I might have been hacked.

KatteyKattey Posts: 2,900
edited December 1969 in The Commons

Just currently my email gave me a bunch of failure-to-deliver autoreplies for tickets I didn't submit and emails I didn't send. If you get any unautorized email from me, DON"T PRESS anything in that link and better just burn it without opening.

«1

Comments

  • KatteyKattey Posts: 2,900
    edited December 1969

    It looks like somebody sent a ton of spam from my email. Anybody has any advice how to clean this mess?

  • KatteyKattey Posts: 2,900
    edited December 1969

    And it opened some support tickets with same glibberish O_o

  • JimmyC_2009JimmyC_2009 Posts: 8,254
    edited December 1969

    I had this once a few years ago, and my ISP wasn't really that interested.

    I told them I wasn't sending the emails, and they were able to stop them somehow, but they never used my DAZ 3D account or anything like that. They just used my name to send out thousands of spams through my ISP.

    I think you should get onto your ISP as soon as possible to see what they say about it.

  • KatteyKattey Posts: 2,900
    edited December 1969

    ISP you mean my internet provider or my email provider?

  • JimmyC_2009JimmyC_2009 Posts: 8,254
    edited December 1969

    Ah, mine were one and the same. If you use a different email provider, I would contact them, if only to let them know that it is not you that is doing the spamming, but they may well know that already. I am sure they can block the spammers without blocking you as well.

  • ServantServant Posts: 393
    edited December 1969

    Change your password. Use a much stronger one. If you had 6 characters before, use 8 or more (as many as you believe you can commit to memory and the system allows). Change the security questions, too. Report the problem to both your ISP and email provider if you can. They may do zilch, but at the very least you informed them and it's on record. Tell all your contacts that your account was compromised. Make sure none of the drafts are still in your email's folder (especially the ones with file attachments).

    I had one of my email and twitter accounts hacked once, and boy, I learned to be paranoid about them pretty fast.

  • KatteyKattey Posts: 2,900
    edited December 1969

    Does it endanger my sensitive information (accounts, CC and other things) or people who got the spam?

  • mjc1016mjc1016 Posts: 7,256
    edited December 1969

    There are several ways this can be done and only a few of them involve any actual hacks.

    The key thing to know is where they are actually coming from.

    They could be coming from your computer, in which case you are infected with malware/virus/trojan/worm/etc.

    They could be coming from your email account (if a web based email...Gmail, Yahoo, etc) in which case there's a chance that someone got the password to that account/took over it/etc.

    They could be coming from anywhere and are just using your email address as the 'sender'...this is the most common and since you are listed as the sender, you are getting the bounces, as well as the blame.

    If you are using an ISP provided email account, contact them to see if the garbage actually was sent from your account. If you are using a webmail, like Gmail, then you need to change your passwords (use another machine to do so, at least until you make sure you are not infected with anything).

    Then, while waiting to find out where they came from...scan your computer with at least one AV and something like MBAM (Malwarebytes AntiMalware).

  • Dream CutterDream Cutter Posts: 1,082
    edited December 1969

    Your email server may have been spoofed without actually accessing your account,,,so you need to determine if your email data was accessed by looking at the server access logs. ISP should be able to help with this unless you are using web based email like g-mail.
    However If my email was hacked,.... I would first off request new account numbers from my bank on any accounts that transactions that were performed on-line. Its remote but the possibility exists that any info gleaned from receipts in email could be joined with other prior stolen CC data to build a credit profile match. Do this in person at your bank. Also change windows, paypal and your on-line bank passowrd - HOWEVER DON'T DO THIS UNTIL YOU KNOW YOUR PC IS SECURE. Run malwarebytes.org and something good like avg antivirus on your system to ensure the hacker didnt plant (via email link or malware).a trojan keylogger that could/may if present capture new passwords.

  • KatteyKattey Posts: 2,900
    edited December 1969

    Some of my friends told me that they got some spam from me. And I got a bunch of failure notices that all had emails listed (as carbon copy subjects) which I know and used to write to before, and failure to deliver notices look genuine because I know that those emails no longer exist.

