How Much Is Your Gmail Account Worth To Crooks? 80
tsu doh nimh writes "If you use Gmail and have ever wondered how much your account might be worth to cyber thieves, have a look at Cloudsweeper, a new OAuth service launching this week that tries to price the value of your Gmail address based on the number of retail accounts you have tied to it and the current resale value of those accounts in the underground. From KrebsOnSecurity: 'The brainchild of researchers at the University of Illinois at Chicago, Cloudsweeperâ(TM)s account theft audit tool scans your inbox and presents a breakdown of how many accounts connected to that address an attacker could seize if he gained access to your Gmail. Cloudsweeper then tries to put an aggregate price tag on your inbox, a figure thatâ(TM)s computed by totaling the resale value of other account credentials that crooks can steal if they hijack your email.'"
A recent report from Kaspersky (PDF) also highlighted the trend toward phishing attepts targeting Facebook, Google, and Yahoo accounts alongside bank accounts.
Wait just a second (Score:5, Insightful)
Re: (Score:1)
Re:Wait just a second (Score:5, Funny)
the university of Illinois computer science department...?
Re:Wait just a second (Score:5, Funny)
the university of Illinois computer science department...?
Well known scammers:
Dear Friend I am Professor Joseph Otumba of the university of Illinois computer science department and I wish to speak to you on the most urgent matter of your gmail account....
Re: (Score:2)
Jokes aside, UIC has a pretty good computer graphics department. Dr DeFanti [uic.edu] helped the design the computer graphics model for Star Wars. The Death Star graphics? Yeah, that was him. He also helped develop the CAVE, one of the first immersive virtual reality environments.
No Third Party Solution: (Score:2)
Granted, it's not a 100% solution. But odds are, if thieves scan your inbox and find nothing there, they won't be back.
Screw this IMAP stuff. It doesn't do anything I need and it leaves you vulnerable to this kind of attack.
Comment removed (Score:5, Funny)
Re: (Score:2, Interesting)
I have an account set up just to troll scammers. I reply for all my Lottery Winnings, Inheritance, Money Transfer, etc. It's linked to all my fake banks accounts. I'm tempted to let them have temporary access to see what happens.. LOL. It has no connection to any RL account, but lots of links to security company accounts where they are holding several sets of Metal Trunk Boxes..
Re: (Score:1)
Pfff... Yeah, I know. Like I'd fall for that.
Besides, if I really wanted to get a thorough analysis of my gmail account, I'd just post my username and password to Ask Slashdot. At least then, I know my personal information would be abused by professionals.
Great Idea!! (Score:5, Insightful)
Now just let me hand over the keys to all my private mail to someone who will quickly be able to deduce how much it is worth.... /sarcasm>
more worried about google using my gmail account (Score:1)
Got locked out of that account and they basically want everything related to my identity to get it back (identity theft in order to return my identity) and now what, that's all my personal stuff that Google has access to, and I don't.
Re: (Score:3)
That's why you make use of Google's relatively good tools to download all of your data regularly and make backups.
It's your data. You're the one responsible for it.
Re: (Score:2)
Re: (Score:2)
They provide access to the data, what more do you expect them to do? Now, if there were no 3rd party tools available, then I would be worried.
So... how much is it worth? (Score:1)
Re:So... how much is it worth? (Score:4, Insightful)
please let us have access to all your email and search through it to tel you how much a random person would like to have access to all your email and search through it...
Re: (Score:2, Interesting)
anyone care to just give me the bottom line?
Sure: you're definitely lazy and likely obese.
You're welcome.
Re: (Score:2)
Somewhere between $2.05 and $2.12.
How much of my data... (Score:1)
Re: (Score:2, Funny)
As much as you gave Facebook for your Slashdot account?
Re: (Score:1)
People Who Bought... (Score:3, Funny)
People who bought "$5,000 offshore banking money transfer" also bought:
Zero (Score:2, Insightful)
My Gmail account is not worth anything. Mainly because I never tied it to anything else, and I forgot the password years ago. Whoops. I don't like the Gmail interface, let alone the tied to Google aspect.
But if you could get a hold of my main email account... Actually, I still have no (or very few) other accounts tied to it. That's 'cause I give every service and website a different email address (slashdot.org.2013.06.26@example.org). So far I haven't discovered anyone specifically having sold or lost my em
Re: (Score:2)
Do you manage all your accounts individually, or are they forwards? If the later, someone would only need the master account to reset passwords all over the place. Of course, a lot of more critical sites won't let you reset passwords that easily, but many do, and unless you're living in a vacuum, you probably have accounts on those too.
Re: (Score:1)
Yeah, they all forward to my main account. But my main account is on a different domain, and so is not immediately obvious (one reason to having throw away accounts, and not solved by all the fanbois going, "but you just go isuckgooglescock+slashdot.org@gmail.com", which easily gets isuckgooglescock@gmail.com).
And, in reality, I suspect there are a maximum of five (a quick count gives three, I may have missed one or two) 'accounts' that have been given a disposable address that would matter (i.e. I might lo
Re: (Score:1)
Re: (Score:2)
SMTP is amazing, you can send an email from any email address. So, if my main email address is magic@maverick.com, and I'm having commercial mail sent to the domain manic.com, I just use the feature of my email client to make the send from address slashdot.org@manic.com (or whatever). And the way it's set up, all the fancy anti-spam measures (DomainKeys or whatever) still work!
