how to detect if gmail is hacked?
Sometimes, you give out your password inadvertantly. You dont know when did you give it to someone, or you give it to a totally trusted someone and they misuse it or they use it to keep tabs on you and know what you are doing on the internet. Thats when the newest feature that i discovered in Gmail today comes in handy. I dont really know when gmail introduced this feature, but it is a very handy to know if anyone is using your email id other than you! The figure below shows a detailed example.
As you can see, this feature can tell you your last login time( so and so minutes ago) as well as the last IP that you logged in with! If you click on the “Details” link then it shows the IP addresses and type of access of the last five sessions you have had with your account. This includes POP access, GTalk accesses as well as any other access that you might have including access to your account using a mobile device( like blackberry or a mobile phone).
Another best aspect of this feature is that it shows all the concurrently running sessions of this account. A session in simple terms in the time period from the time you login to Gmail to the time you logout from Gmail.
How can you use this data? You can very well use this data using several ways.
- Check the time since last login: If the time since last login is not what you had logged in last(although approximately) then you know someones logged in to your account. However, this might be a little tricky if you have enabled auto login or if your Gtalk logs in automatically as soon as your computer starts or your Gtalk logs in automatically from your mobile phone. This can also be tricky if you email client automatically checks your email when your computer starts or even periodically. So, make sure of your configurations before concluding that your account is hacked.
- Check the IP Addresses: As i have written above, gmail shows IP addresses of the last five sessions of your login. Check those IP addresses and see if you find a IP address that is generally not associated with you or your ISP. If your ISP gives dynamic IP addresses then too you can check by seeing if the IP addresses are in a similar IP range.
- Check for Concurrent Sessions: If you know for sure, that you are not logged in to your computer using any other way like using an email client or a mobile device then the number of concurrent sessions can tell you that there is someone logged in to your account other than you. This can be very beneficial only if the penetrator is checking your account at the same time as you are!
You can use the above methods to know if your account is being compromised and you can also kill a session(i.e make the other person log off) using the same feature. So, next time you login to Gmail do check out this feature. In the next post, i write, what to do, when your Google Account is compromised!
Leave a Reply