    I'm running Symantec right now and I have Malwarebytes Anti-Malware and Spybot...

  • ChoholeChohole Posts: 19,406
    edited March 2013

    Yahoo had a problem like this with some of their users in January. They apparently dealt with it themselves, but it sounded very much like the issue that you are having now, with users accounts sending out spam messages. THere are still sporadic cases of this happening even now with Yahoo, although I have been lucky so far.

    It may help if you google search to see if your email provider is having a similar issue

    Post edited by Chohole on
  • KatteyKattey Posts: 2,900
    edited December 1969

    I am on Yahoo :/

  • ChoholeChohole Posts: 19,406
    edited March 2013

    Ah, then the problem is from the email provider I am afraid, I have been lucky and not got caught uup in it (yet). Some people are saying that it is still happening sporadically. Last report I found for Yahoo was dated the 9th March.

    Edited to add that Yahoo were supposed to have built in a fix, but it wasn't apparently very successful.

    Post edited by Chohole on
  • KatteyKattey Posts: 2,900
    edited December 1969

    I checked recent login ins and I found that somebody logged into my mail from Urugway
    11:44 AM Yahoo! Mobile Logged In Uruguay

    :/
    What should I do?

  • mjc1016mjc1016 Posts: 7,256
    edited December 1969

    Change your Yahoo password...from a different machine. Continue with the scans...

    Remove your Yahoo address book. Yeah, it's an inconvenience, but if there's nothing there, there is no way to send anything to anyone...

  • ChoholeChohole Posts: 19,406
    edited March 2013

    Have you been able to get hold of Yahoo yet. That is probably a silly question, because they can be quite tardy in answering help requests, but they do need to be informed that they still have this sort of problem.

    As has been recommended already, do change your password and the other security stuff for your account. Make the password a strong one, and as different from the old one as possible.

    And yes if you do have access to another computer, or can use a friends or a neighbours computer to do this it would possibly be better, but it does seem that this is not an attack that means your computer is compromised, only the yahoo account.

    And I agree with MJC, remove all emaill addresses from your account, but make sure you save them somewhere for yourself before you delete them

    Post edited by Chohole on
  • KatteyKattey Posts: 2,900
    edited March 2013

    mjc1016 said:
    Change your Yahoo password...from a different machine. Continue with the scans...

    Remove your Yahoo address book. Yeah, it's an inconvenience, but if there's nothing there, there is no way to send anything to anyone...


    I don't have an address book :/
    Never had - and people still got the spam!

    Contacted Yahoo people already, they said they'd do something, but I'm not sure why.
    Changed my password twice :/ All security questions. Created a seal. Disabled mobile apps and flickr.
    Contacted my bank and both Renderosity and RuntimeDNA and some people with apologies.

    Post edited by Kattey on
  • mjc1016mjc1016 Posts: 7,256
    edited December 1969

    The reason I keep saying use another is because, while it isn't likely to be a direct link/hack/infection on your machine, it can be...and until the scans are done, you won't know for sure...but the quicker you change the passwords the better. That way you can change them while still scanning your machine.

    My daughter had it happen to her, back in January, and yes, her laptop came back clean, but we changed the password on my desktop...while scanning her laptop.

  • TheWheelManTheWheelMan Posts: 983
    edited December 1969

    chohole said:
    Yahoo had a problem like this with some of their users in January...

    The problem is re-occurring. I got spam from my brother-in-law's Yahoo account this weekend. Actually, seems like pretty much every week for months now I've gotten at least one spam email from someone with a Yahoo account, so I don't think the problem is either new or been fixed.

