My e-mail is sending out weird messages

Gintotmelinda

hi all


A friend has just told me that my e-mail is sending out messages about making money. I assume I have been hacked or it is a virus.


Can anyone help as I don't know what to do. it is a yahoo account.


thanks

Cycrow

First things to do would be to check your pc for viruses and change your password in yahoo.

most likely cause is that someone fond your yahoo password, and using that to send out spam from your account.

So changing the password will stop this

Fightsback

A very good chance and change ALL your passwords, especially if you are in the bad habit of using the same password for everything.

HHarry

I've had the same warning yesterday/today from friends about my Yahoo account.

I've changed the password, and done a virus scan (which picked up a couple of suspiscous things). Hopefully that sorts it.

agrinnall

Has it actually come from your email account? I got one last week that I thought was from a friend's Yahoo account, but in fact was from another account, using her name, and with her real email address in the text of the message.

gjchester

Gintotmelinda wrote: »

hi all
A friend has just told me that my e-mail is sending out messages about making money. I assume I have been hacked or it is a virus.

Can anyone help as I don't know what to do. it is a yahoo account.

thanks

Its probably not your account.

Lets say we have 3 people., A, B, and C. A knows B but not C. C knows B but not A. A does not know C.

A has B in their address book, B has both A and C in their address book , and C only has B in their address book.

B gets a Virus. If the malware mails A and C using B's email address the both people will reply saying B's computer infected, B finds it and fixes it, and the virus is gone.

Malware writes are sneaky. What they often do is look a B's address book, and pick a random person (I'll use C), they will then mail all of B's contacts, but with the sender address as C.
A gets an Email from C who they don't know, and has no idea it really came from B's computer, so either ignores it or tells C they have a virus.

More often than not A,. B and C do know each other, but it still does not help as while everyone is telling C they are infected B's machine is quietly sending out more emails.

Depending on how the malware is written B's machine may send 1, 10, 100, 1000 emails as C, or it may change the sender address for each email to hide its location even further.

There is very little you can do, until the person who's machine is infected realises, or it change addresses you will be blamed for something you did not do.

Changing password will not help as its not really your machine or account sending the emails.

Another version is the malware looks at the sender, and reads the email, lets say joe.bloggs at outlook.com The malware checks and registers a new email address that looks similar so lets say joe.bloggs at outlook.co.uk. Office programs often try and be nice and only show the person name (in this case "Joe Bloggs") , not the full address, and people don't notice its a different address.

It then spams people safe in the knowlege they will think its their friend and so more likely to open the email, but in reality its not.

Fightsback

Another common way is if you use the same password for different accounts and a website which has your details gets hacked then they match up your email with the password that you use for that hacked site and it's an easy in to your email account

gjchester

Fightsback wrote: »

Another common way is if you use the same password for different accounts and a website which has your details gets hacked then they match up your email with the password that you use for that hacked site and it's an easy in to your email account

Possibly but unlikely. Doing so reveals who's account was breached, and lets you change the password.

If the OP can post parts of the headers of the email (not sure if Yahoo lets you have access to them as its so long since I've used Yahoo) I'd lay even money that the sender address will not match any or the other headers, so it may say its from [EMAIL="a.b.c@yahoo.com"]a.b.c@yahoo.com[/EMAIL] but the originating host will probably not be a Yahoo server.


Let me use a real example. This arrived in my in box, actual details and the spam url itself have been removed... I do know someone called Sue S*****, and yes her email address is SueS***@yahoo.co.uk

The body of the email looks legit (apart from being spam...)

Hi



SPAM URL WAS HERE



SueS******@yahoo.co.uk
Sent from my iPhone


However when you look at the headers a different set of details are show..


Return-Path: sues*****@innoplex.org
Received: from www1488.sakura.ne.jp ([219.94.163.98]) by mx-ha.gmx.net (mxgmxus004) with ESMTPS (Nemesis) id 0Mhhjh-1Z9luU0Kvr-00Mqvz for <my address)
Received: from innoplex.org ([105.156.232.179]) (authenticated bits=0) by www1488.sakura.ne.jp (8.14.5/8.14.5) with ESMTP id t750d7I1020566 for <my address>; Wed, 5 Aug 2015 09:39:56 +0900 (JST) (envelope-from sues*****@innoplex.org)
From: "Sue S*****" <sues*****@innoplex.org>

Subject: from: Sue S*****
Message-Id: <C6CA3607-A268-4D7F-A79C-F1975AD7F1AF@innoplex.org>
Date: Wed, 5 Aug 2015 02:39:56 +0200
To: “ME”
X-Mailer: iPhone Mail (7C144)
Envelope-To:


I know its a bit hard to read but someone has created an email at innoplex.org and it trying to pass it off as Sue's normal Yahoo address. They signed it with the "right" address, but hitting reply would go to innoplex. Many email clients will only by default be friendly and only show the bit in quotes on the subject line ie "Sue S*****" and you may be fooled into thinking its your contact.

Sue will have no idea about this, its not come from her or Yahoo, and the originating site looks to be in Japan. It could be that site had an open email relay that the email was funneled through, or the spammer has an account on that system. Changing her password will be pointless, as her details were spoofed not hacked.

Cycrow

Its also not that easy to get peoples passwords by hacking a site.

most places will hash the password. The hashing processes is one day, so you cant then get the password back from the hash.

If someone hacks a site, all they will get is the password hashes, not the passwords themselves.

dictionary and brute force attacks are the only way to get the passwords from these, by these take time so most wont bother, as there are much easier ways to get peoples passwords.

of course it does depend how the sites store the passwords, as not all of them with use hashes

Fightsback

Cycrow wrote: »

Its also not that easy to get peoples passwords by hacking a site.

most places will hash the password. The hashing processes is one day, so you cant then get the password back from the hash.

If someone hacks a site, all they will get is the password hashes, not the passwords themselves.

dictionary and brute force attacks are the only way to get the passwords from these, by these take time so most wont bother, as there are much easier ways to get peoples passwords.

of course it does depend how the sites store the passwords, as not all of them with use hashes

They are very good in Russia

http://www.bbc.co.uk/news/technology-28654613

When they've been first rooted through they end up on BBoards

http://rango-hack.ru/threads/%E2%9C%94-%D0%9E%D0%B3%D1%80%D0%BE%D0%BC%D0%BD%D0%B0%D1%8F-%D1%80%D0%B0%D0%B7%D0%B4%D0%B0%D1%87%D0%B0-e-mail-6-%E2%9C%94.92132/

There's also good old website credential fakery.

grumbler

Gintotmelinda wrote: »

A friend has just told me that my e-mail is sending out messages about making money. I assume I have been hacked or it is a virus.


Can anyone help as I don't know what to do. it is a yahoo account.

Are these e-mails in the 'sent' or 'deleted' folder?
Are notifications set to be sent when logging in?

It's neither difficult nor uncommon to send e-mails from a different account and fake 'sent from' address that means that the account not necessarily was hacked.