Help
Hi
I have a Hotmail email account. Yesterday an email was sent by my email address to what looks like my whole address list. A number of people have replied to me saying the link didn't work and one person has said that it looked as though it was trying to re-direct him to some website.
I didn't send this email, and wasn't online anywhere when it was sent. The email doesn't appear in my Sent Items.
Is this something I should worry about? I'm tempted to close this account and open another one, but this will be a lot of hassle.
Does anyone know how this has happened?
Page 1 of 1
Hijacked Email Account?
#2
Dellinsp531 
- Advanced Member
-
- Group: Members
- Posts: 408
- Joined: 21-June 11
Posted 23 December 2011 - 05:45 AM
First change your password to hotmail.
Second, scan your computer for viruses. It might be that your computer is infected with a virus that
is sending out emails.
If there are not virus, than it might be that your account was faked on the email. Ask your friends to forward
the email with full header and see if the IP in the email is your IP address.
If it is your IP address, that there has to be a virus on your computer. How do you check your email?
Do you use the browerser or mail program like Windows Mail?
If it is not your IP address, that it seems your account is hacked. Changing the password should help.
Contact hotmail and let them know so that they can investigate.
Second, scan your computer for viruses. It might be that your computer is infected with a virus that
is sending out emails.
If there are not virus, than it might be that your account was faked on the email. Ask your friends to forward
the email with full header and see if the IP in the email is your IP address.
If it is your IP address, that there has to be a virus on your computer. How do you check your email?
Do you use the browerser or mail program like Windows Mail?
If it is not your IP address, that it seems your account is hacked. Changing the password should help.
Contact hotmail and let them know so that they can investigate.
Windows 8 is a useless OS that Microsoft released that has many flaws and bugs. DO NOT USE IT. Use Windows XP or Windows 7.
Downgrading from Windows 8 to 7: What you need to know
Here are laptops that I currently own:
xotic sager np6165
xotic sager np6175
xotic sager np9130
Asus ROG G75VW-RS72 17.3
Other laptops that I had in the past:
(Why were my sign removed? Please let me know.)
Downgrading from Windows 8 to 7: What you need to know
Here are laptops that I currently own:
xotic sager np6165
xotic sager np6175
xotic sager np9130
Asus ROG G75VW-RS72 17.3
Other laptops that I had in the past:
Spoiler
(Why were my sign removed? Please let me know.)
#3
coastie65
- Moderator
-
- Group: Moderators
- Posts: 19,699
- Joined: 02-April 07
- Location:Henrico, Va.
Posted 23 December 2011 - 08:06 AM
I went through this a few months back ( MSN LIve Mail ). Change your password and make make sure you use the password to get into your email account ( or homepage ). If you have it to just click to access, you are leaving yourself open to this.
Coolermaster HAF 912 Case....ASUS P8Z68-VPro MOBO.....Intel Core i7 2600k Sandy Bridge ( 4.4 Ghz ).... Gelid Tranquillo cooler.... Samsung 830 256 GB SSD.... Primary HDD- WD 1TB Caviar Black SATA III /6.0 .... SECONDARY HDD - WD 1TB Caviar Black SATA II / 3.0....8Gb GSkill Ripjaws Series X 1600 Mhz Memory....Corsair AX850w PSU....EVGA GTX 680 Super Clocked Signature 2 Gb GDDR5 Video Card....Samsung CD/DVD RW, DL, DVD-Ram, w/ Lightscribe Optical Drive....Samsung SyncMaster 2243BWX 22" Monitor..... Windows 7 Home Premium 64 Bit OS
http://novabench.com/image/266589.png
______________________________________________________________
Gateway FX6800-01e----Intel Core i7 960 ( 3.2 GHz)---- Seagate Barracuda 750 Gb SATA II / 3.0 Hdd---- 6 Gb Crucial 1066 Mhz memory, running in Tri Channel conf-----Corsair TX650w PSU----- EVGA Nvidia GTX 560Ti 1gb GDDR5 Vram ----DVD +/- RW / CD ,RAM/DL Optical drive w/ Label Flash-----Gateway TBGM-01 Motherboard.... Vista Home Premium 64 bit OS w/ SP2; Samsung Synch Master 2243BWX 22" Monitor.
http://novabench.com/image/266589.png
______________________________________________________________
Gateway FX6800-01e----Intel Core i7 960 ( 3.2 GHz)---- Seagate Barracuda 750 Gb SATA II / 3.0 Hdd---- 6 Gb Crucial 1066 Mhz memory, running in Tri Channel conf-----Corsair TX650w PSU----- EVGA Nvidia GTX 560Ti 1gb GDDR5 Vram ----DVD +/- RW / CD ,RAM/DL Optical drive w/ Label Flash-----Gateway TBGM-01 Motherboard.... Vista Home Premium 64 bit OS w/ SP2; Samsung Synch Master 2243BWX 22" Monitor.
