Virgin Media Email Issues - spoofing, hacking, spam

[Deleted User]

Hi all
Since Virgin moved its email platform many account holders started to receive hundreds of undelivered email messages.

When we looked at them they had been sent purporting to be from us to people who were on our very old emails, including cc's. For example, I received an email from an organisation and they cc'd in about 20 other people, whom I did not know. All of these people appeared to receive emails from me. Not all emails were undelivered and I had emails back asking what was happening. They were spoof emails and my old email account had been hacked.

This happened just at the time Virgin moved its email platform and since then I have found many other people having the same problem. Virgin has not been of any help and says there was no data breach. We have submitted complaints to the Chief Executive, Information Commissioner and posted endlessly on the Virgin Community forums - all to no avail.

Loads of customers have also noticed genuine emails are not being delivered to their address but masses of spam gets through.

A lot of businesses are now complaining that emails they are sending legitimately to Virgin emails - i.e. Ntlworld, Blueyonder are not being delivered.

I have set up a group on fb for those of us who were spoofed.

I cannot recall signing a contract with Virgin for emails but it was around 20 years ago now so I may have forgotten.

Virgin are continuing to migrate emails in batches and it seems it then starts happening to those customers as well.

Has anyone any advice or suggestion about what we can do to raise the profile of this and get some action?

Many thanks
Kate

richards123

Hi, I too am affected by this, it started in October and I have had hundreds of emails sent out under my name but not from my actual account, I think this is known as spoofing.

I have spoken with Virgin Media representatives on the telephone and they have told me to run a virus check and change my password on my email account, I have done all this but still loads of emails are being sent to people in my name. The strange thing is, it seems alot of these mails are going to people in my contact list.

What is the facebook account set up? if you can't post a link here maybe the name of the page would be ok? Is there anywhere else where this issue has been highlighted? I wonder how many users have been affected by all this.

richards123

I think I've just found the facebook page you've mentioned, is this the one?

Virgin Media Email Problems - Spoofing, Hacked, Data Breach

kathymarie

Hi Katebey,
The same thing you describe has been happening to my email account for a long time, - (I have an old NTLworld email address with Virgin Media, they wanted me to change it but I refused). I have looked on Facebook, and on internet blogs and lots of people, and small businesses have been affected but nothing seems to to being done by Virgin Media!!! Has anyone managed to get this problem fixed? Please Martin could you and your team investigate this further? Please could you get Virgin Media to fix this problem, Many thanks in advance

Nilrem

Not much can be done by VM.

The usual cause of a spoofed email is that some company you've dealt with, or a friend has either been hacked or got an infected PC and it's using the contact list to send the emails.

As the emails don't ever pass through VM's servers (you can spoof "Bill.gates@...." and send it from an email server that might belong to steve.jobs@....") there isn't anything anyone can do to stop it on a case by case basis.

I've received spam from myself to various email addresses I use, because someone I knew was infected and their machine was sending out the emails with the spoofed headers.

It's an incredibly old method that viruses used to use because you were more likely to open an infected email from someone who you'd sent an email to before, and now spammers do it for much the same reason.

Unfortunately Email was never built with real security in mind (it has no way to force checks that the name in the header is the same as the actual sender*), in an ideal world spoofed email headers would not be possible (as it is you can set a spoofed header on your emails with about 5-10 minutes of research).

So what email providers do to try and stop such emails is look for patterns in incoming email so if bill.gates is apparently sending out hundreds of emails to a domain it flags up and the software will likely try and block it (which again is part of the reason the spammers use email lists from hacks at companies and infected machines so they have a long list of email addresses to spoof).

The chances are Your email isn't the one that's been hacked.
This usually happens as I say because either a friend has been infected, or more likely in this day and age because a company you've used has had their email list leaked/hacked - I know that's exactly what has happened to me in the past because I use customised emails for signing up for certain things so when I see an email from "nilremsonypsx" I know that it's because of the sonyPSX network hack, or if it's a nilremMSgames it'll be because of a problem with the xbox service.


*The closest thing to that is the the (later) addition of authentication for email servers sending the email that the sender was authorised on that server - but you can send an email with a return address of "@ntlworld.com" from a gmail server, your new ISP's server, your mobile phone companie's email server or even your own server on your home connection (the authentication only checks that the machine is authorised to send email, not that it's using legitimate email addresses for the header/return). So if I ran an email servers, say "nilremsemails.com" I could set an authentication that would check I had an account with "nilremsemails" and was allowed to send through it, but it wouldn't check that I was actually allowed to send as "billy.gates" or "kateyb" for the header/return address.