Spam mail

[Nero]

I got an email 'forwarded' from a friend and sent lots of his other contacts. It was a link, prefaced by a badly spelt and poorly punctuated spiel explaining how this person had made lots of money and how I could do the same. I can't think that my friend would have sent this on to me, especially because the other contacts listed include estate agents and a potential boss.

A few hours later I got one from another friend, again apparently forwarded from someone else, and offering another way to get rich quickly.

Can someone with computer knowledge tell me what is going on? Have my friend's accounts been 'hacked' or is it something I have done? Thanks!

[Sue]

Yes your friends' email accounts have been hacked.

You need to tell them to change their passwords.

[Nero]

Thanks. So, how do accounts get hacked? Is it by a 'real' person or by an automatic bot or something?

The fact that two friends had seemingly been hacked within a short time made me think that somehow the problem was something to do with me.

[Sue]

No idea, but it has happened to me and also to various friends.

Emails were sent out purporting to be from me/them but were actually not.

Sometimes they are for things like V****a sales, sometimes pretending the person concerned is in financial difficulty (eg wallet stolen on holiday) and they need money sent to them. (the asterisks are because I've been prevented from posting this and I think it might be because of the V word!)

There's been some publicity lately about the latter scam. I had one of them recently.

I don't think it's by an automatic bot, at least not usually, I think it's by a "real" person, but I'm sure others will know a lot more about this than I do.

Most important thing is to let your friends know that they must change their email password.

Edited to add: They could also warn the people the emails went to not to click on any links in them. Could be a problem with viruses etc..

[Nero]

Hmm. Very intriguing. I have PMd you, but just wanted to ask anyone else about it. Where would the person doing the infiltrating get your details from? Is it if you go to a Facebook app, for example, or if you click on a URL on Twitter, for example? I know v little about spamming and hacking, hence my rather wide-eyed questions. (Where I work the spam filter is very good and my own account is Gmail, which I have used for a few years and have never had any problems with.) Thanks all.

[mockney piers]

Maybe they did something like this...

http://imgs.xkcd.com/comics/password_reuse.png

[the-e-dealer]

Their "account" is not hacked that is still safely on the Provider's server. There's a program called a Trojan running on their PC and reading their address book. They need to run Anti Virus and anti Spyware / Trojan software to clean up their machine.

[DulwichFox]

Hi Nero..

Mail it would seem is very simple to hack...

One common 'hack' ?? is that you recieve an e-mail that appears to come from yourself.

Usually advertising cheap drugs or something similar. Although not dangerous in themsleves

they are a nusciance.

All e-mails contain 'Subject' , 'To' , 'From'

The 'From' Field can contain anything. like.. Your email address.

Adding The Sender to the Blocked Senders List will add your e-mail addressto Blocked Senders.

Altough this does not stop further emails as you were not actually the real sender.

and also does not seem to stop you sending mails to yourself..

You may need to add your e-mail to the Safe Users List

Details

Your problem is a little more complex. I cannot find details because if the details were published openly

anyone would know how to hack someones mail account. I'm pretty sure anyone digging deep enough

would find it.

It will involve poss. Javascript being run when you open your mail.

This script will read your Contacts List and forward the mail to them with you as the Sender.

Any one of your Contacts will then have the same problem sending to their Contacts when they open it.

Even Worse...

There are devices on the market that can compromise your email while you are using Wi-Fi in your local bar/ cafe.

Once your PC has been detected, your email will be locked and you will not even be able to close down the

session as someone else has open..and has Total Control.

All Very Scary...

Fox

[Sue]

the-e-dealer Wrote:

-------------------------------------------------------

> Their "account" is not hacked that is still safely

> on the Provider's server. There's a program called

> a Trojan running on their PC and reading their

> address book. They need to run Anti Virus and anti

> Spyware / Trojan software to clean up their

> machine.

xxxxxxx

Maybe hacking is the wrong word, but in my case and my friends' cases all we needed to do was change our email passwords.

It was nothing to do with not having anti virus or spyware software.

[DulwichFox]

Sue Wrote:

-------------------------------------------------------

> the-e-dealer Wrote:

> --------------------------------------------------

> -----

> > Their "account" is not hacked that is still

> safely

> > on the Provider's server. There's a program

> called

> > a Trojan running on their PC and reading their

> > address book. They need to run Anti Virus and

> anti

> > Spyware / Trojan software to clean up their

> > machine.

>

> xxxxxxx

>

> Maybe hacking is the wrong word, but in my case

> and my friends' cases all we needed to do was

> change our email passwords.

>

> It was nothing to do with not having anti virus or

> spyware software.

Changing your passwords is Not enough..

Once your account has been compromised, a smart hacker will immediately go in and change that email address to one that he has access to. That way, if you request a password reset, he'll get it, not you. Similarly, if you change the password, all the hacker has to do is request a password reset, and he'll regain access to the account.

Read ??

Also.. you do not need someone p/w to send them Spam Mail with suspect code in.

Fox.

[Nero]

Thanks for your input. It is certainly more complicated and more disturbing than I thought. My account (Gmail) is still OK, but I have changed my password for it and Twitter, my bank etc (I've got different ones for each thing and use letters and numbers).

I saw my friend whose account was compromised. He'd had it for years - it was his first account - so he's decided to ditch it for Gmail. He told me he'd received a mail from himself offering him a job, so what's been said above is certainly valid. My other friend has changed her passwords too.

[Sue]

Hi Nero, whilst DulwichFox knows a lot more than me about computer issues, I don't think you need to get too paranoid over this.

It only happened to me once a few years ago, all I did was change my email password (not my whole email account), I did nothing else and have had no further trouble.