  • KatteyKattey Posts: 2,900
    edited December 1969

    But my recent login history shows that somebody had actually logged into my mail - does that mean they used my password? :/
    It isn't simply appears that somebody sent emails using my name, no, it looks like a genuine email, although my regular email "Sent" folder doesn't have any of those ugly messages, thankfully :/

  • mjc1016mjc1016 Posts: 7,256
    edited December 1969

    Kattey said:
    But my recent login history shows that somebody had actually logged into my mail - does that mean they used my password? :/
    It isn't simply appears that somebody sent emails using my name, no, it looks like a genuine email, although my regular email "Sent" folder doesn't have any of those ugly messages, thankfully :/

    Very likely...

  • KatteyKattey Posts: 2,900
    edited March 2013

    mjc1016 said:
    Kattey said:
    But my recent login history shows that somebody had actually logged into my mail - does that mean they used my password? :/
    It isn't simply appears that somebody sent emails using my name, no, it looks like a genuine email, although my regular email "Sent" folder doesn't have any of those ugly messages, thankfully :/

    Very likely...


    Not helping :/
    If they got this password - how? And are my other passwords in danger?

    Post edited by Kattey on
  • Richard HaseltineRichard Haseltine Posts: 19,404
    edited December 1969

    I'm not sure if it's still true, but there was a cross-site vulnerability in the Yahoo system that meant if you clicked on a bad link while logged into your Yahoo account the other site would be able to harvest login credentials. I'm not sure if it was actually getting the password or exploiting a back door that required a deliberate logout to close. As for other sites etc. - if you use the Yahoo address as the recovery address, for password resets, there's a risk they may have been grabbed but I think most of thiss tuff is done by a bot, not a human, so there's not going to be any great use of initiative. It got the victim names from your saved emails.

  • mjc1016mjc1016 Posts: 7,256
    edited December 1969

    I'm not sure if it's still true, but there was a cross-site vulnerability in the Yahoo system that meant if you clicked on a bad link while logged into your Yahoo account the other site would be able to harvest login credentials. I'm not sure if it was actually getting the password or exploiting a back door that required a deliberate logout to close. As for other sites etc. - if you use the Yahoo address as the recovery address, for password resets, there's a risk they may have been grabbed but I think most of thiss tuff is done by a bot, not a human, so there's not going to be any great use of initiative. It got the victim names from your saved emails.

    That's what I was thinking.

    There's also something else I was reading about, a while back, dealing the possibility of gathering passwords by flooding the recover password process with lists of phone numbers and seeing what falls out...since Yahoo and Google both want cell numbers, theses days, there's a chance something like that can work. Cell numbers are easier to get than actual passwords.

    Plus there's still the old-fashioned 'dictionary' attack...this is especially useful to get 'word' type passwords. A password should be 8 or more characters that are a mix of upper/lower case, numbers, letters and symbols...

    That's even before getting into things that could actually be on your own computer...

  • KatteyKattey Posts: 2,900
    edited December 1969

    Yes, I use my yahoo address as an address for recovery and stuff :/

    Can anybody suggest more reliable email provider?

  • mjc1016mjc1016 Posts: 7,256
    edited December 1969

    Your ISP provided email...

  • KatteyKattey Posts: 2,900
    edited March 2013

    It is Rogers :/ I don't have much faith in it.

    Post edited by Kattey on
  • mjc1016mjc1016 Posts: 7,256
    edited December 1969

    Most of the web based ones are very similar...both in features and vulnerabilities.

  • ChoholeChohole Posts: 19,406
    edited March 2013

    As well as Yahoo I use Gmail for some things

    Normally the best thing about using a web based email addy is that the emails are never actually downloaded onto your own computer, but are on the email providers "cloud"

    Of course this does also make them easier to hack into, as they only need to hack into Yahoo, and then go on from there.

    Post edited by Chohole on
  • Richard HaseltineRichard Haseltine Posts: 19,404
    edited December 1969

    Using an email client (Thunderbird, Windows Live Mail etc) rather than the web interface may help you against cross-site vulnerabilities, since you aren't logged in to the website when checking your mail, but it wouldn't help with the other avenues of attack.

Sign In or Register to comment.
Rocket Fuel