gmail is a lovely piece of web-based email goodness. it has tricks! and twists! and fun quirks! for example, did you know that you can set your email to forward to ANY address, without having to verify it on the other end? i bet you did not. even if you did, i wonder if you arrived at the two (equally nefarious) evil possibilities that i did. in the interest of self-criticism i'm also admitting to the holes in the plot.
NOTE: THESE ARE EVIL AND PROBABLY QUESTIONABLY LEGAL. they certainly violate google's TOS. i would never actually do them, because i am not a total jerk.
omnipotent teflon spam
make a fake gmail account. set it to forward to the primary (or, even better, work!) email of an enemy, disliked person, or irk-target. sign your fake email address up for oodles of weird mailing lists and a bunch of those FREE IPOD GIVEAWAY!!!!!! sites. forget about it.
- no matter how much your victim clicks "report spam," the messages won't be blocked. because they're not being routed to the inbox via a spam server - they're being routed via gmail's lovely email forwarding system - you've handily-dandily bypassed the spam filter.
- because you signed your victim up for the spam using an email address that's not theirs, they can't unsubscribe.
- most people are morons and will not know how to block rerouted emails.
- if you ever get tired of flooding someone's inbox, you can sign into the fake account and cancel the message forwarding.
- if your victim is in the habit of reading the headers on an email ("[sender] to [recipient]"), he will immediately notice that it doesn't say "me" (as gmail displays it).
counter-downside: make your fake email address similar to your victim's actual email address. bonus points if their address has a lowercase L in it, and you can register the same address but using a capital I, or vice versa.
- if you subscribe someone's work email to a particularly distasteful mailing list, he might wind up getting fired.
the classic stalker (aka the AT&T/NSA)
hack into someone else's email account (look over their shoulder as they type their password? infer it via psychic meditation? whatever you like) and go into the email forward settings. set it to forward to you (or, smarter, to an anonymous email account), while retaining a copy in the inbox as well.
- you have access to every piece of outgoing mail, without the mess of having to actually hack into the account ever again.
- via experiments i just now conducted (called: i have my gmail open currently on two computers at once and am playing with it), i know for a fact that it's impossible for someone to see that someone else is logged in simultaneously with you (unless you are a moron and decide to start reading unread mail). you can be stealthy like fox.
- you have to get someone's password.
- if they are the sort of person who deletes the text of the message they're replying to, you'll only get access to half of any given correspondence session.
update: another anonymous, evil-minded friend shares, via gchat:
AEMF: do you know what else?
if you log into someone's gmail while
they're logged in, and they're gchatting
you can watch the conversation as it goes
AEMF: the only downside
is that sometimes it minimizes itself
on their computer and on yours
but most people don't know why
update 2: a certain sneaky-minded friend of mine contributes:
A sneakier way to go about things, if you're going to do this right, isit is worth noting that i have no idea what most of this means.
packet sniff an account password at the login screen.
Most people go to http://gmail.google.com or http://[some google mail
address]. This is inherently insecure. Though google does later
establish an encrypted secure session so that IM and mail are hased your
password on the site is sent as plain-text to them. Anyone with a packet
sniffer can find your password.
Then you use your amazing webdev skills to craft an html webmail with an
attachment that makes it appear as though this mail is coming directly
from google. Make it some giant buggerall about security. Google will
check incoming mail that comes to you but it won't check mail you mail
yourself so use this account to mail that person a zombifying bug.
They'll see it, think they must install it because it has the google
logo, and infection hits.
Rinse and repeat but each time use a zombie and a zombie of a zombie,
etc to plan your attacks. To some extent this can be automated. Before
you know it you'll have a zombie army that you can then route through
the tor network and rage a DNOS attack on the unsuspecting victim's
computer where you extract their credit information porn habits
incriminating photos and then distribute it all across peer networks and
torrents and especially to news agencies.