Real people (who aren't working for an org) get my main email address (magic@maverick.com). On forms I write stuff like blahblah@man
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
A PSA from your "friends" at CloudSweeper: (Score:5, Funny)
Hi! We just noticed the word, "SUCKER," printed on your forehead in big bold text, and thought you would be interested in our exciting new offer...
Re: (Score:2)
That's on Soulskill's forehead right about now. Seriously, doing something like this is terrible security advice.
How much? (Score:2)
So I'm moving away from Google and Gmail. Can I sell my own account? And what kind of money can I get for it? Will it buy me a new Macbook at least? Then I might consider it! ;-)
Turns out my Gmail account is worth (Score:1)
10 million "theoretical dollars". Not to mention once the "cyber thieves" are able to "seize" all of my accounts, they could likely use my accounts as a spring board to bigger things. Perhaps even seize control of the nations power grid or the launch codes for our nuclear arsenal. Thank god I didn't click on that email about the package from FedEx I never ordered.
$28.50 (Score:1)
$5.30 (Score:1)
Darn. I was hoping my gmail account would make me the next .com billionaire.
A rough appraisal (Score:5, Funny)
30$ (Score:2)
I ain't afraid but apparently it's not worth much anyway. If someone tried to steal my identity they'd end up worse off at this point :P
It's already been at risk (Score:3)
I have two gmail accounts and both of them are used for registering for websites which may have dubious practices, such as ... um ... /.
All anyone would gain from them is the ability to steal my password on review or nattering accounts, Comrade!
For limited time special offer to receive big quantity Order of Putin medals from Glorious People's Republic of Russia! Just you send 100 dollars USA or 3,000 Roubles to:
PO Box 786990
Chelyabinsk 211
Chelyabinsk Ob, Russia
Probably quite a lot (Score:2)
Given that I'm sure if you tried enough, you could convince some moron working the phone at any of various financial establishments I have alerts sent from to let you draw money out of my accounts there, even though they shouldn't.
Other than that, I doubt it'd be worth very much, unless the crook *really* liked Kingdom of Loathing.
Re: (Score:1)
Depends, do you have a hand turkey?
Re: (Score:1)
Nope. I do, however, have a rainbow pearl. :p
(Well, it's not mine, but it is on an account I have the password to.)
Re: (Score:2)
I see somebody with mod points doesn't have a sense of humor.
Thats kind of crazy to me. (Score:5, Insightful)
Why does amazon ( a serious competitor for Google Play) take it upon themselves to send an email showing the complete details of your transaction. Which Google can then scan and learn about Amazons customers and attempt to drive them to Google Play. It seems like all the web vendors want to give all their customer information to Google. Im sure Google appreciates the efforts on their behalf.
There should be very little detail in these transaction confirmations. And they should be optional. Or maybe SMS should be an option. But to give your competitor the names of your competition and what they like to purchase is just plain crazy to me.
Re: (Score:1)
Maybe because their search history engine sucks, and I need to be able to research and search through my amazon transactions using google, or outlook. If they disabled it I would go back to newegg for a lot of my amazon transactions because I like having a textual email reciept for all of my vendor transactions.
Re: (Score:3, Insightful)
Nobody's forcing you to use gmail. Get a domain and an email only account with any web host and for about $15/month you can have mailboxes that are very private, and especially ad-free.
Re: (Score:3)
+1
3 years ago, I registered for a prestigious international conference.
I didn't notice it at first, but their password field was broken, and pwdhash didn't convert my master password before sending it.
5 minutes later, I receive a confirmation email from the organisers.
The password was in clear text in the second line....
It's called a "receipt" (Score:4, Insightful)
So, what exactly is Amazon supposed to do? Most people LIKE getting their transaction details sent to them; it's called a "receipt", and it serves as proof you bought whatever it is you think you bought, should this ever be up for dispute. Most people expect to receive a receipt for every electronic transaction, even if it isn't strictly necessary.
And the same thing could be said about any commercial e-mail service... nothing stops Mom-n-Pop ISP from mining your e-mail for data (or selling mining access to somebody who can.)
In any case, Amazon doesn't seem to be too bothered by the prospect...
If you don't trust GMail e-mail scanning, get your address elsewhere.
Re: (Score:2)
And yet, that receipt could be in the form of a protected URL to the information. Follow this link if you would like to see/print your receipt. It does not need to include the full text of the transaction.
I want a "real" copy (Score:2)
I want a "real" copy in my own e-mail account, and I expect most other people do too. I don't want to have to go through all the hassle to obtain and save my own copy. What happens if your Amazon account is suspended? You'd never see those receipts again if you hadn't already saved a copy.
but right now nobody knows (Score:3, Interesting)
Just ask (Score:1)
the most important thing (Score:1)
Just submitted my gmail account to test as per TFA (Score:1)
Prior art (Score:3)
http://www.ismytwitterpasswordsecure.com/ [ismytwitte...secure.com]
I know it was made to check Twitter passwords, but it turns out that it works surprisingly well here too. In fact, it's smart enough to tell you how secure your passwords and accounts are, even if you enter fake credentials. I kid you not, it is that smart. Try it out.
Two Factor Auth (Score:1)
If you're not using this for Gmail you're an idiot, especially if this stuff is tied to your bank.
Just ask the NSA (Score:2)
The sweeper doesn't count (Score:2)
most banks, broker's websites, and battle.net. These accounts worth $hitload more than paypal and amazon.