?
Solved

my account is being spoofed

Posted on 2011-02-19
11
Medium Priority
?
711 Views
Last Modified: 2012-05-11
I have a yahoo account. apparently everyone in my address book is receiving a viagra email. How can I stop this?
0
Comment
Question by:al4629740
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 14

Accepted Solution

by:
svgmuc earned 750 total points
ID: 34933541
Change the password.

Email accounts are "hacked" on a regular basis. Once they found out your password, an automated system (botnet) sends emails from your account.

I have had my yahoo account for a while and never received any complaints about me sending spam. I presume, they can only break easy passwords with word lists.
0
 
LVL 31

Assisted Solution

by:moorhouselondon
moorhouselondon earned 750 total points
ID: 34934286
As svgmuc says, but change it to something really really secure, letters and digits and no, PA55W0RD is too easy lol.  Yahoo allows access to account logins through an API, which makes dictionary hacking so much easier.  Yahoo don't seem to monitor failed logins through this route, otherwise this would never happen.

Check also that the hackers have not changed your "Secret Questions".  One of my clients got hacked and they changed the first of her secret questions, luckily she had a second question which was left untouched.

Put yourself in your address list so that you are among the first to know that you are in the business of promoting the benefits of viagra(tm).
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 34947861
There is no way to stop anyone from sending E-Mail claiming to be from you.

Welcome to the Internet.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:al4629740
ID: 34947884
what about the previous two posts, mr. psicop.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 34947923
Is the E-Mail actually being sent from your Yahell! account, or is it simply being sent with headers that claim to be from your account?
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 34947932
There's nothing you can do to prevent someone from sending an E-mail claiming to be from you, but which is actually sent from elsewhere.

If someone is actually accessing your Yahell! account, then that's a horse of a different technicolor. You need to state precisely what is happening.
0
 

Author Comment

by:al4629740
ID: 34947959
not sure, I guess thats why I'm asking for your opinions
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 34948021
There's no way for us to know which is happening.

If you have a sample of the E-Mail, with complete headers, you can post it here, after obscuring your E-mail address and anything else that tends to personally identify you (and don't bother with the body of the E-Mail, it's the headers that are important).

But short of that, we have no way of knowing which is happening to you.
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 34965634
Ask someone in your address book to forward a copy of the mail headers to you, then post them on here.

This will tell you all kinds of info... what email address the email claimed to be from, the IP address of the computer that sent the mail, the relay it used to get to the recipient, the time it was sent, etc...



Unfortunately there is no easy way to stop this, as some mail servers don't use SPAM filters or blacklists.  Traditional email was checked on the basis that all mail was legitimate unless the mail server receiving the mail could provide a valid reason why it should be blocked (using blacklists, spam filters, etc.)

More recently some email providers use technologies such as SPF to make the sender prove that the mail is legitimate.
0
 

Author Comment

by:al4629740
ID: 35023348
here is the header


Return-path: <SRS0=C0PNQh=VQ=aol.com=xxxxxxxxxxxx@aol.com>
Envelope-to: xxxxxxxxxxxxxxxxxx
Delivery-date: Sat, 19 Feb 2011 04:49:46 -0500
Received: from impinc03.yourhostingaccount.com ([10.1.13.103] helo=impinc03.yourhostingaccount.com)
	by mailscan07.yourhostingaccount.com with esmtp (Exim)
	id 1PqjRi-0005mM-Pn
	for al@tellap.com; Sat, 19 Feb 2011 04:49:46 -0500
Received: from imr-ma02.mx.aol.com ([64.12.206.40])
	by impinc03.yourhostingaccount.com with NO UCE
	id 9lpm1g02C0spQVs03lpmc9; Sat, 19 Feb 2011 04:49:46 -0500
X-EN-OrigIP: 64.12.206.40
X-EN-IMPSID: 9lpm1g02C0spQVs03lpmc9
Received: from imo-ma03.mx.aol.com (imo-ma03.mx.aol.com [64.12.78.138])
	by imr-ma02.mx.aol.com (8.14.1/8.14.1) with ESMTP id p1J9iQ3u007176;
	Sat, 19 Feb 2011 04:44:26 -0500
Received: from xxxxxxxxxxxx@aol.com
	by imo-ma03.mx.aol.com  (mail_out_v42.9.) id 9.ce5.74e3415d (43837);
	Sat, 19 Feb 2011 04:44:21 -0500 (EST)
Received: from smtprly-me03.mx.aol.com (smtprly-me03.mx.aol.com [64.12.95.104]) by cia-dc03.mx.aol.com (v129.9) with ESMTP id MAILCIADC032-b3104d5f90f31b4; Sat, 19 Feb 2011 04:44:21 -0500
Received: from TSTMAIL-D01 (tstmail-d01.sim.aol.com [205.188.58.129]) by smtprly-me03.mx.aol.com (v129.9) with ESMTP id MAILSMTPRLYME038-b3104d5f90f31b4; Sat, 19 Feb 2011 04:44:19 -0500
To: 1800FLOWERS@e.1800flowers.com, aarpnews@news.aarp.org,
        accountmanageremail@accountmanageremail.com, ahoward@dist159.com,
        akajanewms@yahoo.com, xxxxxxxxxxxxxxxx
Content-Transfer-Encoding: quoted-printable
Subject: holla
Date: Sat, 19 Feb 2011 04:44:19 -0500
X-MB-Message-Source: WebUI
X-AOL-IP: 65.27.34.47
X-MB-Message-Type: User
MIME-Version: 1.0
From: jvjideations@aol.com
Content-Type: text/plain; charset="us-ascii"
X-Mailer: AOL Webmail 33222-MOBILE
Received: from 65.27.34.47 by TSTMAIL-D01.sysops.aol.com (205.188.58.129) with HTTP (WebMailUI); Sat, 19 Feb 2011 04:44:19 -0500
Message-Id: <8CD9E30B6B2F57B-2124-226CA@TSTMAIL-D01.sysops.aol.com>
X-Spam-Flag:NO
X-AOL-SENDER: xxxxxxxxxxxx@aol.com
X-Antivirus: avast! (VPS 110219-2, 02/19/2011), Inbound message
X-Antivirus-Status: Clean

Open in new window

0
 

Author Closing Comment

by:al4629740
ID: 35098994
Thanks
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question