Email Addresses stolen from earthlink account

Hello Experts,

I am not sure even how to ask this question but - some customers of mine have had add their email address(earthlink account in this case) book abused/stolen and had emails sent out on their behalf stating that they were in England and to send money...blah blah.

How did this happen and what can be done about stopping it in the future?  I have my suspicions but new to this type of problem.  Whats the best way to fix this?

Thanks Experts!
12stringAsked:
Who is Participating?
 
younghvCommented:
In my experience, there is no definitive way to find out the actual source of the compromise.

As a general statement, the most common causes are websites that require you to give up your email address to register...then promptly sell that information to anyone who will pay.

Another common source are emails that get passed on to 100's/1,000's of people and no one bothers to clean the strings of addresses before forwarding.

Whenever some moron publicly displays my email address in one of those "forward-to-everyone-in-your-address-book" emails, they get one notification from this website:
http://stopforwarding.com/the-email/

The second time they get their own special rule in my Outlook client ("auto-reply") with an explanation of why I am no longer accepting their messages.

(Sorry - pet peeve #3,498)
0
 
younghvCommented:
When you say they are "emails sent out on their behalf", do you mean they are in the "Sent Items" folders?

If so, then the accounts have been compromised and they are going to need to change  passwords and security questions.

A more likely scenario is that the email address has been grabbed by a SPAM bot (or being auto-generated) and these emails are being sent from somewhere else - with those return addresses being inserted in the "From" line.

0
 
jhyieslaCommented:
There are a couple of possibilities.

One is that the actual EarthLink account has been compromised. The best way to handle this is to have the owners of the accounts change their passwords to something very strong, or cancel these accounts and get new ones; obvious logistical issues there on the second part.

The other option, which may be more likely, is that someone somewhere has spoofed their accounts. You'd be very unlikely to ever know who and there's truly nothing you can do about it.  We get emails all the time in from people who appear to be our own users who aren't.  I finally had to set up an antispoofing rule in our Spam service. But that still doesn't keep that person from misusing that address to send to other people.
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
younghvCommented:
;)
GMTA - Snap!
0
 
12stringAuthor Commented:
Thank you Younghv and jhyiesla!  sorry for the delay.  I had already changed the email password and changed their windows accounts password to something we all can live with and yes they are stronger.

How can I trace what and how did it happen?  eventviewer?  where can I go to find out more about htese kinds of attacks?

Thanks for your Help!
0
 
jhyieslaCommented:
Assuming that the issue was some compromise of the account at EarthLink, tightening up the password should stop the problem, unless the user has some keystroke logger on his PC in which case if the hacker is still watching it will happen again.  Other than that not sure there is much else to do or followup on.

if it's a spoofed email, not sure there is anything you can do about it or much you can do to track it down. I suppose the email header might contain pertinent info, but the hacker most likely would have run it through some proxy servers in which case following it is very hard or even if they didn't does knowing that it came from Bulgaria really help you?
0
 
12stringAuthor Commented:
jhyiesla:  to answer your question "even if they didn't does knowing that it came from Bulgaria really help you?"  no not right off the bat but maybe I could start by blocking all IP's from bulgaria unless i had relatives there.  I am just trying to exhaust all possible options and then make the best choice.  I keep running into this issue and end up making some kind of excuse to the end user without really knowing what I am talking about.  So I figured i would start asking question to EE and see if I have missed anything.  

it appears that nothing new has been created to fight this problem other than make your passwords really strong and when forwarding emails minimize if not eliminate all other emails addresses within the email.  

anything else?
0
 
jhyieslaCommented:
The bottom line is you are right, there's nothing new that I know of to really fight this stuff. I keep hearing talk of legitimate ISPs banning together to create an email system based on some kind of certificate, but not sure how far along that is.

If you system supports it, it's possible to block email from non-US IP addresses:  http://www.experts-exchange.com/Networking/Misc/Q_21787352.html

However, if they're routing through some anonymous proxy, that may not be much good.

The Internet is just an unsavory place. Like every other place or thing that we come up with or go to, someone will figure out how to spoil it. The whole recent episode with Epsilon points that out.  Also, as long as legitimate web sites user "hacker techniques" like spoofing email addresses and use pop-ups to do business it will make it harder to protect against these things.
0
 
12stringAuthor Commented:
Thank you two I really appreciate the info!  I would like to split the points evenly between you two.  any objections?
0
 
jhyieslaCommented:
Works for me.
0
 
younghvCommented:
Fine - glad to share with jhyiesla and thanks for letting me rant.
0
 
12stringAuthor Commented:
Once again Thanks Guys for the info!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.