Should I be concerned and if so, what next?

Question

Should I be concerned and if so, what next?

Ten days ago I attempted to email an attached Numbers file to my mother. We both have MacBook Pros operating with OS X 10.9.1, use Mail, and have Gmail accounts setup as primaries. The content of the file was sensitive so it was password protected. When I attempted to send the email, Mail indicated Gmail wouldn't 'accept the email for reasons related to security' (this paraphrase attempts to capture the message's sentiment as I don't recall the exact wording/terminology used). I'd never encountered this before and, being rather naive of these matters, figured it might be due to the attached file being password protected. Without giving it further thought, I went old school, made the 10 minute drive to my mom's place, and transfered the file via thumb drive. Everyone was happy.

Today, 10 days later, I was surprised to an email from her thanking me for sending the same Numbers file I had attempted to send, the one that supposedly didn't go out. Being a reply, her response included the content of my initial email. While the email did appear to indicate it came from my Gmail account and had been sent 10 day earlier on the day I had attempted to send it, a few things didn't seem right.

First, as I've mentioned, just the fact that 10 days had passed didn't make sense. After confirming that my mother had only recently received my email (she said it had arrived within the last 24 hours as she checks daily), I was curious as to where its been 'lingering' during its 10 day journey. Second, upon checking my Mail's Sent folder, I verified there was no record of my initial outgoing email attempt, which would seem to support that it never went out. But, as we now know, it apparently did. Finally and probably most troubling, the Numbers file my mom received was named "xxxx.numbers.zip". This wouldn't be unusual except for the fact that the file I attached and attempted to send 10 days earlier was named "xxxx.numbers". It was not a large file, so I never bothered to compressed it. Again, being naive on these matters, I don't know if this is something Gmail may do automatically to speed up data transfer rates which, if so, would be ironic in this case.

Upon receiving my mom's email, I immediately contacted her to alert her not to open my attachment but, unfortnately, was too late. Neither of us has any 3rd party security software on our systems. My mom's Mac seems to be running fine, and I know that Mavericks and Safari have some security features but know nothing about the breadth or robustness of these built in capabilities. So my questions are... Should I be concerned? Is there something I can do to determine whether there's need for concern? And if there is need for concern, what are my options and/or what my next step?

Disclaimer: You've probably already figured out this is my first post to this site (or any site of this nature for that matter). I apologize in advance if I've broken etiquette, am off the mark entirely, or simply inappropriately in the wrong forum. If so, I'd greatly appreciate if anyone could guide me in the right direction.

Posted on Jan 28, 2014 11:14 PM

Reply

Answer 1

Best reply

LarryHN

Level 10

106,110 points

Jan 28, 2014 11:36 PM in response to gregoryfromsierravista

Weird - but probably not a problem - I doubt that NSA bothered to infect your mother's system

and there are no known viruses that affect Macs so that is probably not a problem

You might contact Gmail support to see if they have any insight

LN

Reply

Answer 2

Feb 11, 2014 6:04 AM in response to LarryHN

LarryHN,

Thanks for your reply and sorry for my delayed response. I just happend to come accross your response in my Junkmail folder.

As you suggested, my original plan was to report the incident to Gmai, but I hesitated as the attached file included sensitive data. As previously mentioned, being naive on such matters, I became unsure about how to proceed as I researched the matter. Call me paranoid, justifiably or not, as I started to second guess forwarding the email to Google after reading some online comments, which seemed to suggest they weren't necessarily beyond 'picking apart' its content and, sadly to say, exploiting the information there within. While understadnding this to be a likely overstated outcome, I found it difficult to ignore as the possible implications, however unlikely, could be disasterous. More than one site source, unfortunately I don't have the wherewithall to verify their credibility, left me questioning the motives of enterprivses, such as Google. Admittedly, prior to my research, I'd believed them to be well respected and generally would haven implicityly given the benefit of the doubt regarding client security/privacy matters. Again, largely unaware of such matters, I was alarmed to discover a sizable record of negative reports from multiple web sources regarding Google's questionable record, albeit appparently unequivocally unproven, concerning costomer confidentiality/privacy issues.

In this light, with a cautious dose of embarassment, I admit the tone of your response together with my presumption of favorable ethical practices of such companies, l'm inclined to believe my predescribed reservations are most likely an unsubstantiated, overreaction. With that said, given my parents' financial holdings aren't trivial, I'm compelled, even given my limited resources, to do what I can to ensure they continue to enjoy financial security into their twilight years. Both in early retirement, they've worked hard to secure a future for themselves and have many well deserved years ahead to live out and enjoy. And while they have a well qualified finacial advisor, albeit I must admit I sometimes question where his loyalties lie, and in spite of the fact that I stress I'm not truy qualified to be advising them on the nature of the "security" of their online banking habits, they seem to insist on falling back on my advice regarding these matters, no matter how ill advised.

Again, I don't claim to be an expert on these matters and sincerely hope my concerns are entirely unfounded. With that said, since your advice has been helpful on the matter, my final question is, do you think I should be at all concerned about forwarding the sensitive email to Google, which has precipitated this entire problem? Obviously, it goes without saying, I was foolish to trasmit such infomation via the interntet in the first place, encrcypted or not. But my blunder has been made, and I'm still unclear about how to proceed. Any additional advice of the matter would be greatly appreciated.

Thanks in advance, Greg

Reply

Answer 3

dwb

Level 7

32,920 points

Feb 11, 2014 6:24 AM in response to gregoryfromsierravista

If you used the newly released version of Numbers (Numbers 3.1) I can explain part of it. When Apple updated iWork it changed the file format and Gmail's filters didn't recognize the format. All emails with attached files from the new iWork suite were rejected. Some people even reported that files were rejected if they were archived. Oddly I didn't experience this.

I've not tried to attach an iWork file recently (I've reverted to the older version until certain functionalities are returned to the new version) but I suspect that Google has finally fixed the filter so it will pass on iWork files. Now that doesn't entirely explain why your mother got the file without you resending it. I've not gotten any of the files I sent myself while testing iWork with Gmail. But I seriously doubt NSA is involved.

Reply