My email's been hacked....

[andyf]

Yahoo emailed me today saying there had been a suspicious log-in on one of the email accounts I have with them. Looking at my log-in history, they're right - I don't recall making a return flight to  Mexico this morning. Seems they grabbed my contact list, but there's only one address in it, being that of an account I have at Hotmail (or Outlook, as it now calls itself).

Sure enough, on looking at the Hotmail account, I found a message in the spam file purporting to come from me at Yahoo, inviting me at Hotmail to click on an evil looking link.

Anyhow, I've changed the password on the Yahoo account, and on the Hotmail one too, just in case.

Yahoo Mail seems to be particularly vulnerable to this sort of thing; I'm a mod on a large Yahoo Group, where we see one of these spoof messages nearly every week. Usually, it purports to come from a member with a Yahoo address, or from an ISP which farms its email out to Yahoo.

I suppose the moral is to keep as few addresses as possible in your contacts, and don't list any forums or groups because that might result in a mass dissemination of spam which seems to come from you.

Andy

[clivel]

I would dearly love to see people boycott Yahoo until they either change their attitude to fraud or are driven to the wall and closed down.

About a year back I started receiving a large number of the "Nigerian Scam" emails. The kind where the writer has $16Million trapped in a bank account and they have picked you out of all the people in the world to help them "liberate" the money for a hefty percentage of course. And as far fetched as these stories are, enough people do get actually get caught to make it profitable enough for the thieves to continue running these scams.

As a result, instead of just filtering and deleting these emails I thought that I would at least try and do my bit to put the thieves out of business by forwarding the emails to the abuse department of the various email service providers.
For the first few months most of the free email providers were evenly represented, hotmail, gmail, aol, live, yahoo, etc. on forwarding the emails to the abuse department I would receive an automated reply saying that they would look into the matter and take any necessary action. Invariably a test email the following day to the relevant email address would be returned "address unknown" confirming that the email account was closed.

The only odd one out is Yahoo. Instead of taking action Yahoo sends an automated email response directing one to a web page which explains how a Yahoo account holder can report received spam. There appears to be no mechanism for non-Yahoo account holders to be able to report emails received from a Yahoo account   So it doesn't really surprise me that Yahoo is particularly vulnerable to that sort of thing, they really don't seem to take user security too seriously.

I still get a few fraudulent emails on a daily basis, but now 100% of these emails have a Yahoo return address because Yahoo is the only email provider that condones fraud. Boycott Yahoo!   

[Divided he ad]

Not been done myself... But received 5 or so over the last month.


They're pretty easy to spot. Usually not much text involved.

Most people put a little conversation in don't they?

I will take note of where they come from next time.... See if it's all yahoo   




These kinds of people are really annoying..... Surely they don't trap that many people?

If my outlook gets hacked.... Quite a few people are gonna be cursing me 






Ralph. 

[clivel]

I will take note of where they come from next time.... See if it's all yahoo   

Actually I should have mentioned that it is not actually where the email purportedly comes from, the from email address is nearly always faked.
It is the reply-to address that is the important one. If you hit reply on one of the emails (without actually sending it), you will see that it is to a different address.

[andyf]

Below is a copy of the one that arrived in my Hotmail inbox below. Hitting the Reply button set up a reply correctly addressed to my hacked Yahoo account, but this spammer is trying to get me to click on the dangerous link, not to reply to him saying I'll help to get the late President's ill-gotten gains out of Ruritania.

My email addresses have been partially asterisked for security reasons. Same with the link, in case anyone clicks on it, though I'm sure no-one here would be daft enough to try that.

Andy



> Date: Fri, 26 Apr 2013 14:45:53 +0100
> From: andy******@yahoo.co.uk
> Subject: RE(8): Andy Franks
> To: andy******@hotmail.co.uk
>
> referral link http://tonerkozpont.com/************wp-content/themes/weaver/ekopun.php
>
> /////////////////////
> From: andrew franks 4/26/2013 2:45:43 PM>

[John Rudd]

I'm really fe**ng annoyed...I'm with BT and they have BTYahoo email.....and have suffered the same fate with email spamming a number of the forums I'm a member of including the 7*12...

