My sister is caught in a hacking situation that's pretty frustrating. They've gotten into her Gmail account even though she has two-factor authentication (2FA) set up. It all started after she bought a $200 Best Buy gift card, and now her Google activity shows some alarming stuff, including references to 'Hezbollah'. To make matters worse, they managed to add a new phone number to her bank account. Even after changing her password and trying to remove the unauthorized number, it just keeps happening. Now they've also gained access to her 401k, which is especially worrying since her workplace is closed over the weekend and she can't get any help. She's been using a password manager now, but sees suspicious activity in her Gmail and messages. She's hesitant to shut down her Gmail because she has a lot of important data there, but doesn't actually use it to log into anything.
So, I'm looking for help in three areas: how does a hacker get past 2FA, is there a way to resolve this without shutting down her Gmail, and what steps can we take to stop this situation? Thanks for any insight!
4 Answers
One major thing is ensuring that her 2FA setup is secure. It's not just about having 2FA; the second factor needs to be strong, like an authenticator app or hardware security key, rather than SMS. Additionally, if unauthorized devices or security options are connected, that needs to be cleaned up. If it looks unusual, she should get in touch with someone experienced in security quickly. Financial accounts especially need quick action.
Yes, the faster she acts, the better. It's crucial to respond swiftly when financial info is involved.
She probably needs to lock everything down as a starting point. This means signing out of all Google devices, changing every password, and switching to a more secure form of 2FA, like a hardware key or an authenticator app. Also, make sure she's reached out to her bank to secure that account, and it might be wise to freeze her credit, just in case.
Thank you for this advice! She's switching her password manager to Proton right now. Would using a VPN help prevent further access?
A VPN can add an additional layer of security, but it’s vital she secures her accounts first.
She may have entered her credentials on a phishing site that looked like Google. This could happen if she thought she was logging in properly and unknowingly gave the hackers her information, including 2FA codes. It's important to check the Google account settings for any unusual mail rules or app access that could be giving them a way in.
That's a good lead. She really needs to conduct a full security audit on her Google account.
Phishing is a real concern. I hope she catches it before they lock her out completely!
It sounds like your sister may have fallen victim to cookie hijacking. In that scenario, attackers can steal session cookies after someone logs in and take over the account, even with 2FA in place. It's concerning that they seem to be taking their time with this, especially considering their only visible gain was the gift card. It's definitely sophisticated behavior, and you're right to be confused by it.
Yeah, it definitely raises red flags when the attackers are operating this slowly. Their motives aren't clear.
What should we do to fix this? It seems like a long game strategy they're using. They've only gotten minimal things, which is strange.
That’s solid advice. She should definitely always keep an eye on her login activity.