All profit supporting special needs music education and Help Musicians
Tutorials

email - Hacked

kevgermany

ex Landrover Nut
Subscriber
Messages
21,947
My hotmail email account was hacked and used this week to send out lots of rather unpleasant emails, and it's the one I use for the forum emails. :shocked:

If you got a suspicious email from me, please don't open it, or worse click on the attachments/links.. :w00t:

Funny thing is it happened to a friend in Canada as well, a couple of days before. I hadn't heard from her for ages, so I don't think it's linked.
 

jonf

Well-Known Member
Messages
3,680
Happened to me a while ago. My anti-virus software didn't get it. I cleaned up using Malwarebytes and changed my password to a new, stronger one.
 

kevgermany

ex Landrover Nut
Subscriber
Messages
21,947
Well, for what it's worth - I sent an email to all the addresses in my mailing list, saying I'd been hacked. I got the usual replies. And one from ebay's spoof mail service.... Saying my warning was a phishing scam..

So just what do ebay actually do with the bad stuff you send them?
 

JasonC

Member
Messages
217
Hotmail accounts are hacked all the time, pretty much all of my friends accounts have been hacked and I've had dodgy emails from them all! I would recommend a Gmail account instead and enable 2-step verification, it is far more secure. Also make sure when you use your accounts (if you use the web based interface) that the address begins with HTTPS, with the S being the important bit.

Hope this helps, although a little late :)
 

Dave McLaughlin

Sesquipedalian
Subscriber
Messages
305
You should also be aware that there are some types of malware that search through a user's address book on an infected machine and send emails to addresses in that book, but forge the headers to make the email appear to come from another address in the book. If that happens, it's not the person whose email appears in the From: field that has the malware at all. These things were quite common a few years ago, but I've been seeing some evidence of them again in the past few weeks.
 

kevgermany

ex Landrover Nut
Subscriber
Messages
21,947
That S is a really good tip, Thanks for highlighting it Jason. not too sure I want to go with gmail. As admin on another web site, as well as here, I'll mention that most of our spammers have gmail addresses - and someone signing up with a gmail address has to do a lot of convincing for me to let them in...

Thanks dave, good point and I've been hit by that one in the past as well. B....s were spamming me, as well as others, from one of my addresses, and I ended up with a banned account in many places.... Took some sorting out... The hotmail hack this time didn't spoof the headers, and the spams were nicely copied into my sent folder.

I still want to know how they got hold of my password, though....
 

JasonC

Member
Messages
217
I get your point about spammers using Gmail addresses but, surely the same can be said for any free email account? anyone can set up a hotmail, yahoo account etc. As it happens I use a paid for Gmail account with my own domain name as the address, so this might be worth looking at instead of the free one, it takes a little more setting up though.

If you do a search on the web you'll find there are many resources for hacking a hotmail account, it's fairly easy to do, and easy to grab peoples passwords from just the browser source, that's if someone has access to your PC of course. Or it could just be a simple keylogger that is logging every key you press on the keyboard, these are very easy to distribute to people to steal information such as passwords! These keyloggers are not always detected by anti-virus etc software, so it's worth checking your's does.
 

kevgermany

ex Landrover Nut
Subscriber
Messages
21,947
hmmmm - how would someone have access to my pc? I'm sitting behind a firewall on the router, another firewall on the machines..... And two different AV programs prgs pronounced the machine clean. But it's the keyloggers that worry me the most......
 

JasonC

Member
Messages
217
I don't know what it is with the forum today but I've just had to type everything twice as it keeps losing my post!

Anyway... I didn't mean access to your computer remotely, I meant access to your physical computer, you might have a laptop using it somewhere else where someone can use it.

Keyloggers are a pain, you can also get screenloggers! but using 2-step authentication get's around this because it requires you to have mobile phone which creates a code that can only be used once, obviously if someone has access to your phone and computer then your stuffed! but its an additional level that makes it harder for hackers.
 

Sweet Dreamer

Senior Member
Messages
505
I recently heard a conversation on NPR radio. I don't recall the show or precise details, but they were talking about Internet security and various ways that people can access your information.

Like I say, I didn't catch the precise details, but it goes something like this:

If you are using a browser and you have more than one tab or window open, sites that you access in one window or tab can actually have access to cookies and information that's going on in other tabs or windows.

In other words, say you have some arbitrary site open in your browser. It could be anything. Then in another tab or window you open your Hotmail account (or worse yet your BANKING account!) and you log on with your password.

Well, the other sites that you have open in other tabs or windows can actually "see" the information that you are exchanging with your email account, or BANK!

So if you open an email window, or bank account, or anything important CLOSE OUT all other tabs and windows FIRST!

Like I say, I'm not sure how this works, but evidently the browsers are made that allow sites to "see" and read cookies and other information being exchanged in other windows and tabs.

So be real careful about how many sites you are "simultaneously" connected to via open tabs and windows. Just because you aren't currently using a tab or window doesn't mean that it isn't still actively accessing your information.

That's rather scary, but something to keep in mind.

~~~~

Just guessing here, I would imagine it would be ok to have multiple tabs or windows open for the same site without any risk. In other words, if you are shopping at Amazon you can have a bunch of Amazon windows or tabs open and you're still just connected to Amazon. Same with your bank. As long as all the tabs and windows are for the same site then you're still only open to that one site.

But having tabs and windows simultaneously open for different sites poses a security RISK.

So close all other tabs and windows anytime you logon to something with a password. And don't ever open other sites whilst doing banking, online shopping, or accessing an email account.

It's a shame that we have to put up with such criminal activity, but it's out there and they are trying hard to use every trick in the book to steal information, money, or just harass people for no good reason.

That's truly sick, but it's the reality of the situation.

So watch your cookies!
 

kevgermany

ex Landrover Nut
Subscriber
Messages
21,947
Thanks Jason and Sweet Dreamer, I'll take a look at it. Cross window cookie insecurity sounds rather bad.
 

rudjarl

Senile Member. Scandinavian Ambassadour of CaSLM
Messages
657
The drawback of being connected is that you are opening up for the world. Firewalls, spam filters, anti virus... they can only do so much...

The initial problem is that sending data is nothing more than making electrons bump into each other (electrons, protons, neutrons... he.., even thachyons (is that the right spelling?) if you're from some 200 years into the future, looking back into what we are doing now (sort of)) thus making waves of signals rushing along from you you to somewhere else. The next problem is that the electrons can bump into each other the other way around.

Given this, you can not fully protect yourself from anything but yourself. I'm not suggesting skipping protection all together, far from it, I'm merely stating that it's not possible to be fully protected (unless you pull the plug). So stay alert, upgrade your firewall, spam filters and anti virus. But acknowledge that it might not be enough.
 

old git

Tremendous Bore
Messages
5,545
The initial problem is that sending data is nothing more than making electrons bump into each other (electrons, protons, neutrons... he.., even thachyons (is that the right spelling?)
What about neutrinos? Completely spoil the grammar as they arrive before the rest.
 
Saxholder Pro
Help!Mailing List
Top Bottom