spoofed emails and firewall recommendations please

chipp

It seems my elderly father's hotmail address book has been hijacked. I know this because I received an email suppposedly from him, subject line "hello (my name)" which I thought was a bit odd as I saw him yesterday but rather foolishly I opened it, to find it invited me to click on a link (I didn't).

My dad will be blissfully ignorant of this, except if any others bounced, in which case he might think it a bit odd but he won't lose any sleep over it. I imagine his email address has been spoofed and there won't be anything in his sent mail. Should I suggest he changes his hotmail password - I guess it's too late for this - or just leave him in ignorance? The computer is a toy for him, not a tool, probably email is the only thing he does on it that requires a password although potentially there might be saved documents which give personal info.

His desktop computer was new a couple of years ago and at the time we installed the MS antivirus offering (not sure if it was called MSE then). It should have been kept automatically up to date unless he's inadvertently changed any settings. He connects wirelessly at home, I'm pretty sure I checked at the time that the signal is passworded otherwise I would have insisted on him downloading a firewall. To the best of my knowledge he has no other security installed and if he's ever been caught by the "this is the Windows security helpdesk, your computer has a virus" scam he's not admitting to it.

He doesn't live locally, unfortunately, so it's not easy for me to physically check anything and I'm not confident of doing anything remotely. My mum has let slip on a couple of occasions that he's rung their ISP (Virgin) for help when the computer has gone wrong, but no idea what she means by "wrong" - could be as simple as lost BB signal. Please don't suggest I quiz either of them about anything associated with technology, they won't even understand the question, but if there's anything I can do to "minimise the damage" without alarming them I'd appreciate the advice.

As far as my own email (Yahoo webmail) is concerned, am I right in thinking that as I opened the original email the hacker now knows my address is "live" and will very likely bombard me with spam? Am I also right in thinking that there is no way Yahoo can distinguish between genuine and spoofed email from my father's hotmail account?

BTW my own computer is new and despite being security-conscious in the extreme on the old computer, all that protects me now is MSE and a wireless key. As I have just invested in a set of home plugs and am therefore physically connected to my BB whenever the computer is on, I guess I should download a firewall as the wireless key in this situation is irrelevant - recommendations please? Given the timing, and the fact I stay logged in to yahoo, it has crossed my mind that perhaps it's me who's caused this :embarasse

jayme1

it is possible that the 'spammers' do have his email password, the best thing to do is change the email password and then download malwarebytes and do a full scan of the computer. that should be all that is required.

dave82_2

The email isn't necessarily from his computer as another computer which has a virus and address in the address book could be sending spoof e-mails.

Not that much you can do without physically being next to the machine especially if your folks aren't technically savy you will probably have a nightmare connecting to the machine remotely.

Do you have any tech savy mates where they live who could drop in?

I would suggest telling them not to do any banking or purchase anything online until the machine has been checked out.

It would be a good idea to change the password as a precaution however if it is their machine that has a virus they should use another clean computer to change it.

RussJK

I'll answer your questions in no particular order.

Windows has a firewall built in, which is all I use. Anything more complicated, your father won't know how to respond to e.g. "Should svchost.exe be allowed to blah blah".

Merely opening an email won't alert the spammer, unless you've allowed the loading of remote images. The way this works is that if a unique image/picture is loaded in the email (it could be one pixel big and invisble), and that image is hosted on website controlled by the spammer, then the spammer would know that you have acccessed it. Loading of remote images should be off by default for this and other reasons.

I'm not sure what anti-spam methods Yahoo uses, but yes it's technically possible for Yahoo to tell spam from non-spam to certain degrees of confidence with spam filter software. OTOH they tend to treat your email contact list as a whitelist.

The point of weakness for your dad is his email account. Suggest to him to use a phrase as his email password instead of something complicated and difficult to remember, e.g. "I once knew a man from Limerick".

You would want to run Malwarebytes Anti-Malware as a first step, to make sure he isn't infected. As above, he's not necessarily infected. If you don't feel confident doing this over remote software like Teamviewer (easy to use), then if there's any financial risk involved with documents in his email then it might be smarter to pay someone for virus removal and to check out his security (don't pay more than £30).

chipp

RussJK wrote: »

Windows has a firewall built in. Anything more complicated, your father won't know how to respond to.

Remembered the windows firewall after my post and thankfully I have it turned on and almost certainly I would have set it to "on" for my father as it would have been silly not to. You've hit the nail on the head about his reaction to unexpected messages.

RussJK wrote: »

Merely opening an email won't alert the spammer, unless you've allowed the loading of remote images.

Previously I didn't know what this meant - thanks for your explanation - and my yahoo settings were to always show images except in spam folder (and of course the email in question wasn't considered spam). I've changed it now but expressions about horses and stable doors spring to mind. Time will tell and for peace of mind I'm about to download and run malwarebytes on my pc.

chipp

dave82 wrote: »

The email isn't necessarily from his computer as another computer .......... could be sending spoof e-mails.

That was my thought, given that it's webmail, but SOMETHING has accessed my dad's address book, possibly just at one point in time, and harvested his contacts along with his own email address in order to spoof the sender. Next time I speak to him I'll ask whether he's ever used anyone else's computer to log in to his hotmail account. There would be no point in asking him if he'd ever clicked on a dodgy link in an email from someone he knew because he'd deny it even if he had. :wall: