Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Email account made insecure after clicking on malicious link


  • Please log in to reply
1 reply to this topic

#1 auklet

auklet

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:washington state and Ecuador
  • Local time:07:27 AM

Posted 10 September 2015 - 12:23 AM

My sharp wife did a mindless act after opening her web mail account by opening an email that appeared to be from her niece and clicking on a link in the text.  What she got after that was suspicious, and she went back to check things out.  There was a permutation in the supposed email address of the niece; the other clue was the strange subject, and even the text of the message was off beat.  Lots of manifestations of evil, but she allowed herself to get ahead of her ski tips.

 

Results:  the https in the address window has a red, diagonal line across it.  After she signed out of her account, I logged into her account from a different computer, and I experienced no diagonal line.  

 

In a chat with Earthlink staff where she has her email account, she was advised to do a full AV scan, and also try resetting her Chrome browser to Chrome's default configuration.  Neither of these actions eliminated the red, diagonal line over the https in the browser's address window.  In the chat with Earthlink tech support, a temporary password was issued in order to log on.  (The traditional password had worked, but it was advised to change it.) The newly issued password was used to  log on line at the Earthlink server which then an even newer, more sophisticated password was established.  

 

Her computer is a relatively new Lenovo laptop with windows 8.1. Both Windows Defender using full scan and Malwarebytes Premium came up with negative findings in a search. A call was made to the niece, a bright CPA who acknowledged her email address book had been hijacked.

 

Am I infected, or is this just a hit and run with the address book ?  What is the meaning of the red, diagonal line over the https ? ... occurring only on her Lenovo and not a different computer after logging in.  Should contacts on the address book be notified to be leery of receiving email from my wife until they get a follow up that the coast is clear once again.   Please assist in restoring the security of the email address account.  

 

 



BC AdBot (Login to Remove)

 


#2 Angoid

Angoid

  • Security Colleague
  • 302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Midlands UK
  • Local time:12:27 PM

Posted 10 September 2015 - 03:07 AM

Hi Auklet,

 

I think what I'd do under these circumstances is this:

 

1) Pop over to the Virus, Trjoan, Spyware and Malware Removal room with the affected computer, run the requested scans and post the required logs and get a check-up to make sure that nothing untoward has come on board.  Without knowing specific details (the link address, etc, but please don't post that!) we can't tell you categorically whether you are infected or not.

 

2) Using a different computer that is known to be clean, immediately change the password on that email account and any other security information connected to it as appropriate (such as any password reminder questions and answers).

 

3) If the same password is used on any other site on the Internet, immediately go over to those sites and change it.  Especially if the email address you used to register there is that one.

 

4) Don't use the affected computer for anything online outside of any fix procedure given in the malware removal room, especially don't use it for banking or shopping until you've been given the all-clear.

 

Good luck!

 

Edit: Typos and clarifications


Edited by Angoid, 10 September 2015 - 03:09 AM.

Helping a loved one through a mental health issue?  Remember ALGEE...

Assess the risk | Listen nonjudgementally | Give reassurance and info | Encourage professional help | Encourage self-help and support network




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users