Jump to content
Male HQ

Email Account Broken Into

Guest victor

By Guest victor
in Blowing Wind IT Rest Room

 Share

Recommended Posts

Guest victor

Guest victor

Posted
Posted

I received an email from a sender impersonating my sister right down to using her name and account id.

I knew it was a scam because it appealed for financial help. Knowing that I played along in replying.

This is the strange part: when I hit the reply button, the email address displayed correctly as my sister's. When I hit the sent button, in a flash I saw that the recipient or 'sent to' party changed to something else.

I looked in my Sent folder for verification. True enough it was sent to a different account id. The difference in name is too subtle that it is not easily noticeable.

My guess is that my sister's account was broken into and the person created a new account with the same email server, same user name, and id.

Can any one suggest why my reply was diverted to a different email id when I clicked the 'sent' button. Is there a bug in my email account? In spite of the change of passwords, the problem persists in that my reply is hijacked or diverted to the scammer.

Link to comment
Share on other sites
Guest victor

Guest victor

Posted
Posted

maybe the person spoofed your sister's email.

http://en.wikipedia..../Email_spoofing

anyway the general rule is to delete any suspicious email and not be mischievous by replying them.

to add on, you let them know that your account is active and is a potential target for more spam.

After reading the link, I think you are so right! Never learnt of email spoofing until now. Thanks.

Looks like my sister has to abandon her account and set up a new one.

I wonder how common is spoofing.

Link to comment
Share on other sites
Guest victor

Guest victor

Posted
Posted

Will it help if u junk them?

You would not 'junk' an email when you know the sender and its message is genuine.

what helps is to use gmail.

gmail by far is still one of the better options for free email services.

it really has good spam detecting capabilities...

Gmail is rated the best of free accounts in anti-spam.

Link to comment
Share on other sites
Guest victor

Guest victor

Posted
Posted

Desperate held needed: (I am relating afresh from my sister's perspective. Both of us know nothing about HMTL language)

My Yahoo account was broken into with stolen password by the culprit in USA. He subsequently deleted the original primary account and changed it to that of his and the answers to the two secret questions. This way he was able to track any password change. He of course will not change the password.

After discovering the break-in, I rectified the damage, i.e. replacing his primary account, re-set my own secret questions and THEN changed the password. Is that good enough? Apparently not.

I tested the account by sending out messages to various email accounts and then replying them the normal or convenient by clicking "Reply". On doing that, the sent "To" field is changed to the email address of the culprit.

What change or editing must I do the reply path to overcome the diversion of reply to the culprit.

Any assistance will be greatly appreciated. (Or any recommendation to get paid IT help? I am desperate!)

Link to comment
Share on other sites
sazanime Newbie

sazanime

Posted
Posted

Have you contacted the yahoo help? I mean rather than wait for your account to be used to send mail with malicious intent.

You should sought yahoo admin help.

http://help.yahoo.com/l/us/yahoo/helpcentral/helpcentral_contactus.html.

It is not your fault, yahoo email althought pretty robust , is a magnet for hackers to prime their skills, believe me google

is a target too, so if you do get hit with account hacked, quickly report to yahoo/google admin so they can help you recover before

it is too late. (Your email is used a spam bomber)

Link to comment
Share on other sites
Guest victor

Guest victor

Posted
Posted

“@gmail: Protect yourself against malware! Visit our Good To Know site: http://t.co/VZ40KIDL + this video: http://t.co/3kCGQlsO #CyberSecurity Tip”

Is Microsoft Security Essentials good enough? Some say Yes, some say No.

I do have Malwarebytes Anti-Malware. Will be compatible with MSE if I convert it to a paid realtime protection module?

Link to comment
Share on other sites
Guest victor

Guest victor

Posted
Posted

Have you contacted the yahoo help? I mean rather than wait for your account to be used to send mail with malicious intent.

You should sought yahoo admin help.

http://help.yahoo.co...contactus.html.

It is not your fault, yahoo email althought pretty robust , is a magnet for hackers to prime their skills, believe me google

is a target too, so if you do get hit with account hacked, quickly report to yahoo/google admin so they can help you recover before

it is too late. (Your email is used a spam bomber)

I emailed Yahoo Singapore for help without getting any reply. (my phone contact was included).

There's even a local phone contact for calling but it is not attended to.

I don't think Yahoo bothers when it is a free account.

I do think gmail is preferred.

Link to comment
Share on other sites
kaldon Newbie

kaldon

Posted
Posted (edited)

That sounds like a very basic method of email spoofing; email alias.

Basically the spoofer disguises his email address using a parameter of the email format. The parameter that they use is known as email alias/nickname. Simply put, it is a feature for emails senders to put a nickname instead of email addresses upon sending.

So for example, people which you send email to could see that the sender is "-victor-" instead of victor_surname_country@yahoo.com.sg or whatever your mail domain. An issue with email alias/nickname is that people use that to spoof email addresses. Instead of applying a name as intended, they could put email addresses as a nickname. For the casual reader, it is similar to seeing a email correspondence whose sender doesn't have an email alias (the email is displayed by default).

In this example (http://flic.kr/p/dnp4sM), I had set my email alias as admin@unknown.edu.sg while my actual sending email is (kaldon_wee@temptodelete@yahoo.com.sg). As seen from the picture, unless you actually mouse hover over the sender itself (thereby obtaining the actual email address), you could think that 'Unknown University' is sending you a message.

So for those who do not wish to read the block of words above, always mouse hover over the sender to verify the actual email address of the sender. There are lots of fraudulent emails out there and this is a security precaution to take.

p.s: do not bother sending emails to the email account in the picture. As indicated, it is a temp disposable email and directed to junk folder.

p.p.s: zzz shoulda read the entire thread. Will just leave this post for anyone who is interested.

Edited by kaldon

At the end of each person's journey lies a myriad of choices. The initial step however lies in the belief of oneself.

Link to comment
Share on other sites
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...