#4
Evildave
- Expert
-
- Group: Members
- Posts: 4,287
- Joined: 24-January 08
Posted 23 December 2011 - 11:53 AM
And of course, once they HAVE that email address and list of contacts, even if you change your email address, this might not be the last fake email from 'you' that your friends & family get.
Because they can forge your 'from' address pretty readily.
They can get this information by compromising ANY address book, be it on your local computer, or your web mail, or some form of social networking.
They can even get it because you send out crap to 'everyone' in your address book, with long 'to' and 'cc' lists, making the mailing list public to all. You never know how often that 'neat thing' you wanted to share will be forwarded again (and again, and again), or where it will end up. Don't forward chain letters or cute crap to 'everyone', because these tend to grow an ever expanding list of email addresses associated with senders, ripe for harvest.
Any server that such an email passes through on its way to your recipients can harvest that information on the way through it, too.
See if one of your more technically savvy 'recipients' can forward the email header back to you. All we're really interested in is the list of IP addresses from where the email came from, not the email addresses. The mail may not have even been sent from Hotmail at all. Forged.
If the address is forged, or the mail doesn't stop, you may have to make a new email address. It sucks, but most web servers have a way to export/import your contacts, even for different email services, so it should be relatively painless to make a new account, import your old contacts, and send out a few emails telling your friends/family/etc. that you changed your email. Many email services (like gmail) will also collect email from other accounts on the back end, to deliver them to you, so any stragglers using the old address will still get through.
Oh, and DO NOT EVER use the windoze built in address book. This thing is ALWAYS compromised by every kind of malware, because there is a standard API to access it. If you do use it, export it. Most OTHER email clients and webmail clients will import that content seamlessly. Then when that is accomplished, delete everything in it. Or better, delete the actual files that it uses for its storage.
Also, NEVER, EVER use the same password for email (or your bank, for that matter) as you do on secondary crap, like forums. One compromised password becomes ALL OF THEM compromised. Not all forums are safe from being harvested for passwords, and many don't require an HTTPS connection to send them, so you're sending credentials in the clear. I'm only askin' you to remember three different passwords (forumz & crap, EMAIL, BANK). LONG passwords composed of normally spelled words, making lyrics or phrases (you know, that you can REMEMBER) are actually better and more secure than shorter 'L337' passwords. A haiku/limerick. A verse from a song. A quote.
Because they can forge your 'from' address pretty readily.
They can get this information by compromising ANY address book, be it on your local computer, or your web mail, or some form of social networking.
They can even get it because you send out crap to 'everyone' in your address book, with long 'to' and 'cc' lists, making the mailing list public to all. You never know how often that 'neat thing' you wanted to share will be forwarded again (and again, and again), or where it will end up. Don't forward chain letters or cute crap to 'everyone', because these tend to grow an ever expanding list of email addresses associated with senders, ripe for harvest.
Any server that such an email passes through on its way to your recipients can harvest that information on the way through it, too.
See if one of your more technically savvy 'recipients' can forward the email header back to you. All we're really interested in is the list of IP addresses from where the email came from, not the email addresses. The mail may not have even been sent from Hotmail at all. Forged.
If the address is forged, or the mail doesn't stop, you may have to make a new email address. It sucks, but most web servers have a way to export/import your contacts, even for different email services, so it should be relatively painless to make a new account, import your old contacts, and send out a few emails telling your friends/family/etc. that you changed your email. Many email services (like gmail) will also collect email from other accounts on the back end, to deliver them to you, so any stragglers using the old address will still get through.
Oh, and DO NOT EVER use the windoze built in address book. This thing is ALWAYS compromised by every kind of malware, because there is a standard API to access it. If you do use it, export it. Most OTHER email clients and webmail clients will import that content seamlessly. Then when that is accomplished, delete everything in it. Or better, delete the actual files that it uses for its storage.
Also, NEVER, EVER use the same password for email (or your bank, for that matter) as you do on secondary crap, like forums. One compromised password becomes ALL OF THEM compromised. Not all forums are safe from being harvested for passwords, and many don't require an HTTPS connection to send them, so you're sending credentials in the clear. I'm only askin' you to remember three different passwords (forumz & crap, EMAIL, BANK). LONG passwords composed of normally spelled words, making lyrics or phrases (you know, that you can REMEMBER) are actually better and more secure than shorter 'L337' passwords. A haiku/limerick. A verse from a song. A quote.
#5
A41202813
- Expert
-
- Group: Members
- Posts: 1,085
- Joined: 03-February 07
- Location:LISBOA, PORTUGAL
Posted 23 December 2011 - 01:56 PM
@Gwd440
I Am A GMAIL User.
