• The Forums are now open to new registrations, adverts are also being de-tuned.

My email account has been hacked. How do I solve the problem?

Merc Owner 2B said:
Yes I believe you are. I always send mine out with all recipients in the BCC line so even they are unaware of each other.

I'd be interested to hear from our more knowledgable colleagues here if I am avoiding the harvesters?
Click to expand...
Yes and no... you're reducing the value of each email as there won't be a list of email addresses to be harvested. That said, if your contacts which you just emailed then forward your email to 10x people (without ammending the body to remove your address and so on), your email address will be included and thus be on a list somewhere.


trapperjohn said:
So some of the very good jokes I send out (which come to me by email) from a couple of buddies. Am I risking my buddies and recipients internet/email safety by doing this.
Click to expand...
As above; that said - you need to get to a limit. Too much paranoia and you wont leave the house!

neilz said:
I know, that's very recent, and a scammer I was 'baiting' accidentally sent me a scan of one such list (along with a host of his aliases in the cc line) and when I questioned him he said it was a mistake. It had groups with arrows etc. (handwritten!). So they can spoof addresses, I think you're right about that with the successful Russian Viagra spam (the businesses are ultimately owned by the Russian Business Network as they call themselves (Russian Mafia)), lower level 419 scammers just buy the email address lists. What you need to consider is how they would get hold of chain letters -who would forward one to a criminal?
Click to expand...
Spoofing from addresses is almost as old as emails - it's spoofing addresses that are "trusted" from the recipients, and harvesting that level of detail that is very new. RBN are VERY organised and well funded, Viagra is just one of their exploits. We've seen (many) actual attacks on client infrastructure from who we believe is RBN. IN cases when they get in, they will tend to either steal data and offer not to spread it to the world for a fee; or encrypt data and offer to decrypt ti for a fee.

Forwarding to a "criminal" is easier than you think. Put it this way; you forward your letter to 20 people, that's 21 people who have seen it and 21 email addresses. Those 20 each do the same, so now we are at 421 (400 new). That's 2 forwards. again and it's 8,000 new people. Then 160,000. Then about 8 million, 64 million, 1.2billion, 24 billion new addresses -oops we are out of people on the planet. (yes, people have multiple accounts and so on, but it's exponential so you get the idea). All within 10 forwards of your original email. At some point, someone willing to make a quick buck will take the email, strip out the email addresses and sell them (they usually go for about $5 for 1mb of email addresses, more for valid email addresses with a referrer). Obviously this can be scripted so you don't need to do anything.

Another source is sniffing - email is NOT a confidential protocol. Everythign is sent in clear-text. This means that if I set up a mail relay, I can read all the emails that flow through my box. Or if I sniff all traffic on a backbone (RBN and Chinese are the only two organisations with the infrastructure to do this at a global level, that I know of, at the moment) and pull out what I need. Generally, when speaking, to larger clients, their comeback is "oh, but it's all fragmented into packets. So the chance that all packets travel through the same place is very low". Which is true- but I don't NEED the whole email. I just need the email addresses, which I can grab from individual packets without recompiling your original email.

neilz said:
BCC seems to mean the email is sent out as if individually to each person, CC means it's sent out to everyone as one email. I may be wrong. But I think that's getting a bit paranoid - I send out emails to groups of people and know as a fact I don't send spam out to my contacts (I have work and private email addresses I copy my emails to so I can forward them later if I want without having to search for the original email, and they never get spam sent to them).

I still want to know how a chain email would fall into the hands of a spammer...

Spammers also like hacking into mail servers and using them to send email. My website server ran Windows NT4 Server (yes, the 1996 edition) until recently and weekly I checked the logs and saw so many failed attempts to send spam. The "badmail" folder was full of copies of emails that couldn't be sent (only because I hadn't configured the SMTP add-on). They were all advertising viagra. Imagine if I HAD set the server up to send emails - it would have become a spambot out of my control. I now run Windows Server 2008 and the issue is just about gone. My point is your server (or computer!) can unknowingly be used to send spam.
Click to expand...
CC vs BCC - very right.

Mail server could have been hacked, or, more likely, you had a server that allowed unauthenticated sending of emails. Most mail servers from that era wont request credentials to send emails - it was a trust-based infrastructure.

Email was never designed to be "secure". Authentication, authorization and encryption are all "add ons"

M.
(and if you want to hire me, drop me a pm - I do security consultancy. Used to work for the worlds largest Security firm, and we did an MBO of their consulting team :p)
 
I had exactly the same problem, but with hotmail and I sent an email to hotmail/MSN directly explaining it and they sorted it out from their servers eventually.
 
Spinal said:
CC vs BCC - very right.

Mail server could have been hacked, or, more likely, you had a server that allowed unauthenticated sending of emails. Most mail servers from that era wont request credentials to send emails - it was a trust-based infrastructure.

Email was never designed to be "secure". Authentication, authorization and encryption are all "add ons"

M.
(and if you want to hire me, drop me a pm - I do security consultancy. Used to work for the worlds largest Security firm, and we did an MBO of their consulting team :p)
Click to expand...

SSL Should be the minimum standard, 128-bit encryption and all that, but the RBN will find a way through.

But you know what amazed me? In NT4 I went through my FTP and Web server logs and found literally thousands of hacking attempts, the most memorable were usernames "Administrateur" and, bizarrely, "Owen"! Where did most of them come from? The University of Glasgow! I emailed them reporting abuse several times, unsurprisingly no reply, but when I check the logs in Server 2008 guess what - still at it! Same IPs! I would block them, but I would rather gather as much evidence of hacking attempts as I can in case I pursue the university at a later date.

