Solved

my account is being spoofed

Posted on 2011-02-19
11
700 Views
Last Modified: 2012-05-11
I have a yahoo account. apparently everyone in my address book is receiving a viagra email. How can I stop this?
0
Comment
Question by:al4629740
11 Comments
 
LVL 14

Accepted Solution

by:
svgmuc earned 250 total points
Comment Utility
Change the password.

Email accounts are "hacked" on a regular basis. Once they found out your password, an automated system (botnet) sends emails from your account.

I have had my yahoo account for a while and never received any complaints about me sending spam. I presume, they can only break easy passwords with word lists.
0
 
LVL 31

Assisted Solution

by:moorhouselondon
moorhouselondon earned 250 total points
Comment Utility
As svgmuc says, but change it to something really really secure, letters and digits and no, PA55W0RD is too easy lol.  Yahoo allows access to account logins through an API, which makes dictionary hacking so much easier.  Yahoo don't seem to monitor failed logins through this route, otherwise this would never happen.

Check also that the hackers have not changed your "Secret Questions".  One of my clients got hacked and they changed the first of her secret questions, luckily she had a second question which was left untouched.

Put yourself in your address list so that you are among the first to know that you are in the business of promoting the benefits of viagra(tm).
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
There is no way to stop anyone from sending E-Mail claiming to be from you.

Welcome to the Internet.
0
 

Author Comment

by:al4629740
Comment Utility
what about the previous two posts, mr. psicop.
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
Is the E-Mail actually being sent from your Yahell! account, or is it simply being sent with headers that claim to be from your account?
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
There's nothing you can do to prevent someone from sending an E-mail claiming to be from you, but which is actually sent from elsewhere.

If someone is actually accessing your Yahell! account, then that's a horse of a different technicolor. You need to state precisely what is happening.
0
 

Author Comment

by:al4629740
Comment Utility
not sure, I guess thats why I'm asking for your opinions
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
There's no way for us to know which is happening.

If you have a sample of the E-Mail, with complete headers, you can post it here, after obscuring your E-mail address and anything else that tends to personally identify you (and don't bother with the body of the E-Mail, it's the headers that are important).

But short of that, we have no way of knowing which is happening to you.
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
Ask someone in your address book to forward a copy of the mail headers to you, then post them on here.

This will tell you all kinds of info... what email address the email claimed to be from, the IP address of the computer that sent the mail, the relay it used to get to the recipient, the time it was sent, etc...



Unfortunately there is no easy way to stop this, as some mail servers don't use SPAM filters or blacklists.  Traditional email was checked on the basis that all mail was legitimate unless the mail server receiving the mail could provide a valid reason why it should be blocked (using blacklists, spam filters, etc.)

More recently some email providers use technologies such as SPF to make the sender prove that the mail is legitimate.
0
 

Author Comment

by:al4629740
Comment Utility
here is the header


Return-path: <SRS0=C0PNQh=VQ=aol.com=xxxxxxxxxxxx@aol.com>
Envelope-to: xxxxxxxxxxxxxxxxxx
Delivery-date: Sat, 19 Feb 2011 04:49:46 -0500
Received: from impinc03.yourhostingaccount.com ([10.1.13.103] helo=impinc03.yourhostingaccount.com)
	by mailscan07.yourhostingaccount.com with esmtp (Exim)
	id 1PqjRi-0005mM-Pn
	for al@tellap.com; Sat, 19 Feb 2011 04:49:46 -0500
Received: from imr-ma02.mx.aol.com ([64.12.206.40])
	by impinc03.yourhostingaccount.com with NO UCE
	id 9lpm1g02C0spQVs03lpmc9; Sat, 19 Feb 2011 04:49:46 -0500
X-EN-OrigIP: 64.12.206.40
X-EN-IMPSID: 9lpm1g02C0spQVs03lpmc9
Received: from imo-ma03.mx.aol.com (imo-ma03.mx.aol.com [64.12.78.138])
	by imr-ma02.mx.aol.com (8.14.1/8.14.1) with ESMTP id p1J9iQ3u007176;
	Sat, 19 Feb 2011 04:44:26 -0500
Received: from xxxxxxxxxxxx@aol.com
	by imo-ma03.mx.aol.com  (mail_out_v42.9.) id 9.ce5.74e3415d (43837);
	Sat, 19 Feb 2011 04:44:21 -0500 (EST)
Received: from smtprly-me03.mx.aol.com (smtprly-me03.mx.aol.com [64.12.95.104]) by cia-dc03.mx.aol.com (v129.9) with ESMTP id MAILCIADC032-b3104d5f90f31b4; Sat, 19 Feb 2011 04:44:21 -0500
Received: from TSTMAIL-D01 (tstmail-d01.sim.aol.com [205.188.58.129]) by smtprly-me03.mx.aol.com (v129.9) with ESMTP id MAILSMTPRLYME038-b3104d5f90f31b4; Sat, 19 Feb 2011 04:44:19 -0500
To: 1800FLOWERS@e.1800flowers.com, aarpnews@news.aarp.org,
        accountmanageremail@accountmanageremail.com, ahoward@dist159.com,
        akajanewms@yahoo.com, xxxxxxxxxxxxxxxx
Content-Transfer-Encoding: quoted-printable
Subject: holla
Date: Sat, 19 Feb 2011 04:44:19 -0500
X-MB-Message-Source: WebUI
X-AOL-IP: 65.27.34.47
X-MB-Message-Type: User
MIME-Version: 1.0
From: jvjideations@aol.com
Content-Type: text/plain; charset="us-ascii"
X-Mailer: AOL Webmail 33222-MOBILE
Received: from 65.27.34.47 by TSTMAIL-D01.sysops.aol.com (205.188.58.129) with HTTP (WebMailUI); Sat, 19 Feb 2011 04:44:19 -0500
Message-Id: <8CD9E30B6B2F57B-2124-226CA@TSTMAIL-D01.sysops.aol.com>
X-Spam-Flag:NO
X-AOL-SENDER: xxxxxxxxxxxx@aol.com
X-Antivirus: avast! (VPS 110219-2, 02/19/2011), Inbound message
X-Antivirus-Status: Clean

Open in new window

0
 

Author Closing Comment

by:al4629740
Comment Utility
Thanks
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
Resolve DNS query failed errors for Exchange
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now