Every Week I Receive Some Messages Supposedly Sent By Me To Me.
If I Was The One Sending Messages To Myself, I Could Of Been Doing It From:
A - My Email Client OUTLOOK - Would Those Messages Not Be In The OUTLOOK Or GMAIL Sent Folders ?
B - My GMAIL Address - Would Those Messages Not Be In The GMAIL Sent Folder, As Well ?
Anyway, GMAIL Has A Feature That Lets You Know, And Deactivate, In The Past 72 Hours, What IP Addresses Were Using Your Account And Which Country Those IP Addresses Belong To.
In Case Some Other Country And / Or IP Address Were Using Your GMAIL Account, You Could Do These Steps:
C - Change Your Password In GMAIL, And,
D - Request The Deactivation Of All GMAIL Sessions ( The One You Are Using Is Never Included ).
I Am A GMAIL User.
Every Week I Receive Some Messages Supposedly Sent By Me To Me.
If I Was The One Sending Messages To Myself, I Could Of Been Doing It From:
A - My Email Client OUTLOOK - Would Those Messages Not Be In The OUTLOOK Or GMAIL Sent Folders ?
B - My GMAIL Address - Would Those Messages Not Be In The GMAIL Sent Folder, As Well ?
Anyway, GMAIL Has A Feature That Lets You Know, And Deactivate, In The Past 72 Hours, What IP Addresses Were Using Your Account And Which Country Those IP Addresses Belong To.
In Case Some Other Country And / Or IP Address Were Using Your GMAIL Account, You Could Do These Steps:
C - Change Your Password In GMAIL, And,
D - Request The Deactivation Of All GMAIL Sessions ( The One You Are Using Is Never Included ).
#6
coastie65
- Moderator
-
- Group: Moderators
- Posts: 19,699
- Joined: 02-April 07
- Location:Henrico, Va.
Posted 23 December 2011 - 02:34 PM
Evildave, on 23 December 2011 - 11:53 AM, said:
And of course, once they HAVE that email address and list of contacts, even if you change your email address, this might not be the last fake email from 'you' that your friends & family get.
Because they can forge your 'from' address pretty readily.
They can get this information by compromising ANY address book, be it on your local computer, or your web mail, or some form of social networking.
They can even get it because you send out crap to 'everyone' in your address book, with long 'to' and 'cc' lists, making the mailing list public to all. You never know how often that 'neat thing' you wanted to share will be forwarded again (and again, and again), or where it will end up. Don't forward chain letters or cute crap to 'everyone', because these tend to grow an ever expanding list of email addresses associated with senders, ripe for harvest.
Any server that such an email passes through on its way to your recipients can harvest that information on the way through it, too.
See if one of your more technically savvy 'recipients' can forward the email header back to you. All we're really interested in is the list of IP addresses from where the email came from, not the email addresses. The mail may not have even been sent from Hotmail at all. Forged.
If the address is forged, or the mail doesn't stop, you may have to make a new email address. It sucks, but most web servers have a way to export/import your contacts, even for different email services, so it should be relatively painless to make a new account, import your old contacts, and send out a few emails telling your friends/family/etc. that you changed your email. Many email services (like gmail) will also collect email from other accounts on the back end, to deliver them to you, so any stragglers using the old address will still get through.
Oh, and DO NOT EVER use the windoze built in address book. This thing is ALWAYS compromised by every kind of malware, because there is a standard API to access it. If you do use it, export it. Most OTHER email clients and webmail clients will import that content seamlessly. Then when that is accomplished, delete everything in it. Or better, delete the actual files that it uses for its storage.
Also, NEVER, EVER use the same password for email (or your bank, for that matter) as you do on secondary crap, like forums. One compromised password becomes ALL OF THEM compromised. Not all forums are safe from being harvested for passwords, and many don't require an HTTPS connection to send them, so you're sending credentials in the clear. I'm only askin' you to remember three different passwords (forumz & crap, EMAIL, BANK). LONG passwords composed of normally spelled words, making lyrics or phrases (you know, that you can REMEMBER) are actually better and more secure than shorter 'L337' passwords. A haiku/limerick. A verse from a song. A quote.
Because they can forge your 'from' address pretty readily.
They can get this information by compromising ANY address book, be it on your local computer, or your web mail, or some form of social networking.
They can even get it because you send out crap to 'everyone' in your address book, with long 'to' and 'cc' lists, making the mailing list public to all. You never know how often that 'neat thing' you wanted to share will be forwarded again (and again, and again), or where it will end up. Don't forward chain letters or cute crap to 'everyone', because these tend to grow an ever expanding list of email addresses associated with senders, ripe for harvest.
