Solved

my account is being spoofed

Posted on 2011-02-19
11
703 Views
Last Modified: 2012-05-11
I have a yahoo account. apparently everyone in my address book is receiving a viagra email. How can I stop this?
0
Comment
Question by:al4629740
11 Comments
 
LVL 14

Accepted Solution

by:
svgmuc earned 250 total points
ID: 34933541
Change the password.

Email accounts are "hacked" on a regular basis. Once they found out your password, an automated system (botnet) sends emails from your account.

I have had my yahoo account for a while and never received any complaints about me sending spam. I presume, they can only break easy passwords with word lists.
0
 
LVL 31

Assisted Solution

by:moorhouselondon
moorhouselondon earned 250 total points
ID: 34934286
As svgmuc says, but change it to something really really secure, letters and digits and no, PA55W0RD is too easy lol.  Yahoo allows access to account logins through an API, which makes dictionary hacking so much easier.  Yahoo don't seem to monitor failed logins through this route, otherwise this would never happen.

Check also that the hackers have not changed your "Secret Questions".  One of my clients got hacked and they changed the first of her secret questions, luckily she had a second question which was left untouched.

Put yourself in your address list so that you are among the first to know that you are in the business of promoting the benefits of viagra(tm).
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 34947861
There is no way to stop anyone from sending E-Mail claiming to be from you.

Welcome to the Internet.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:al4629740
ID: 34947884
what about the previous two posts, mr. psicop.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 34947923
Is the E-Mail actually being sent from your Yahell! account, or is it simply being sent with headers that claim to be from your account?
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 34947932
There's nothing you can do to prevent someone from sending an E-mail claiming to be from you, but which is actually sent from elsewhere.

If someone is actually accessing your Yahell! account, then that's a horse of a different technicolor. You need to state precisely what is happening.
0
 

Author Comment

by:al4629740
ID: 34947959
not sure, I guess thats why I'm asking for your opinions
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 34948021
There's no way for us to know which is happening.

If you have a sample of the E-Mail, with complete headers, you can post it here, after obscuring your E-mail address and anything else that tends to personally identify you (and don't bother with the body of the E-Mail, it's the headers that are important).

But short of that, we have no way of knowing which is happening to you.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 34965634
Ask someone in your address book to forward a copy of the mail headers to you, then post them on here.

This will tell you all kinds of info... what email address the email claimed to be from, the IP address of the computer that sent the mail, the relay it used to get to the recipient, the time it was sent, etc...



Unfortunately there is no easy way to stop this, as some mail servers don't use SPAM filters or blacklists.  Traditional email was checked on the basis that all mail was legitimate unless the mail server receiving the mail could provide a valid reason why it should be blocked (using blacklists, spam filters, etc.)

More recently some email providers use technologies such as SPF to make the sender prove that the mail is legitimate.
0
 

Author Comment

by:al4629740
ID: 35023348
here is the header


Return-path: <SRS0=C0PNQh=VQ=aol.com=xxxxxxxxxxxx@aol.com>
Envelope-to: xxxxxxxxxxxxxxxxxx
Delivery-date: Sat, 19 Feb 2011 04:49:46 -0500
Received: from impinc03.yourhostingaccount.com ([10.1.13.103] helo=impinc03.yourhostingaccount.com)
	by mailscan07.yourhostingaccount.com with esmtp (Exim)
	id 1PqjRi-0005mM-Pn
	for al@tellap.com; Sat, 19 Feb 2011 04:49:46 -0500
Received: from imr-ma02.mx.aol.com ([64.12.206.40])
	by impinc03.yourhostingaccount.com with NO UCE
	id 9lpm1g02C0spQVs03lpmc9; Sat, 19 Feb 2011 04:49:46 -0500
X-EN-OrigIP: 64.12.206.40
X-EN-IMPSID: 9lpm1g02C0spQVs03lpmc9
Received: from imo-ma03.mx.aol.com (imo-ma03.mx.aol.com [64.12.78.138])
	by imr-ma02.mx.aol.com (8.14.1/8.14.1) with ESMTP id p1J9iQ3u007176;
	Sat, 19 Feb 2011 04:44:26 -0500
Received: from xxxxxxxxxxxx@aol.com
	by imo-ma03.mx.aol.com  (mail_out_v42.9.) id 9.ce5.74e3415d (43837);
	Sat, 19 Feb 2011 04:44:21 -0500 (EST)
Received: from smtprly-me03.mx.aol.com (smtprly-me03.mx.aol.com [64.12.95.104]) by cia-dc03.mx.aol.com (v129.9) with ESMTP id MAILCIADC032-b3104d5f90f31b4; Sat, 19 Feb 2011 04:44:21 -0500
Received: from TSTMAIL-D01 (tstmail-d01.sim.aol.com [205.188.58.129]) by smtprly-me03.mx.aol.com (v129.9) with ESMTP id MAILSMTPRLYME038-b3104d5f90f31b4; Sat, 19 Feb 2011 04:44:19 -0500
To: 1800FLOWERS@e.1800flowers.com, aarpnews@news.aarp.org,
        accountmanageremail@accountmanageremail.com, ahoward@dist159.com,
        akajanewms@yahoo.com, xxxxxxxxxxxxxxxx
Content-Transfer-Encoding: quoted-printable
Subject: holla
Date: Sat, 19 Feb 2011 04:44:19 -0500
X-MB-Message-Source: WebUI
X-AOL-IP: 65.27.34.47
X-MB-Message-Type: User
MIME-Version: 1.0
From: jvjideations@aol.com
Content-Type: text/plain; charset="us-ascii"
X-Mailer: AOL Webmail 33222-MOBILE
Received: from 65.27.34.47 by TSTMAIL-D01.sysops.aol.com (205.188.58.129) with HTTP (WebMailUI); Sat, 19 Feb 2011 04:44:19 -0500
Message-Id: <8CD9E30B6B2F57B-2124-226CA@TSTMAIL-D01.sysops.aol.com>
X-Spam-Flag:NO
X-AOL-SENDER: xxxxxxxxxxxx@aol.com
X-Antivirus: avast! (VPS 110219-2, 02/19/2011), Inbound message
X-Antivirus-Status: Clean

Open in new window

0
 

Author Closing Comment

by:al4629740
ID: 35098994
Thanks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
Easy CSR creation in Exchange 2007,2010 and 2013
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question