OT Computer Malware Question - AVS Forum
Forum Jump: 
Thread Tools
post #1 of 11 Unread Today, 09:49 AM - Thread Starter
AVS Special Member
 
Karyk's Avatar
 
Join Date: Dec 2001
Location: Seattle
Posts: 6,417
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 113 Post(s)
Liked: 25
OT Computer Malware Question

When someone you know sends you an email, which is also apparently going to all of their contacts, with a short message and a link, which is presumably to a malicious site, what do you tell them?

Do they have a virus on their computer or has their email password been hacked? Other?

It happens to me with some frequency and I'd like to be able to offer people better advise as to what they need to do.
Karyk is online now  
Sponsored Links
Advertisement
 
post #2 of 11 Unread Today, 11:31 AM
AVS Special Member
 
bryansj's Avatar
 
Join Date: Feb 2004
Location: Atlanta, GA
Posts: 6,474
Mentioned: 3 Post(s)
Tagged: 0 Thread(s)
Quoted: 125 Post(s)
Liked: 208
About all they could do is change their email password. If this is happening to them then they probably don't have the technical ability to fix and prevent it.

bryansj is offline  
post #3 of 11 Unread Today, 12:21 PM
AVS Special Member
 
replayrob's Avatar
 
Join Date: Mar 2005
Location: NY- The tax State
Posts: 4,170
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 188 Post(s)
Liked: 188
Quote:
Originally Posted by Karyk View Post
When someone you know sends you an email, which is also apparently going to all of their contacts, with a short message and a link, which is presumably to a malicious site, what do you tell them?
I had to call one of our work clients yesterday to tell her her (yahoo) account was hacked.
I read her the email domain name from the fraudulent email header... she had never heard of that domain- but it had her name attached to it and I was one of her contacts that received that email.
I was only on her work yahoo account contact list- so it was pretty obvious that her Yahoo account got hacked. She told me it was the 5th time this year she's had to change her yahoo password.

I suggested she use a paid service for her work related emails...

"If we ain't outta here in ten minutes, we won't need no rocket to fly through space."
replayrob is online now  
post #4 of 11 Unread Today, 12:43 PM - Thread Starter
AVS Special Member
 
Karyk's Avatar
 
Join Date: Dec 2001
Location: Seattle
Posts: 6,417
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 113 Post(s)
Liked: 25
Quote:
Originally Posted by replayrob View Post
I read her the email domain name from the fraudulent email header... she had never heard of that domain- but it had her name attached to it and I was one of her contacts that received that email.
That was the case of the one that prompted this thread. In other situations I don't think it's necessarily been through.
Karyk is online now  
post #5 of 11 Unread Today, 12:44 PM
Senior Member
 
dfkimbro's Avatar
 
Join Date: Aug 2013
Location: Franklin, TN (mostly)
Posts: 275
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 40 Post(s)
Liked: 43
Yahoo, AOL (which I think is Yahoo now, too), Bellsouth, and AT&T seem to be particularly vulnerable. I get a lot of those. I rarely if ever see it from people with Gmail or Comcast accounts. If it's someone I actually know, I'll get in touch with them one way or the other and let them know that they been hacked. A lot of these are elderly friends who might not check their email regularly.

I actually have email accounts through Yahoo and Gmail, for when I needed to be able to set up some other service from Yahoo or Google, but I don't use them for actually sending or receiving email, and I certainly don't let them upload my address book.
dfkimbro is online now  
post #6 of 11 Unread Today, 01:17 PM
AVS Special Member
 
TornadoTJ's Avatar
 
Join Date: Jan 2008
Location: Dallas, TX
Posts: 3,977
Mentioned: 1 Post(s)
Tagged: 0 Thread(s)
Quoted: 26 Post(s)
Liked: 40
Keep in mind they are probably spoofing the sender's email address and not actually sending from their email. You have to look through the headers to determine if this is the case. I see that these types of emails are spoofed about 99% of the time.
TornadoTJ is offline  
post #7 of 11 Unread Today, 02:15 PM - Thread Starter
AVS Special Member
 
Karyk's Avatar
 
Join Date: Dec 2001
Location: Seattle
Posts: 6,417
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 113 Post(s)
Liked: 25
Quote:
Originally Posted by TornadoTJ View Post
Keep in mind they are probably spoofing the sender's email address and not actually sending from their email. You have to look through the headers to determine if this is the case. I see that these types of emails are spoofed about 99% of the time.
Right, as seemingly was the case with the one today. But the point is that somehow they got the person's contact list. So something's not right, and I'd like to point them in the right direction to fix it.
Karyk is online now  
post #8 of 11 Unread Today, 02:37 PM
AVS Special Member
 
Aleron Ives's Avatar
 
Join Date: Oct 2009
Posts: 3,077
Mentioned: 2 Post(s)
Tagged: 0 Thread(s)
Quoted: 481 Post(s)
Liked: 427
You can't control whether other people spoof your address except by switching to a new address that nobody knows about (which rather defeats the purpose of having an address). The more contacts you communicate with, the more likely one of them will lead to your address being harvested by malcontents.
Aleron Ives is offline  
post #9 of 11 Unread Today, 03:11 PM - Thread Starter
AVS Special Member
 
Karyk's Avatar
 
Join Date: Dec 2001
Location: Seattle
Posts: 6,417
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 113 Post(s)
Liked: 25
Quote:
Originally Posted by Aleron Ives View Post
You can't control whether other people spoof your address except by switching to a new address that nobody knows about (which rather defeats the purpose of having an address). The more contacts you communicate with, the more likely one of them will lead to your address being harvested by malcontents.
But if when you see the other recipients and they are people you know, it's more than just spoofing an email address, right?
Karyk is online now  
post #10 of 11 Unread Today, 03:30 PM
AVS Special Member
 
replayrob's Avatar
 
Join Date: Mar 2005
Location: NY- The tax State
Posts: 4,170
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 188 Post(s)
Liked: 188
Quote:
Originally Posted by Karyk View Post
But if when you see the other recipients and they are people you know, it's more than just spoofing an email address, right?
Yes, most likely.
There's not too much in it for them to just spoof one address- the contact list is what they're usually after.
Other than a keylogger planted in the host computer- you have to actually hack/get into the target email account to get the contact list for a webmail account.
So, when you call the victim and they tell you other people have called/contacted them about getting emails from the victim- it's likely their webmail (Yahoo, AOL, Gmail, etc...) got compromised.

Take a look at: http://www.bleepingcomputer.com/forums/f/79/security/
A lot of good info there related to this topic...

"If we ain't outta here in ten minutes, we won't need no rocket to fly through space."

Last edited by replayrob; Today at 03:34 PM.
replayrob is online now  
post #11 of 11 Unread Today, 03:49 PM
Senior Member
 
Dave in Green's Avatar
 
Join Date: Jan 2014
Posts: 243
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 67 Post(s)
Liked: 79
Many years ago someone got into my e-mail account and sent thousands of spam messages from it that all showed up in my outbox. When I researched it I found the most common problem was people using the same password on all of the accounts and forum memberships they used. If anyone hacks any of those websites, they can try to sign into your e-mail account with the same password used on the account they hacked into.

Since changing to a unique e-mail password, I've gone many years now without a problem. I always ask friends and relatives who mention having their e-mail accounts hacked if they used the same password at multiple sites, and they invariably answer yes. I advise them to always have a unique e-mail password that isn't used anywhere else, and none of them have had a recurrence.
Dave in Green is online now  
Reply Home Theater Computers

Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off