Any server that such an email passes through on its way to your recipients can harvest that information on the way through it, too.
See if one of your more technically savvy 'recipients' can forward the email header back to you. All we're really interested in is the list of IP addresses from where the email came from, not the email addresses. The mail may not have even been sent from Hotmail at all. Forged.
If the address is forged, or the mail doesn't stop, you may have to make a new email address. It sucks, but most web servers have a way to export/import your contacts, even for different email services, so it should be relatively painless to make a new account, import your old contacts, and send out a few emails telling your friends/family/etc. that you changed your email. Many email services (like gmail) will also collect email from other accounts on the back end, to deliver them to you, so any stragglers using the old address will still get through.
Oh, and DO NOT EVER use the windoze built in address book. This thing is ALWAYS compromised by every kind of malware, because there is a standard API to access it. If you do use it, export it. Most OTHER email clients and webmail clients will import that content seamlessly. Then when that is accomplished, delete everything in it. Or better, delete the actual files that it uses for its storage.
Also, NEVER, EVER use the same password for email (or your bank, for that matter) as you do on secondary crap, like forums. One compromised password becomes ALL OF THEM compromised. Not all forums are safe from being harvested for passwords, and many don't require an HTTPS connection to send them, so you're sending credentials in the clear. I'm only askin' you to remember three different passwords (forumz & crap, EMAIL, BANK). LONG passwords composed of normally spelled words, making lyrics or phrases (you know, that you can REMEMBER) are actually better and more secure than shorter 'L337' passwords. A haiku/limerick. A verse from a song. A quote.
It isn't just Windows Live mail. I have seen this with Yahoo as well as I was getting them from friends with Yahoo that had been hacked. I don't keep bank records on anything that has an internet connection period as I don't do online banking, with the exception of making a credit card payment at times in between the statements.
Coolermaster HAF 912 Case....ASUS P8Z68-VPro MOBO.....Intel Core i7 2600k Sandy Bridge ( 4.4 Ghz ).... Gelid Tranquillo cooler.... Samsung 830 256 GB SSD.... Primary HDD- WD 1TB Caviar Black SATA III /6.0 .... SECONDARY HDD - WD 1TB Caviar Black SATA II / 3.0....8Gb GSkill Ripjaws Series X 1600 Mhz Memory....Corsair AX850w PSU....EVGA GTX 680 Super Clocked Signature 2 Gb GDDR5 Video Card....Samsung CD/DVD RW, DL, DVD-Ram, w/ Lightscribe Optical Drive....Samsung SyncMaster 2243BWX 22" Monitor..... Windows 7 Home Premium 64 Bit OS
http://novabench.com/image/266589.png
______________________________________________________________
Gateway FX6800-01e----Intel Core i7 960 ( 3.2 GHz)---- Seagate Barracuda 750 Gb SATA II / 3.0 Hdd---- 6 Gb Crucial 1066 Mhz memory, running in Tri Channel conf-----Corsair TX650w PSU----- EVGA Nvidia GTX 560Ti 1gb GDDR5 Vram ----DVD +/- RW / CD ,RAM/DL Optical drive w/ Label Flash-----Gateway TBGM-01 Motherboard.... Vista Home Premium 64 bit OS w/ SP2; Samsung Synch Master 2243BWX 22" Monitor.
http://novabench.com/image/266589.png
______________________________________________________________
Gateway FX6800-01e----Intel Core i7 960 ( 3.2 GHz)---- Seagate Barracuda 750 Gb SATA II / 3.0 Hdd---- 6 Gb Crucial 1066 Mhz memory, running in Tri Channel conf-----Corsair TX650w PSU----- EVGA Nvidia GTX 560Ti 1gb GDDR5 Vram ----DVD +/- RW / CD ,RAM/DL Optical drive w/ Label Flash-----Gateway TBGM-01 Motherboard.... Vista Home Premium 64 bit OS w/ SP2; Samsung Synch Master 2243BWX 22" Monitor.
#7
Evildave
- Expert
-
- Group: Members
- Posts: 4,287
- Joined: 24-January 08
Posted 26 December 2011 - 04:52 PM
I didn't say it was 'just' Windoze live mail.
But that 'standard' address book in windoze, with its standard API is a sweet crop that malware routinely harvests.
The same could be said of the 'standard' address book on any other OS, even tablets, phones, etc., if there were literally MILLIONS of kinds of malware for any other OS besides windoze.
But that 'standard' address book in windoze, with its standard API is a sweet crop that malware routinely harvests.
The same could be said of the 'standard' address book on any other OS, even tablets, phones, etc., if there were literally MILLIONS of kinds of malware for any other OS besides windoze.
Share this topic:
Page 1 of 1