And to add insult to injury, I had an email from Warren Buckley of BT fame telling me to use my email account at least once in 150 days or else they will close it........Boy am I angry......grrrr...

I'm close to clsong my account with BT and telling them to fe***ng shove it I'll go with another isp that has better security....I'm sick of all the spam emails I get too.......

This has me really riled...

Sorry for the expletives I dont normally swear on a public forum

[Bluechip]

John
 
I find that rather strange ??? I'm now with PlusNet, which is part of BT and I get none at all now ... not a sausage ...
 
I used to get them  regularly with Talktalk, usually bank detail phishing from banks I have no dealings with , so they were very easy to spot .
 
That is on the odd occasions when Talktalk actually worked ... 
 
Dave BC

[Stilldrillin]

Andy, John.
I recently received emails "from you", via Mini lathe Forum........

The usual thing. "Mum makes a fortune per hour"..... I deleted, without opening.

David D

[Fergus OMore]

I was 'hacked' about 6 weeks ago.

There was a common denominator or two.

One was picked up by a forum member here whom I had helped earlier. The other bit was that I am a member of the same Mini Lathe site( or was after this)
Now Yahoo or should I say BT is trying the same game about the 160 day thing.

An odd thought. It takes 10 years for a firm to obtain worthwhile goodwill-- and ten minutes to lose it. BT is no longer a monopoly.

My regards to you all

[andyf]

Andy, John.
I recently received emails "from you", via Mini lathe Forum........

David D

Hi David,

I got one purporting to be from John, because I get posts to the 7x12 Minilathe group relayed to my Hotmail address. On seeing it, I went to that group (I'm one of its moderators), and deleted the original pretty soon after it arrived, but for members like me who get posts copied to them by email that was shutting the stable door after the horse had bolted. I also emailed John to tell him that his address had been hijacked and advising a change of password and a scan for malware.

Did you also get a message pretending to be from me? That would be odd; I know my Yahoo contact list was hijacked by some Mexican, but the only address in it was my Hotmail address, so I wouldn't have expected anyone else to hear from "me".

Andyn

[vtsteam]

As a result, instead of just filtering and deleting these emails I thought that I would at least try and do my bit to put the thieves out of business by forwarding the emails to the abuse department of the various email service providers.

The only odd one out is Yahoo. Instead of taking action Yahoo sends an automated email response directing one to a web page which explains how a Yahoo account holder can report received spam. There appears to be no mechanism for non-Yahoo account holders to be able to report emails received from a Yahoo account  

I still get a few fraudulent emails on a daily basis, but now 100% of these emails have a Yahoo return address because Yahoo is the only email provider that condones fraud. Boycott Yahoo!   

Instead of sending the offending emails to the respective abuse departments you might try simply sending it to Spamcop -- who will analyze the email, extract the true sender address(es) (often obfuscated) and report to the correct source server's abuse adress, as well as add the spam message and true sender to public spam lists so the message can be filtered by email servers and stopped.

Spamcop:

http://www.spamcop.net/

[Stilldrillin]

Andy.
Both "yours and johns", were twins, in sequence in my inbox.

Unfortunately, I deleted forever, without opening........

I'm with gmail. And I understand nothing of the mechanism, behind the inbox screen.

David D

[clivel]

Instead of sending the offending emails to the respective abuse departments you might try simply sending it to Spamcop -- who will analyze the email, extract the true sender address(es) (often obfuscated) and report to the correct source server's abuse adress, as well as add the spam message and true sender to public spam lists so the message can be filtered by email servers and stopped.

Spamcop:

http://www.spamcop.net/

Hi vtsteam,
Thanks, I do forward all spam to both spamcop as well as http://www.knujon.com and highly recommend both services. They work by contacting the source server and more importantly also advise what ever company is hosting the "spamvertised" web sites in the hope of getting the web sites shut down.

Unfortunately however they are not really effective when it comes to the Nigerian Scam as these emails are sent with a forged "from" address and from places like internet cafes which have no actual connection to the sender. The only valid information is the reply address for the intended victim to reply to. Neither spamcop nor knujon parse the "reply to" address which is why I forward the emails to the abuse department of that particular company instead. From my experience so far, other than Yahoo, the companies do shut these "reply to" addresses down.
Clive

[vtsteam]

Ah, sounds even better!