Fifty Plus (50+) - OT: Hijacked Email

Has anyone here ever had their email account hijacked?

I had problems a few days ago when my email account started asking me for my username/password and it told me it was invalid. I went online, talked to a service rep and we were able to reset it. It worked for one day then started the username/password problem again. It was about this time I noticed I wasn't getting any email and friends were sending me email at work saying their email to me was being rejected.

Again I went online to obtain help with the problem. This was the most frustrating experience I've had in a long time. One suggested I wasn't getting email because I didn't have the "save copy in sent box" marked as an option in my system. I told them I had this option checked and thought the option probably had as much to do with my problem as the price of eggs in China. He finally provided me with a ticket number and phone number to call technical support.

This morning the local tech support was able to determine my email account had been hijacked and was being used to send spam to others. My ISP had quarantined my account for spamming. He was able to reset everything and I'm finally receiving email again. Passwords have been changed, I downloaded updates for my virus software and I'm currently running system scans. I certainly hope the bums enjoyed the good jokes my friends might have sent during this period:)

Every now and then I get a "bounced" e-mail notification of an e-mail that I didn't send. I guess some program has "hacked" my e-mail account and is using it for spamming. I don't know what to do about it, though.

I had forgotten about it until now, but, yes, that happened to me a few years ago. It didn't get far enough for my ISP to quarantine my account, but it certainly felt like I'd been molested. Same thing though...they reset some stuff, a new password and I was back in service.

Have been notified a couple of times recently by the Mailer Daemon that "my" email was unable to be delivered. Not mine, but my address.
Last year had some kind of malware that caused my PC to act as a spam server of some sort. Comcast notified me that they were blocking an outbound port to prevent the large amount of mail from leaving my PC. But, it still caused my web-browsing to be slow like molasses. Couldn't get rid of the malware with antivirus or antispyware. Finally got rid of it by reinstalling XP. Damn hackers.

Yes. About 10 years or so ago, my AOL account got hijacked. I thought something was going on and contacted AOL, but they did nothing. Then a few months later, AOL suspended my account because "I" was pirating software. So I called them up, said I warned you about this. And then said goodbye and signed up with a real ISP.

AOL is so lame...

Yeah, that's why I use a "throw-away" email address for the general public. My whole family uses one of the "free" (e.g. Yahoo, hotmail, etc) mail accounts to isolate and protect our ISP account. Almost *nobody* gets our "real" address.

This means certain "exclusive" forums won't accept my registration, but it's a small loss (to me) compared to the hassle of straightening out a hacked ISP email address.

I purchased my own domain so I would not have my email tied to a specific ISP.
The best thing to do is run a good anti-virus. I have used AVG and Norton Corporate with success. Use Firefox for a browser and Thunderbird for email. DO NOT download those spyware and adware ridden toolbars from anyone. There are a number of helper applications available from Mozilla.org for Firefox and Thunderbird. Those open source software applications get a fairly close scrutiny from fellow developers. ALWAYS use a router between your computer and the modem if you are using broadband. Hackers can compromise your computer in a few minutes, far faster than you can download or install protection software. Use a spyware protection program. You can find them below:

Some good software:
http://www.mozilla.com/
https://addons.mozilla.org/en-US/firefox/
http://noscript.net/
http://www.lavasoftusa.com/
http://www.grisoft.com/us/us_index.php
http://www.ccleaner.com/

Good utilities:
http://wordweb.info/free/
http://www.irfanview.com/

Domains:
https://www.godaddy.com/gdshop/default.asp

tpelle and JanMM: Your issue sounds like spoofing rather than having been hacked. Spammers put anything they darned well please in the "from" and "reply-to" of their emails. Usually, they just use an address they've also sent mail to. It means nothing as far as the security of your own account.

I could put potus@whitehouse.gov in my from or reply-to, it doesn't mean I've hacked W's account. If I then send to a bad address, W gets the bounce message, not me.

Bev: I'm sure your ISP gave you the "use strong passwords" speech. If not, here it is: Use strong passwords. A strong password is a combination of uppercase, lowercase, numbers and punctuation. It doesn't necessarily have to be random, but that's even better. treK5.2MadOne could work. I have a client--a church--that uses bible references, like joHn3.l6 The reason for this is that the bad guys use automated programs that are loaded with dictionaries (like your spell check) that they run against your account looking for passwords. Those programs can try thousands of passwords per second. Most people use a plain word, and that will fall in no time.

