Announcement

Collapse
No announcement yet.

Understanding Email Spam? ... and other tech scams

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Understanding Email Spam? ... and other tech scams

    Trying to understand how email accounts are compromised.
    I have Yahoo email, and my Grown Daughter does also.
    I started getting email from her that was adware to other sites.
    She has 8 people in her address book.
    We were all getting the same junk mails from her.
    I was getting the emails from her while she was at work and her computer was off.
    I read on yahoo search that her account was being accessed by someone, or something else.
    She changed her yahoo email password, and all is good now.
    So the main question, is was this a Bot, or an individual?
    And, how did they get her password?
    We don't want this to happen again?
    Any insight to this is appreciated.
    T
    "If Hitler invaded Hell, I would make at least a favourable reference of the Devil in the House of Commons." Winston Churchill
    Terry

  • #2
    I think that it is individuals who hack into the Yahoo database, extracting usernames and passwords. And then they use bots or zombies to send out all of the bogus emails. (Zombies are computers that have been taken over by malicious software. I think that most people aren't aware of that even happening- they might have noticed that their computer is not as fast as it used to be but they figure it must be old age.)

    In any case this doesn't mean that your daughter's computer was hacked into. However if she uses her old Yahoo password on other sites she ought to change the password on those sites as well just to be safe.

    Just my guess on things having received those bogus emails from maybe a dozen people I know over the past few years.

    Steve Ahola

    P.S. A common message was a request for help since your "friend" lost his money overseas and needs $x,xxx to pay his hotel bill- he will pay you promptly once he gets back. Usually the wording is very stilted and certainly not how your friend would have phrased things but some people are fooled and offer to help. (I haven't heard of any of my friends actually losing money because of the scheme.)
    The Blue Guitar
    www.blueguitar.org
    Some recordings:
    https://soundcloud.com/sssteeve/sets...e-blue-guitar/
    .

    Comment


    • #3
      One common trick is to use an email address as the from line, but if you actually look at all th header information you find that the message really came from some other address. it may have her address, but that doesn;t mean it was sent by her computer. Some of these things drop a cookie, wwhich somehow looks at your address book, and grabs all the names in it. They could have gotten her email address from someone else's address book.
      Education is what you're left with after you have forgotten what you have learned.

      Comment


      • #4
        Many times these emails are sent to your now infected victim and they click something... Many times those emails can originate from really horrible sites like FaceCrook. Now I appreciate that you changed the password but who is to say that there was not an infection that originated on her computer that captures her login information?? Might go away for a bit but if it shows back up then you need to clean up that computer and only when it is cleaned do you then change the passwords. This happened to my Mom's computer and yes it goes away for bit then it comes back because her computer was infected. Not saying this is the same situation here but it sounds a bit similar in a way.

        Another thing is to Never save crucial passwords by windows or to click the remember my password to keep them logged in... Maybe on this site it is good but not on Yahoo or something like that.

        Have you found anything strange on her computer at all? I think I would start off by running MalwareBytes on her computer and get the ball rolling to make sure. At that point a great program to plug holes in your system is ComboFix. For anyone running combo fix take caution to read about it in full. Combofix is a very powerful tool and the research to use it must be understood or it might screw up the computer. But from my experience ComboFix is one the greatest applications when you use it correctly, just be careful.
        When the going gets weird... The weird turn pro!

        Comment


        • #5
          Originally posted by DrGonz78 View Post
          Many times these emails are sent to your now infected victim and they click something... Many times those emails can originate from really horrible sites like FaceCrook. Now I appreciate that you changed the password but who is to say that there was not an infection that originated on her computer that captures her login information?? Might go away for a bit but if it shows back up then you need to clean up that computer and only when it is cleaned do you then change the passwords. This happened to my Mom's computer and yes it goes away for bit then it comes back because her computer was infected. Not saying this is the same situation here but it sounds a bit similar in a way.

          Another thing is to Never save crucial passwords by windows or to click the remember my password to keep them logged in... Maybe on this site it is good but not on Yahoo or something like that.

