Two days ago my wife's Gmail account was taken over, with quite sweeping effects. SEE UPDATE BELOW. Yesterday I mentioned the two simple steps Gmail users could take to minimize the chance of such an attack, or recover more quickly if it happened.
But even if this is purely anecdotal and coincidental, why take a risk? If you use Gmail, protect yourself now. Change your password. Now. If you can, switch to two-step verification, as explained yesterday. Be absolutely sure you have extra "password recovery contacts," also as explained yesterday. Also, when you are on the "mail settings" of Gmail making these changes, check the "Forwarding / IMAP" tab to make sure your mail is not being forwarded someplace you don't want.
This is all a minor nuisance. Believe me, it is less of a nuisance than the ones you will be dealing with if the entire contents of your archived mail are in someone else's hands. More about this later.
Here is the phishing note just now from one of my friends' accounts, slightly altered from the one sent when my wife's account was taken over:
>>I'm sorry for this sudden request, It's because things actually got out of control. I'm Madrid, Spain. I came down here for a confrenece, i was mugged and all my belongings including cellphone and credit card were all stolen at "GUN POINT". It's such a traumatic experience for me. I need your help flying back home as i am trying to raise some money.
I've contacted my bank but the best they could do was to send me a new card in the mail which will take 2-4 working days to arrive here from [my friend's real home town, in Texas]. I need you to lend me some Money to sort my self out of this predicament, i will pay back once i get this over with because i need to make a last minute flight.Western Union or MoneyGram is the fastest option to wire funds to me. Let me know if you need my details(Full names/location) to effect a transfer. You can reach me via hotel's desk phone and the number is, +34 981 600916891.
Waiting to hear from you,[My friend's real nickname] <<
Do. It. Now.
UPDATE: In response to some queries, at least in my wife's case this is not just a matter of innocently spoofing her email address as the "from" line of phishing messages. Someone else had complete control of all her online data for a number of hours, with harmful consequences I will detail later. Maybe that has not happened to the people I've heard from today, but if it has, it's something you want to avoid for yourself.