I purchased my own domain so I would not have my email tied to a specific ISP.
The best thing to do is run a good anti-virus. I have used AVG and Norton Corporate with success. Use Firefox for a browser and Thunderbird for email. DO NOT download those spyware and adware ridden toolbars from anyone. There are a number of helper applications available from Mozilla.org for Firefox and Thunderbird. Those open source software applications get a fairly close scrutiny from fellow developers. ALWAYS use a router between your computer and the modem if you are using broadband. Hackers can compromise your computer in a few minutes, far faster than you can download or install protection software. Use a spyware protection program. You can find them below:



Thanks for the info. I've been on the net for 20 years and this is the first time I've had any problems.

I use Norton as it's required if I want to access work from home. I use a throw-away Yahoo email address for many things and only use my ISP email address for work, family, friends and business.

I downloaded the current updates for my virus software, ran a scan and found a virus. That was quickly removed and everything seems to be working again.

[snip]

..and only use my ISP email address for work, family, friends and business...

[snip]



This is the group that will send your email address in plain view to everyone in their address book above a blonde joke. In a matter of days it will be on 10,000 computers; a million if it's a really good blonde joke. :p

tpelle and JanMM: Your issue sounds like spoofing rather than having been hacked. Spammers put anything they darned well please in the "from" and "reply-to" of their emails. Usually, they just use an address they've also sent mail to. It means nothing as far as the security of your own account.

I could put potus@whitehouse.gov in my from or reply-to, it doesn't mean I've hacked W's account. If I then send to a bad address, W gets the bounce message, not me.

Bev: I'm sure your ISP gave you the "use strong passwords" speech. If not, here it is: Use strong passwords. A strong password is a combination of uppercase, lowercase, numbers and punctuation. It doesn't necessarily have to be random, but that's even better. treK5.2MadOne could work. I have a client--a church--that uses bible references, like joHn3.l6 The reason for this is that the bad guys use automated programs that are loaded with dictionaries (like your spell check) that they run against your account looking for passwords. Those programs can try thousands of passwords per second. Most people use a plain word, and that will fall in no time.
My recent non-problem with undeliverable mail is spoofing, I think you're right.
My previous problem was different - when I ran netstat -a in a command prompt, it showed that my PC was being accessed by several different mail-related sites, all likely trying to send out mail from my PC, but prevented by Comcast's blocking of ports. And, yes, I do have a router.

Yeah, that's why I use a "throw-away" email address for the general public. My whole family uses one of the "free" (e.g. Yahoo, hotmail, etc) mail accounts to isolate and protect our ISP account. Almost *nobody* gets our "real" address.

This means certain "exclusive" forums won't accept my registration, but it's a small loss (to me) compared to the hassle of straightening out a hacked ISP email address.

Other advantages of the free email services (Yahoo, Hotmail, Gmail) are that any viruses sent to you in emails don't actually come into your computer they reside in the computers at the free email companies (Yahoo, Hotmail, Gmail); because you just "view" your emails rather than download them. You save space on your hard drive (I admit emails don't take up much space) and take up space on the hard drives of the free email computers. And best of all if you want to switch ISPs (or get a new computer) you can do it as often as you wish without making changes to your email (or email address) because your email is online rather than inside your computer..

There are lots of free tools for inspecting current networking behavior. But they are pretty geeky (like wireshark). I've often wished for (or figured I might create someday) a simple and intuitive tool that would monitor current network activity and apply certain filters and resolutions (name lookups, ARIN whois, etc) and just run all the time giving a indication of current network activity, maybe even highlighting suspicious stuff. Personal firewalls tend to be too dumbed-down for my tastes. I'll put it on my list.

There are lots of free tools for inspecting current networking behavior. But they are pretty geeky (like wireshark).

Geeky, yes, but maybe that's not a bad thing.

The current version of Wireshark (http://www.wireshark.org/) has good enough documentation and default filters to be an excellent hands-on introduction to networking for the average alert and inquisitive person.

tpelle and JanMM: Your issue sounds like spoofing rather than having been hacked. Spammers put anything they darned well please in the "from" and "reply-to" of their emails. Usually, they just use an address they've also sent mail to. It means nothing as far as the security of your own account.

I could put potus@whitehouse.gov in my from or reply-to, it doesn't mean I've hacked W's account. If I then send to a bad address, W gets the bounce message, not me.


Speaking of spoofing, the world's worst comic opera is playing out in the NY courts at the moment. I have a walk-on part in it:

http://www.nytimes.com/2007/10/08/nyregion/08chess.html?ref=nyregion

"A lawsuit filed in federal court last week accuses two officers of the nation’s leading chess organization of posting inflammatory remarks on the Internet under false names in order to win election to the group’s board. "

One of the names and email addresses spoofed was mine.