We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Gmail users targeted by rogue password recovery tool

Warning over Gmail hacker Pro

Consumers trying to recover forgotten Gmail passwords have been reminded not to use the widely-circulating Gmail hacker Pro software, which claims it can recover passwords for a fee.

Webmail password recovery scams are nothing new but this particular one can turn up in several guises, starting with the simple fee scam uncovered by GFI Labs.

Gmail Hacker claims it can search the hard drive for the forgotten Gmail password, returning it for a fee of $29.99 (£19), in spite of the fact that Google itself offers the same password recovery and reset for nothing using its own service.

The program "processes" the user's Gmail address before demading the payment in return for a generated key.

"Clearly, this is designed to extract a tidy sum of money from unwitting users, and we'd like to save you, Dear Reader, the trouble of wanting to try it out. We categorize GMail Hacker Pro as a Trojan under the detection name GmailHackerPro.pj!.1a.," says GFI in a new blog.

Similar-sounding programs have been doing the rounds which invite users to hack the mailboxes of others after first entering their own Gmail username and password. This of course is a ruse to hijack the user's accounts from where all contacts found have their email addresses harvested to generate more victims.

Normally, passwords are not stored locally (the safest access method) unless browsers are set to log users into Gmail or Hotmail automatically, in which case the password will be stored on the hard disk. This is often where trouble starts. Users check the auto login but months later cannot remember what the password was when they fire up a browser on a second PC.

It varies between browsers. In Mozilla, if set up to be cached these passwords will in theory also available directly under Tools/Options/Security/Saved Passwords.

The safest method is to use a password storage system such as LastPass, which keeps logins locally and online in an encrypted database, in which case they are available from any browser with the plug-in installed once a master password has been entered.

IDG UK Sites

Moto G2 (2014) vs Moto E comparison review: New Moto G is worth the extra cash

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

Oculus Rift 'Crescent Bay' prototype hands-on: it's an amazing experience

IDG UK Sites

How (and where) to buy an iPhone 6 or iPhone 6 Plus in the UK. Plus: What to do if you pre-ordered...