Please explain email hacking.

[Judesman]

I am using Outlook 2007. Two of my Cousins emailed me to ask whether I had sent them an email offering "Fantastic Job Opportunities", of course I hadn't. I was sent a copy of the email and I could see that about a dozen people had been sent this email but some of the recipients are NOT in my address book so I assume my Outlook address book has not been accessed. I phoned my ISP and they changed my password and I am told this should solve the problem.

So what has happened? How can somone send an email from me that I didn't originate? Would they have had to access my ISP email account and if so how did they get my password?

About a month ago a friend sent me an email that they did not originate and when I tried to open it Norton blocked it. Could there be a connection? I have spoken to my computer supplier and on their advice done a full scan with Norton and Malware Bytes. Both scans were clear.

I do not understand how someone who knows my email address can send emails from me.

I think this is all pretty basic stuff but would like to get a better understanding of what is going on here. Any help please?

 

[marsmimar]

I'm not an expert but here's what I think I know. Let's say you send the same email to 5 of your contacts. Each of your contacts then forwards your email to 10 of their contacts without removing your personal information. Now each of those 50 people (who you may not know) forward the email they received from your contacts to 10 more people each. Your personal info is now known by your original 5 contacts, the 50 people they sent the email to, and yet another 500 people. And so on and so forth.

Under this fairly common scenario, it only takes four forwards beyond your original 5 contacts for your personal data to have reached 50,000 people. (You > 5 > 50 > 500 > 5,000 > 50,000 etc.) If just one of those computers along the way was hacked, botted, or otherwise compromised, your data could now be used to spoof or phish unsuspecting email recipients. Some of whom may be your original 5 contacts while others could be the contacts you don't know. You might find these articles helpful to better understand what happens when other people share your personal email data with the rest of the world.

And just for the record, most (if not all) email programs let the sender change the "FROM" line to whatever they want it to be. The email could look like it's coming from Father Christmas, The Pope, or even you.

Someone's sending email that looks like it's from me to my contacts, what can I do?

Why am I getting (or sending) emails that contain only a link or spam from my contacts?

Email Hacked? 7 Things You Need to do NOW

 

[3D Jed]

Sounds like someone got a virus that read their address book, then sends email to all the contacts that appears to come from said person. Of course you open the mail, thinking its safe because it looks like its from a friend. Its quite easy to 'spoof' email so it looks like it came from someone else.

This email contains the virus and so the problem spreads.

 

[Judesman]

Marsmimar & 3D Jed thanks for your input. I will have a good read of those links.

In my case some of the people emailed were not in my address book although I had emailed them in the past. So I don't think my address book has been accessed. Also the recipients included businesses and personal friends so at no time would all these people have received the same email. All the recipients I have emailed at some time in the past.

I will have a read of the links but there is quite a lot of reading there.

Many thanks, much appreciated.

 

[Judesman]

I have discovered that the recipients of these emails were the addresses recorded under "Chat" on my ISP email page. I asked the helpline staff how to delete these names and she told me that she didn't know as she hadn't been trained in "Chat"!!

I asked her how someone found out my password and she told me that it could have been done automatically through a Cookie. Is that possible? It all seems a bit of a mystery.

 

[Kaktussoft]

So it looks like you send an email to your friend(?)
Can your friend look at the email please. Let him invetigate the source code of the email. In outlook How to View All Message Headers in Outlook - About Email

Has email really been sent from your computer?

 

[Judesman]

Thank you for your reply. My friend is elderly and I don't think they would be able to get involved with this but they use Hotmail. I use Outlook.

Thirteen people have been sent this email from my email address. I do not know whether it was sent from my computer, most unlikely I would have thought but the addresses of the recipients are the same as the addresses in my "Chat" list on my ISP email page.

Thanks for your help.

 

[Kaktussoft]

Thank you for your reply. My friend is elderly and I don't think they would be able to get involved with this but they use Hotmail. I use Outlook.

Thirteen people have been sent this email from my email address. I do not know whether it was sent from my computer, most unlikely I would have thought but the addresses of the recipients are the same as the addresses in my "Chat" list on my ISP email page.

Thanks for your help.

If you get a postcard from Santa Claus with sender address: North Pole do you believe that? Of course not. Faking from address in email is just as easy as that

 

[z3r010]

If you get a postcard from Santa Claus with sender address: North Pole do you believe that? Of course not. Faking from address in email is just as easy as that

Yes, but getting hold of your contacts email addresses isn't, the account must have been compromised to allow access to the contacts and it would be easier just to use that compromised account than spoof.

 

[Judesman]

I have changed my email password and my ISP seems to think that will solve the problem although some of the things they have said to me does not inspire confidence. What concerns me is how anyone got into my ISP email account. Reading the links that Marsmimar kindly sent me it seems that I may never know.

My ISP says that if it happens again I will have to change my email address but the thought of changing that with all the service providers I am registerd with is daunting. The trouble is I am not much of a techie.

I just don't understand how someone finds my password.

Thanks for your thoughts.

 

[z3r010]

Make sure you have a strong password that is not a word or name and contains a non-standard character or two (£ is good as it's only on UK keyboards) and upper and lowercase as well as numbers.

 

[Judesman]

Thank you for that. That's a good idea.