AOL email mail account has been spoofed

lianne143
lianne143 used Ask the Experts™
on
Hi

One of my friend has an internet account with AOL and he has an email account and has been using from many years.
His email address is auser@aol.com

Recently I have been told that somehow email spoofing has happened. All the contacts in his mail have received an email from auser@aol.com with an attachment and his address to make it more genuine and even I have received an email as well.

When click download the attachment it is going to a one drive saying please click here. When I click there, it goes and asks to log in with yahoo, Gmail or 0365 accounts.
I was told that auser has reset his password on his email account and still able to access his email account.

Please let me know if the hacker has control over auser mail box now. Will it be the best way to send an email to all contacts in his email that his account has been hacked and to ignore the email that has been sent with pdf attachment comes from auser@aol.com.

Will it be best to suggest him to open a new Gmail account and if so how to inform all his contacts that his email address has been changed? To Gmail.

Any suggestion and help will be great.
Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
timgreen7077Exchange Engineer
Distinguished Expert 2018
Commented:
You friend most likely has a virus on his machine and its sending out emails to his contacts. Scan the machine for any viruses and malware. I would also suggest opening a new account completely remove that old account if he can live without it.

Author

Commented:
The email I received from him has his house address as well , will a virus put the house address of the sender on the email?
I think he must have a valid  virus on his PC an not sure how this has happened even in spite of having a upto-date antivirus software on his PC.
timgreen7077Exchange Engineer
Distinguished Expert 2018
Commented:
It may be grabbing information from his contacts so yes that is possible. I would wipe the computer and reinstall windows. as that point he should still be able to keep his AOL address since the wipe would blow away everything on his machine.
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
If there are emails in the sent file to suggest the user's email has been compromised, then proceed as above.

If the spam is just using the address to make it look like auser is sending the mail (spoofing) there is not much you can do about it and even changing the email address will only work for a short time
timgreen7077Exchange Engineer
Distinguished Expert 2018
Commented:
By the fact that emails are going out to all the user contacts it more likely that a virus is the reason an not just normal spoofing, but @John makes a valid point.

Author

Commented:
He says what ever the emails he is receiving  are going directly to trash. Will there be any rule set up by the virus to forward the  incoming emails to trash?
timgreen7077Exchange Engineer
Distinguished Expert 2018
Commented:
If he has no rules setup himself then the virus can do that. A virus can cause your computer, email on your computer, and other stuff to behave badly. He has a virus most likely.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
He says what ever the emails he is receiving  are going directly to trash

If there is no viruses on the computer, then it is just spoofed emails.  I see these in my email host spam folder.

Author

Commented:
I sent an email and it went directly into the deleted folder and not sure why this is happening. Please suggest.
timgreen7077Exchange Engineer
Distinguished Expert 2018
Commented:
make sure the user doesn't have a role set up. if not deal with the problem. the virus
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
You sent it do the user's computer?  Or you sent it where.

If you got the administrative bounce back, that means it did not go out

Author

Commented:
I sent it to auser@aol.com  and it went into deleted folder. He is using AOL desktop beta  and where will i find the rules setup?
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
If you are sending it and the admin gives it back to you without going out to AOL, then your email sender sees auser@aol.com as a spammer. That machine should be thorough scanned as it is worse condition than I thought it might be.
I have seen a LOT of this recently.

If you take a look at one of the messages sent from auser@aol.com, you will notice the link points to a phishing page. If one of those users were to foolishly supply credentials, then hackers would have the ability to access their email.

Even if auser did not mention it, he has probably followed a link in a similar missive, handing his credentials over to hackers, who have then used his account to send more phishing email. These hackers will keep accessing mailboxes, until they stumble across one that is "ripe" for fraud. Usually something like a company exec emailing an accountant and requesting they make payments to suppliers, VERY simple to spoof one of those and profit.

Usually, when someone has their mailbox compromised like this, hackers create some rules, which forwards all email to another account, and deletes the original. This prevents recipients from alerting the sender of a problem.

It is probably safe to reset the password, delete rules created by hackers, and remind auser to be careful when following links.
Software Engineer
Distinguished Expert 2018
Commented:
This hardly seems to be spoofing, more like a hijacked account or infected system.

For the system investigate with several antivirus tools. ( none of them have 100% coverage)....
or wipe the system from read only media (CDROM) as a precaution without investigating.... (You will loose data on that system)..
Even backups might be infected depending on point of entry of the virus wrt. last backup before that.

With AOL account just renew the password, verify the data in the account is still valid (mail addresses etc.), remove anything that isn't completely familiar. and chenge the password again.  (also may best done when running from a trusted CLEAN environment).
Then verify all settings within the account... forwarding rules, delete rules etc.  if there were suspecius ones, reset the account again...

Author

Commented:
A rule was set up on his AOL  to forward all the incoming mail to trash. I deleted the rule now all the emails goes to inbox .
Not sure how this rule was set up , will virus set up this rule?
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
I don't think viruses would do this. More likely an inadvertent user error.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial