what if your friends email account gets hacked and you receive a desperate email from them asking for cash or some help?

Well, this is not unusual and there are several times when you might receive emails from your contacts which come from a legitimate email address asking you for financial help. These messages "might" be genuine but many a times these are nothing but online scams. Thankfully, you can avoid such scams if your friend is using a Gmail or Google Apps related email address. How? Well, thanks to several security measures, Gmail now display a suspicious email warning if they believe that the account has been hijacked.


Take for example an email from my friend who is on my contact list. The above screenshot displays a warning saying that the message might be suspicious (and it is indeed because my friends account was compromised). This is definitely a good feature because it will allow users to instantly know that something is wrong. Based on this message (and the content of the email), I alerted my friend and he confirmed that his account was compromised.

I am not sure if Gmail does this for emails from non-Gmail accounts, but it is definitely helpful when a email service is intelligent enough to know when an account has been hijacked. This information might be collected using several security measures, one of them might be the suspicious account login feature Gmail has. However, it might not just be limited to it.

Gmail Labs Brings Background Send, Now Send an Email While Reading Other Mail Conversations

Gmail has continued innovation this year with the launch of Smart Labels. Another new nifty feature has come to Gmail that allows us to send emails in the background, without blocking the user interface while sending it.

The new feature here is called Background Send and it does exactly what it sounds like. With Background Send, you can click on send and expect to move around your mailbox seamlessly. This will not be interrupted by the sending process, that is taking place in the background. Clearly, you can send multiple emails in parallel without any of them being interrupted.

The feature will require browsers with fast and fail-proof JavaScript rendering. As the feature works in th background and the process of sending an email is not as intensive and simultaneously frequent as, say tweeting, the performance/speed difference will not be evident at first.

How to Enable Background Send in Gmail?


To enable background send, go to Gmail -> Settings -> Mail Settings on the top right hand corner. Out there, go to the Labs tab and look for  Background Send. Click on the Enable radio and you are all set to use Background Send.

Gmail has taken over all our email needs, and innovations like these are extremely important to keep competition at bay.

Disable Gmail From Automatically Adding Contacts You Email

is no doubt one of the best email services out there, however, it does have an annoying feature which keeps adding email addresses as contacts when you email someone new. This can be quite a pain because your contact list will start growing with unnecessary contacts.

Gmail Love

Google has been listening to feedback and has introduced a new feature where users can disable Gmail from adding new users you email to your contacts list.

Gmail Auto Contacts

To enable this feature, head over to the Gmail settings page and look for the option which says “Create contacts for auto-complete”. Now select the option which says “I’ll add contacts myself” and save the settings. Once you have enabled this feature Gmail will not add new contacts to your contacts list unless you do it manually.

Google’s Gmail Motion April Fools’ Day Joke Turned Into Reality with Kinect

As we are aware, Google loves itself some April Fools gags. The more memorable pranks from Google include the likes of Pigeon Rank, Google Gulp, Gmail Paper, Google Topeka, CADIE, and Animal Translator. This year, the Gmail team announced the launch of Gmail Motion – a cutting edge technology that can use your computer’s built-in webcam and Google’s patented spatial tracking technology to detect your movements and translate them into actions for controlling Gmail.

To be honest, this wasn’t exactly a fresh idea. Opera Software had pulled off a similar trick a couple of years back with Face Gestures. In fact, noting the similarity between Face Gestures and Gmail Motion, Choose Opera joined in on the fun.

“For us, Google’s latest innovation was just an April Fools joke a few years back, so we are really impressed with them actually taking this to the market. We called our invention “Face Gestures”, but “Motion” is probably a better name for a product that is not only a joke”, says Jan Standal, the boss of Desktop Products here at Opera.
When Aleksander, our Face Gestures model, was asked about his opinion on Google Motion turning the kinesthetic technology into reality, his eyes welled with tears of joy and said: “I knew this day would come.”

Of course, both Opera and Google were just being being playful. However, the joke is now on Google. A few enterprising folks have turned Google’s April Fools’ joke into reality using Microsoft’s technology. In less than a day, the FAAST crew that brought us the WoW (World of Warcraft) keyboard emulator has cooked up a real-world Gmail Motion application for Kinect.

FAAST is calling their software SLOOW or Software Library Optimizing Obligatory Waving. Check out the video embedded below to see the salient features of Gmail Motion like opening an envelope to compose mail, and licking the stamp to send mail in action.

Happy 7th Birthday Gmail

was launched on April 1, 2004 by Google. Many people took Gmail as a April fool prank from Google considering the date it was launched on. However, Gmail was for real and it went on to become a huge success for Google.

Gmail 7th Birthday

Gmail went viral because of the invite only option it had. In fact, I received a Gmail invite from my friend too. The invite only access to Gmail was later on dropped in 2007. Currently Gmail has approximately 200 million users and is one of the most popular email service after Windows Live Hotmail and Yahoo.

Today is Gmail’s celebrates it’s 7th birthday and is better than ever before. There have been so many new features rolled out to users using and more.

Google also later on launched Google Apps which has Gmail, and other Google products among other things. I have been a big fan of Gmail and love the web interface. Just wanted to take some time out and wish Gmail a Very Happy 7th Birthday.

Better Customized Ads Coming To Gmail; More Focus on Local Ads, Signals

is one of the best free email service out there. Most of the money Google makes from Gmail comes through advertisements. However, most of the ads on Gmail are not relevant or are not really related to the messages you are reading.

Gmail Logo

Google is looking to remedy that by showing better ads in Gmail based on various things. The new changes would mean that users will see:

  • Fewer irrelevant ads
  • Gmail’s importance ranking applied to ads
  • Offers and coupons for your local area

Gmail will use the same signals it is using to sort message in Priority Inbox to sort and show appropriate ads to the users. Google will also focus on delivering and displaying more local ads based on the type of messages you receive in your inbox.

For example, if you’ve recently received a lot of messages about photography or cameras, a deal from a local camera store might be interesting. On the other hand if you’ve reported these messages as spam, you probably don’t want to see that deal.

The new Gmail ads will be rolled out to a few users at first with a more widespread rollout coming in near future. Gmail will allow users to choose whether Google should use signals from their messages while displaying ads or not.

Gmail Personalized Ad Signals

To stop Google from using your email messages as signal, go to your Settings page in Gmail and uncheck the box next to saying "Don’t use these signals to show ads" next to the "Importance signals for ads". You might not see the option if the customized ads have not been activated for your account.

Watch a video of how Gmail will customize ads based on signals and local deals below. Click here if you can’t watch it.

Being Underage and Having an Online Account- It is Easier than You Think

Everyone nowadays wants to be on Facebook, have an Email ID and thanks to the news media, suddenly, everyone is talking a lot about Twitter. In times like these, where online identity is a way of life, we have come past periods when online services were regulated by age barriers.

Any online account creation needs you to be of some legal age, but let’s face it. Ages are rarely verified after an account is created and we know that too well. These age restrictions are more of a moral binding rather than a legal one. All that stands between a minor and the mysterious and frolic filled world of social networks and online accounts is an unregulated checkbox, and it takes a single click get past the guilt if any.

What follows next, is an unraveling journey through every nook and corner and dark alley and friendly stop of an unexplored world. The excitement is too great to think back and understand that the account was created illegally.

Parents need to regulate how their children access the Internet. However, most of them run the fear of finding their children going online behind their backs, and opt to supervise their child’s online account. Everybody wins while the law is mocked. These situations need to change.

Here is my proposed solution. Account creations should be linked to online school records and only this way, will there be a full proof check of age. At the same time, this will provide people with a chronological identity for self assessment. Either way, something has to works better than simple declarations which are not serving the purpose. Declarations like these.


(Image from Gmail TOS)

Gmail Introduces Click to Call for Email Messages

Google had introduced the Google Voice feature in Gmail back in August 2010. This new feature allowed users to make calls to anyone in US for free using Google Voice and had competitive rates for other countries.

Google Click to Call

The service was very popular and 1 million calls were made in the first 24 hours. Initially, Google had said that the service would remain free till December 2010, but they extended it to remain free through 2011.


Today, Google has added another feature to the service called "Click to Call" where they automatically link the phone number included in an email message.

When a user clicks on the link, Google will pull up the dialpad and automatically populate the phone number into it. In addition to that, Google has also added a quick dial icon next to the phone numbers in your contact list to allow you to quickly make a call.

Skype also has a similar feature available through their toolbars, however, in case of Skype, you can quickly make calls to numbers listed on any webpage, including .

I use the Gmail Phone call service a lot to place calls within the United States, this new subtle addition will definitely make things easier for me.

Gmail Smart Labels Does Intelligent Classification Of Emails From Forums, Subscriptions And Mass Mailing Lists

Great … not again, this forum has sent me two dozen messages in the last 6 hours since I signed up, I just wonder how many will pile up till next morning

People get a lot of email every single day. And guess what, most of these messages go to Trashwithout any second thought. You use custom labels, filters, priority inbox, nested labels and other ways to organize your Gmail inbox but there are two major problems with Email filtering and categorizing them in proper order.

First, there is no automatic categorization of bulk emails (those which are not junk, of course). The ones you receive from forums, Google Groups, newsletters and other news groups. They land to your inbox and creating a filter or editing existing filters for each and every source is just impossible. The second problem is that you don’t want to mark these notification emails as Spam; instead you need a better way to categorize bulk emails, an autopilot mode is just what saves the day.

The good news is that Gmail has just introduced another neat feature in Gmail Labs called Smart Labels. Smart labels performs an automatic categorization of incoming emails and labels them as either Bulk, Notificationor Forum. There are no settings to tweak, no need to specify the source addresses in your existing filters; all you have to do is activate the feature from Gmail labs and you’re good to go.


smart-labels-filterAs soon as the labs feature is on, you will notice that three new labels have been created and listed on top of your existing Gmail labels. The image on the right is an example of my Gmail inbox.

I must say Smart Labels is quite intelligent, all notification emails e.g messages from Facebook groups, Paypal billing, invoice payments, shipping orders from Checkout sites like TinyDeal goes to the Notificationsfolder. These messages are not spam but they are skipped from the inbox the moment they arrive, saving you precious amount of time.

Messages that have been sent to a large number of people goes to the Bulkfolder. Typical examples are offers, newsletters, subscriptions and of course those so called funnyemails when your colleague thought that embedding 40 pictures of Mickey mouse is really cool.


You can however replace your existing filters with Smart labels or keep both of them, Smart labels doesn’t gets in the way of your current order of categorizing and filtering incoming messages. Should you want to avoid specific emails being smart labelled, edit the required filter from Settings > Filtersand choose a proper category of your choice.

Overall, Smart labels takes the heck out of notifications, payment reminders, subscriptions, newsletters and other formalmessages that arrive your inbox every single day. As I said earlier, there is no setting to tweak and nothing to configure at all, set it On and forget. Do give this a try and let us know your thoughts in the comments below.