          Have you found anything strange on her computer at all? I think I would start off by running MalwareBytes on her computer and get the ball rolling to make sure. At that point a great program to plug holes in your system is ComboFix. For anyone running combo fix take caution to read about it in full. Combofix is a very powerful tool and the research to use it must be understood or it might screw up the computer. But from my experience ComboFix is one the greatest applications when you use it correctly, just be careful.
          She checks her mail on different computers.
          She did install the SUPERAntiSpyware, and run it.
          For now all is good, and I'm not getting anymore spam from her.
          That is why I am now back running Linux.
          You don't get all that crap with linux.
          It's clean and it's fast.
          It had been 3 years since I ran linux, but it has come along way since then.
          I'm going to keep a linux web surfing rig from now on.
          T
          "If Hitler invaded Hell, I would make at least a favourable reference of the Devil in the House of Commons." Winston Churchill
          Terry

          Comment


          • #6
            Originally posted by DrGonz78 View Post
            Now I appreciate that you changed the password but who is to say that there was not an infection that originated on her computer that captures her login information??
            Normally I would agree with you on that but I have had so many friends whose had their Yahoo accounts hacked so I am pretty sure that was the case here. A typical email would have them requesting money from England- or wherever- since their money was stolen and they need to settle their hotel bill for 1500 pounds before they can leave (their tickets home were not stolen.) I think that hackers got into the Yahoo database and have been reeking havoc on users at random.
            Had a keylogger been installed on her computer I am sure that it would have used the logon information to hack into more important accounts (like PayPal or her bank.)

            Steve Ahola

            P.S. I think that my first virus was Happy New Year 2000 and was purportedly sent to me by Benjamin Fargen an AMPAGE e-buddy who has done very well since then. It read something like "Check out the cool display on this link!" The display was really cool- like fireworks- but my computer started sending those emails out to the people in my address book. Fortunately the AV companies came up with programs to remove that particular virus from your computer. There was one guy who kept emailing me that I had screwed up his computer. I kept telling him to go to the AV site but he was on a computer at work so I guess he had to get IT involved and they weren't too happy about that...
            The Blue Guitar
            www.blueguitar.org
            Some recordings:
            https://soundcloud.com/sssteeve/sets...e-blue-guitar/
            .

            Comment


            • #7
              Ubuntu is a serious threat to the marketing of web surfing for windows and mac systems. It has not had one virus logged that has attacked it system structure, that I know. I am sure there are some holes but the hackers are out there trying to penetrate the usual suspects. I am a big fan of Unix/Linux world and at least Mac's are based at it's root w/ a linux kernal. I remember how cool my Unix teacher was... He looked very similar to Jerry Garcia!! He would come into class and shut down the windows box and boot up Knoppix from the CD ROM drive. Very great to have these tools around for a sense of true security!

              As far as key logging trojans it is just way too common now a days. Yeah they would love to get your payPal or bank passwords etc. I still know that there are ones that are not as high level threats and they all come from the same place... The Arm Pit of Hell!! The one I remember on my Mom's computer was sending emails about getting Viagra and stuff... So it is all about embarrassing people who are connected w/ all their business professionals. But yeah not a serious threat and I remember we cleaned the computer only to have a trigger date later kick in w/ a new hack. Later I cleaned up the computer and only when I ran combo fix did it fully eliminate the minor threat.
              When the going gets weird... The weird turn pro!

              Comment


              • #8
                Originally posted by DrGonz78 View Post
                Ubuntu is a serious threat to the marketing of web surfing for windows and mac systems. It has not had one virus logged that has attacked it system structure, that I know. I am sure there are some holes but the hackers are out there trying to penetrate the usual suspects. I am a big fan of Unix/Linux world and at least Mac's are based at it's root w/ a linux kernal. I remember how cool my Unix teacher was... He looked very similar to Jerry Garcia!! He would come into class and shut down the windows box and boot up Knoppix from the CD ROM drive. Very great to have these tools around for a sense of true security!

