Dr. Drew Pinsky, a well-known internist, recently had his Gmail account hacked. The culprit sent out spam requesting money. They changed his password. The culprit then added a new security layer, two factor authentication. Google’s two factor authentication is a great feature to help keep your email secure. In this case it helped the hacker keep Dr. Pinsky from changing back his own password.
How did this happen? The hacker was able to get Dr. Pinsky’s email account password. The hacker then logged into the email account and change the Gmail security level. The new security level will either text or call you with a random code. You then enter your user name, password and random code. This meant Dr. Drew no longer had ANY control over his own email account.
The hacker spun a story using Dr. Drew and his wife, Susan. The story said they were stuck in Cyprus without any documentation or money. Because the hacker used Susan’s name, it gave it even more authenticity. Dr. Drew received more than 160 texts and phone calls about his safety. In a radio interview, he mentioned that many people did NOT receive this spam email. Those people had a strong, secure firewall in place to block the spam phishing attempt.
To reset his password, he had Google send him over a massive document that he had to sign and send back. Google said it would be about a week before they could reset his account password. The reset was to give him control of his email again. One WEEK! In an interview on a national radio show on another topic, he brought up the hack. A Google executive, who was listening to the show, contacted Dr. Drew immediately to fix the issue.
The moral of the story? Use every security feature available in your email. Consider making your password stronger and changing it every three or four months. You should use passwords that combine words and numbers. Try creating an acronym of your favorite book title or song lyric. You can also use a password safe to manage all your passwords with a single sign-on. It’s not a matter of IF you get hacked, it’s WHEN you get hacked.