At least the SMTP server is disabled altogether now so I don't have to worry about Viagra spam being sent out. Some was in Chinese, even! And each email had a delivery failure email stored in the "badmail" folder too! How many megabytes that all took up...

I find that with my email addresses being as public as they are I do get quite a bit of spam, but GMail's spam filter is good, and I wouldn't get some hilarious scam emails to play around with if my email address was kept private. I mean, mail from Bill Gates/Gadhafi's daughter-in-law/Ban Ki Moon...! I've still got emails from all (such lovely emails as well, they just want to give me money!) if you want proof!
 
Thank you very much for the valuable advice (some of which is over my head). I did change my password, and up to now, haven't spammed anyone else, yet. :thumb:
 
try gmail... its free and awesome;-)

you can use calendars in it and set them up to sync with your smartphones and other devices and share your calendars as well...
... example- your significant other would know what times you have free by checking her calendar on her device; before booking you in for another engagement... and you would see the changes to your calendars virtually instantly.
etc
etc
 
rascalmaster said:
... example- your significant other would know what times you have free by checking her calendar on her device; before booking you in for another engagement...
Click to expand...

and that's meant to be a good thing...:eek:
 
neilz said:
SSL Should be the minimum standard, 128-bit encryption and all that, but the RBN will find a way through.

But you know what amazed me? In NT4 I went through my FTP and Web server logs and found literally thousands of hacking attempts, the most memorable were usernames "Administrateur" and, bizarrely, "Owen"! Where did most of them come from? The University of Glasgow! I emailed them reporting abuse several times, unsurprisingly no reply, but when I check the logs in Server 2008 guess what - still at it! Same IPs! I would block them, but I would rather gather as much evidence of hacking attempts as I can in case I pursue the university at a later date.

At least the SMTP server is disabled altogether now so I don't have to worry about Viagra spam being sent out. Some was in Chinese, even! And each email had a delivery failure email stored in the "badmail" folder too! How many megabytes that all took up...

I find that with my email addresses being as public as they are I do get quite a bit of spam, but GMail's spam filter is good, and I wouldn't get some hilarious scam emails to play around with if my email address was kept private. I mean, mail from Bill Gates/Gadhafi's daughter-in-law/Ban Ki Moon...! I've still got emails from all (such lovely emails as well, they just want to give me money!) if you want proof!
Click to expand...

SSL v3 in 1996 as a draft. Windows NT4 was released in 1996 as well; and as such wouldn't have been able to include SSL in the mail-binaries. Any crypto standard needs thorough review before being adopted...

(SSL v1 was never public, and v2 was deemed insecure hence the release of v3 within a year of v2.)

Pursuing the university will be near impossible - they act as ISPs at the end of the day. The attempts are probably NOT from the students themselves (though possible), but more likely from the students' machines, compromised by all sorts of nasties.

Students, by nature, try to save money. Hence, pirated software is quite rife. Pirated software is much more likely to contain malware than it's legitimate counterpart. Hence, once their machine is compromised, they are nothing more than proxies or zombies for the attack. Quite often, an attacker will go through multiple proxies to avoid being found.

On that note, attempting a login with a username and password isn't really "hacking". Yes, a brute force attack (trying every possible combination) or a dictionary attack (using a pre-defined dictionary) could be deemed hacking, but unless they actually got in you'll have trouble pressing charges...

Regarding spam, a bit of a sales pitch, but have you tried messagelabs? (now rebranded to Symantec.cloud for some wierd reason). For enterprise/business use, it's hard to beat...

M.
 
Another vote for gmail (or rather google apps). I've recently switched my mail server away from SBS2003 and am rather impressed, when coupled with Postini it is very good.

Add on their interface which is great I'm well sold on it.

You can use Outlook, but you do miss some of the best bits because of this.
 
BTB 500 said:
Gmail analyses the content of all your messages, which some are not comfortable with:

Gmail - Wikipedia, the free encyclopedia
Click to expand...

no adds on google apps. It must does some analysis as it's pretty good at recognising what's important and bringing it to your attention.

I don't really do the privacy thing as my emails aint that interesting!
 
Update.

Since I changed the password on my AOL and Yahoo accounts the spam problem has disappeared. Fingers crossed.

Many thanks for the advice. :thumb:



Unconnected, but one thing I have noticed, is that before my problems started, I have recieved email spam from iPhones.
 
Looking back (isn't retrospect nice?) if changing the password "solved" the problem, I would suggest your password was compromised.

This will most likely happen from phishing websites (look like AOL/Yahoo webmail but aren't) or from logging into your account from a shared machine with malware (cybercafe, airport lounge computer, etc).

M.
 
Spinal said:
Looking back (isn't retrospect nice?) if changing the password "solved" the problem, I would suggest your password was compromised.
Click to expand...

But if the mails had actually been sent via that account they would have been in the 'sent items' folder (or trash)?
 
BTB 500 said:
But if the mails had actually been sent via that account they would have been in the 'sent items' folder (or trash)?
Click to expand...

Unless they were deleted from these... or not sent via webmail interface (more likely) but through a custom client.

M.
 
You must log in or register to reply here.

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)

Similar threads

S
Urgent help! I've been blocked from my email account.
Replies
8
Views
1K
Spinal
Spinal
BTB 500
Hacked email account - "www.niyacn.com" email
2
Replies
26
Views
3K
kay7
K
T
I think ive sold my car (or hav I)
2
Replies
27
Views
3K
BenzedUP
BenzedUP
Back
Top Bottom