                As far as key logging trojans it is just way too common now a days. Yeah they would love to get your payPal or bank passwords etc. I still know that there are ones that are not as high level threats and they all come from the same place... The Arm Pit of Hell!! The one I remember on my Mom's computer was sending emails about getting Viagra and stuff... So it is all about embarrassing people who are connected w/ all their business professionals. But yeah not a serious threat and I remember we cleaned the computer only to have a trigger date later kick in w/ a new hack. Later I cleaned up the computer and only when I ran combo fix did it fully eliminate the minor threat.
                I agree with all ya said.
                I looked at Windows 8, and bought one on sale with win 7.
                I loaded it enough to do whatever you need windows for.
                I don't know why they have to keep reinventing the wheel (DeskTop).
                That is why I keep trying diff Linux Distros, trying to get all features I like on one desktop format.
                So far the winner is, Mint 13 with Mate Desktop.
                Very nice and very fast.
                I try the live version on CD, if I like that, then I load the full version on a flash drive.
                T
                "If Hitler invaded Hell, I would make at least a favourable reference of the Devil in the House of Commons." Winston Churchill
                Terry

                Comment


                • #9
                  I think that the biggest threat is having your computer turned into a zombie, often without you even knowing it. Hackers get thousands of machines to do their dirty work for them whether it is DDOS attacks on sites they don't approve or multiple clicks to win money and prizes. The idea of vandalizing computers just for the sake of vandalizing has no big payoff. While ANONYMOUS will hack into bank and government sites just to raise hell I think that most hackers are in it for the money.

                  Steve Ahola
                  The Blue Guitar
                  www.blueguitar.org
                  Some recordings:
                  https://soundcloud.com/sssteeve/sets...e-blue-guitar/
                  .

                  Comment


                  • #10
                    My yahoo email got hacked today.
                    If you got a strange email from me today, don't open it, just delete it.
                    I was hacked and my entire address book went to sending out spam.
                    Yahoo locked me out of my account before I could change the password.
                    I have it all fixed now, and I reset my password.
                    Sorry! $__t happens.
                    T
                    "If Hitler invaded Hell, I would make at least a favourable reference of the Devil in the House of Commons." Winston Churchill
                    Terry

                    Comment


                    • #11
                      You mean you're not going to pay me back for the $1,500 I just sent to your hotel in London? You sounded very desperate with your wallet stolen and the hotel holding on to your passport until you could pay your bill... ;-)

                      Steve A.
                      The Blue Guitar
                      www.blueguitar.org
                      Some recordings:
                      https://soundcloud.com/sssteeve/sets...e-blue-guitar/
                      .

                      Comment


                      • #12
                        Always worth running once a week -

                        AdwCleaner Download

                        Quick and clean.

                        Comment


                        • #13
                          Originally posted by Sock Puppet View Post
                          [url=http://www.bleepingcomputer... Download[/url]

                          Quick and clean.
                          Yahoo mail servers get hacked- its not like your computer acquired malware...
                          The Blue Guitar
                          www.blueguitar.org
                          Some recordings:
                          https://soundcloud.com/sssteeve/sets...e-blue-guitar/
                          .

                          Comment


                          • #14
                            It was my fault.
                            I wasn't thinking, and clicked on the link on my friends email.
                            It all looked so official.
                            To say that woke me up, would be an understatement!

                            T
                            "If Hitler invaded Hell, I would make at least a favourable reference of the Devil in the House of Commons." Winston Churchill
                            Terry

                            Comment


                            • #15
                              Originally posted by big_teee View Post
                              It was my fault.
                              I wasn't thinking, and clicked on the link on my friends email.
                              It all looked so official.
                              To say that woke me up, would be an understatement!

                              T
                              I get 2 kinds of spam, all the time.

                              Type 1: sending address unfamiliar, message title almost always contains the name Linda

                              Type B: sending address someone I haven't heard from for a long time, message length typically 1 kB or less. Any kind of legit message typically runs 2 kB or longer.

                              I send 'em both to Trash, then flush the trash without a further thought.

                              Got fooled a couple months ago by a type B. I replied and now I get this kind of junk every day after years of no spam/phish email.

                              I'm not normally a violent person, but I wish "certain things" would happen to those who visit this rubbish on us. I'd get all charles bronson on them if I met 'em in person.
                              This isn't the future I signed up for.

                              Comment

                              Working...
                              X