You'd be very unlucky if you did. I'm assuming you have the usual protection (anti-virus etc).

I'd have thought your bank would be liable if anybody hacked into your online account, provided obviously you hadn't left your password lying around or given it to anyone :))

[DulwichFox]

Hi Nero..

Sue is correct. Do not worry too much.

It would seem to me that in your case you was hit by an e-mail 'Chain Letter'

The problem was the 'Link'

Clicking the link could activate the code to forward the mail to all of the users contacts.

Just be very carefull clicking on any link. even if it appears to come from a friend.

If it looks suspicious, do not click on it. email your friend and ask if they sent it to you.

If not. Delete the mail.

Fox

[Nero]

Thanks - but I must again explain that I was not hit by the scam - two friends were. I've changed my passwords out of caution.

[Sue]

Nero Wrote:

-------------------------------------------------------

> Thanks - but I must again explain that I was not

> hit by the scam - two friends were. I've changed

> my passwords out of caution.

xxxxxx

No point doing that unless you've actually been hacked, because if you are they will just use your new passwords - not wishing to alarm you in any way :))

[DulwichFox]

Nero Wrote:

-------------------------------------------------------

> Thanks - but I must again explain that I was not

> hit by the scam - two friends were. I've changed

> my passwords out of caution.

You were hit by the Scam. That is the point.

If you responded in any way, you would then forward it to all your Contacts and they would in

turn Foward it to all their contacts.

That is how e-mails are spread to many recipients Very quickly.

Most may be harmless unless you actually reply to the scammer.

Then the real damage can begin.

Email is the easiest was to spread Viruses. (I am not suggesting that you have been infected.)

They are not Protected by your Firewall and are dependent on your email Junk Mail filters.

If the mail appears to come from one of your contacts, they are not going to be in your 'Blocked Senders List'

Like I said before. You do not need someones password to send them an email.

You can send an email to anyone.

Fox.

[the-e-dealer]

This is a common scam - I don't have a Halifax account but 'They' have written to me often. The latest thing that is re doing the rounds is a Phone Call from Microsoft to clear up all your viruses. Put the Phone down ! They don't ring customers.

[DulwichFox]

the-e-dealer Wrote:

-------------------------------------------------------

> This is a common scam - I don't have a Halifax

> account but 'They' have written to me often. The

> latest thing that is re doing the rounds is a

> Phone Call from Microsoft to clear up all your

> viruses. Put the Phone down ! They don't ring

> customers.

Yes I keep the MicroSoft Scammers going. After all they are paying the bill.

Hit the little Flag and 'R' key at the same time Type in the box E-v-e-n-t-v-w-r Event Viewer and all that.

I just act thick and concerned.

What can you see..?

Oh it all looks very complicated..

it's ok we will help you.

Then when I get bored I tell them they are not Microsoft and they get very defensive..

At least if they are talking to me they are not scamming someone else.

Worth 10 minutes of my time.

[Sue]

DulwichFox Wrote:

-------------------------------------------------------

> Yes I keep the MicroSoft Scammers going. After

> all they are paying the bill.

>

> Hit the little Flag and 'R' key at the same time

> Type in the box E-v-e-n-t-v-w-r Event Viewer and

> all that.

>

> I just act thick and concerned.

>

> What can you see..?

>

> Oh it all looks very complicated..

>

> it's ok we will help you.

>

> Then when I get bored I tell them they are not

> Microsoft and they get very defensive..

>

> At least if they are talking to me they are not

> scamming someone else.

>

> Worth 10 minutes of my time.

xxxxxxxxx

I can't be a***d.

As soon as I hear the word "computer" or similar, I put the phone down :))

But good for you for taking their dosh, Fox!

[Nero]

Hello again.

I did not open or reply to or forward the email from one of my friends, but I did open the other one (thought did not reply or forward it.) Hmmm. Oh well, my passwords were not that strong so at least they are now.

[KalamityKel]

If you are concerned that your email account is sending emails that you did not send check your "sent" folder. If you find emails with them silly links and such there delete them THEN change your password.

You should be creative with your password. dont just keep it to letters and numbers, use symbols and upper/lower case too.

For example:

K/\lam!tYk3l (KamlamityKel)

a bit extreme in this instance but I'm sure you get my drift :)

[DulwichFox]

Little bit of research reveals ! \ / characters cannot be used in an email address.

! This character is used in UUCP style addresses, in the so called bang paths. Example: host2 ! host1 ! user. Because there are still lots of mail systems who interpret this chars specially it should never be used in the local part of an email address. (Old system used before there were any Domain names)

/ The forward slash is often used in email addresses used by X.400 gateways. Example: 'PN=Joe/OU=X400/@gateway.com'. Because the slash is used as a directory separator in UNIX and other operating systems, it is probably not a good idea to use it in local parts. If you ever want to save the mail in a mailbox named after the local part, you will have problems.

\ The backslash is used for quoting special chars in RFC2821 and RFC2822. If it is used it must be quoted itself. Would be very confusing. Don't use it.

I do not claim to fully understand all of the above.

I just suspected that these characters could cause problems.

Here is a list of Valid/Invalid characters

Fox.

[ianr]

ie, there's an informative web page by Jochen Topf © on "Characters in the local part of a mail address" here.

[Sue]

KalamityKel suggested using those characters for the password, Fox, not for the email address.

[DulwichFox]

Sue Wrote:

-------------------------------------------------------

> KalamityKel suggested using those characters for

> the password, Fox, not for the email address.

Hi Sue..

Oooops You are quite right.

Critera for email passwords will be set by your ISP...

Most Characters should be ok.

Fox :-$