Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

email spoofed or hijacked need help


  • Please log in to reply
13 replies to this topic

#1 90lxcp

90lxcp

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 31 October 2016 - 12:12 PM

Hello,

 

I think this is the right forum for this problem.  My email on one account has been spoofed and maybe hijacked.  I got an email from myself and one from a contact in my address book who had died recently.  Most unsettling.  A friend of mine got one also that came with a message and a link to go to which had found it's way into his spam folder.  He did a capture of the content and sent it along to me.  What can I do about this?  I don't want to lose the email address since I have it on business cards and use it extensively.  Any advice would be most appreciated.


Edited by hamluis, 31 October 2016 - 01:25 PM.
Moved from Web Browsing/Email to Gen Security - Hamluis.


BC AdBot (Login to Remove)

 


#2 JohnnyJammer

JohnnyJammer

  • Members
  • 1,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:08:59 AM

Posted 31 October 2016 - 05:50 PM

Check the email headers but spoofing a email using SMTP can be done using Dos prompt and is incredibly easy but check the email headers and check for the originating IP the mail was sent from.



#3 90lxcp

90lxcp
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 01 November 2016 - 11:55 AM

And then what?



#4 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 7,219 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:10:59 PM

Posted 03 November 2016 - 06:32 PM

First change your password on the hacked email account, preferably to a strong new one.

 

Second, if you happen to use your email account password on any other accounts, especially things like on-line banking, change them as well, ASAP. And, for the future, don't use your email account password for anything else.

 

Third, just in case you have been left any 'little presents', run an A/V scan and a malware scan. Should either of these show problems that they do not solve, or you cannot solve, start a topic in the 'Am I infected? section of BC.

 

Chris Cosgrove



#5 90lxcp

90lxcp
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 03 November 2016 - 11:03 PM

Good advice thanks.



#6 HolyCowz

HolyCowz

  • Members
  • 168 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GMT
  • Local time:11:59 PM

Posted 10 November 2016 - 04:43 AM

One thing many over look if your E-mail has been compromised is to check that the attacker isn't forwarding mail from your account to his.



#7 90lxcp

90lxcp
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 10 November 2016 - 12:30 PM

How do I check that?  I had noticed that a lot of mail I thought I should be getting was no longer arriving.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:59 PM

Posted 10 November 2016 - 09:28 PM

Here is some information and helpful links to learn about email scams and how to protect yourself.

Email & Attachments: Resources for How to Protect Yourself:


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 HolyCowz

HolyCowz

  • Members
  • 168 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GMT
  • Local time:11:59 PM

Posted 11 November 2016 - 04:16 AM

Depends what e-mail you are using 90lxcp just google automatic email forwarding and the name of your email provider.



#10 RolandJS

RolandJS

  • Members
  • 4,552 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:04:59 PM

Posted 11 November 2016 - 05:29 AM

"...I don't want to lose the email address since I have it on business cards and use it extensively..."  Looks like a work laptop, does your company have an IT person on-board that might be able to help you with this?  Ignore this if you're self-employed, because then, you are the IT person.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#11 90lxcp

90lxcp
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 11 November 2016 - 11:38 AM

I checked and saw that email forwarding is not enabled.  But because it is just a toggle, it's possible that it was enabled and then disabled without my knowing it.  It would seem that someone unsubscribed from a lot of sites I had subscribed to since the mail I was getting from those sites has stopped.



#12 HolyCowz

HolyCowz

  • Members
  • 168 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GMT
  • Local time:11:59 PM

Posted 11 November 2016 - 01:36 PM

Normally when its on automatically forwarding there will be an address entered that all your mail gets forwarded to it's an old trick so if the attacker gets locked out he/she/they still get the targets mail.



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:59 PM

Posted 11 November 2016 - 04:02 PM

You can always resubscribe but any site that required a password should be changed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 RolandJS

RolandJS

  • Members
  • 4,552 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:04:59 PM

Posted 11 November 2016 - 10:50 PM

[moot]


Edited by RolandJS, 11 November 2016 - 10:51 PM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users