thai
Full Member
Posts: 164
|
Post by thai on Aug 19, 2016 11:18:48 GMT -5
Numerous reports from contacts that they are receiving spam emails from me. I immediately changed me email password, ran Windows Defender and Malwarebytes and changed my password Gain for good measure. Just received another phone call that they received another spam. What do I do now?
Thanks, Thai.
|
|
drcard
Software Review Panel
Posts: 606
|
Post by drcard on Aug 19, 2016 19:14:31 GMT -5
Hi thai,
There are many ways email spamming is accomplished and some of them would not mean that you have been hacked. Your name and email address is in the address book of many different friends, family, and web sites. A common email trojan hacks into some one's email account and copies the address book. The spammer sends spam to everyone in the address book but "spoofs" the emails so that it appears to come from someone else in the address book. This is done so the people in the address book contact the "apparent" sender and not alert the true sender that is infected. The only way to know if this was the case or if you have truly been hacked is to examine the email header. Trouble is most users can't understand an email header to determine if it was spoofed or not. Although most users can't understand the entire header, often they can determine the server that sent the email. If that server is not the IP address for your outgoing email server (in your settings for your account), then the sender was "spoofed" because any email sent by you and your email account has to start from your outgoing server.
|
|
thai
Full Member
Posts: 164
|
Post by thai on Aug 19, 2016 21:10:03 GMT -5
This tech stuff really confuses me! So, if I read this correctly, I may not have been hacked? What I need to do is get a hold of one of the supposed spam emails and check the header for the IP address it was sent from? How do I do that? Where do I look? I'm pretty sure everyone who got one of them has deleted them....that's what I would do.
Thanks drcard Thai
|
|
drcard
Software Review Panel
Posts: 606
|
Post by drcard on Aug 20, 2016 5:37:41 GMT -5
Hi thai, Spammers don't stop after one round, so let your friends know that they should forward the spam email to you. Determining where the email was originally sent from requires you to examine the headers of the email. How to display the email header differs with the email application (Gmail, Yahoo, Outlook, etc.) you use to view the emails. The link below explains how to display the headers of the more popular email applications and explains how to examine the header to determine where the email was originally sent from. It is not necessary to determine exactly where the email came from (unspoof the email) as all you want to know is if the email was originally sent from your email's server. If the email application you use for your email is not listed in that link, then post back with which email application you use and I'll give you instructions on how to view the headers with your email application. That link does explain how to examine a header to track the email routing and thus where it originally was sent from. How to Track the Original Location of an Email via its IP AddressLet me know if you need further help.
|
|
thai
Full Member
Posts: 164
|
Post by thai on Aug 20, 2016 12:30:25 GMT -5
Dana, I have put the word out for my contacts to forward anything they get. I use Yahoo Mail so the link did tell me what to do to find the IP address sending it out. I'll be back with my results as this unfolds.
Thanks, Thai
|
|
thai
Full Member
Posts: 164
|
Post by thai on Aug 20, 2016 12:52:11 GMT -5
ok...i have an offending email(actually 3) and OMG!!! Have opened it to view full content and it is all Greek to me!
One thing I did notice is that in the FROM section of the emails, it is indeed my name but the email addy is not! The first section of the email addy is correct but after the @ sign the remainder is not correct. My friend sent me 3 of the emails she received and they are all different after the @ sign.
I would copy and paste the full content for you to see but it has my friends and my name in it...not a good idea, right?
|
|
thai
Full Member
Posts: 164
|
Post by thai on Aug 20, 2016 13:41:11 GMT -5
I tried to do an IP address lookup but because my friend forwarded me the offending email that is the information that is being analyzed? This is out of my league, me thinks....lol.
|
|
drcard
Software Review Panel
Posts: 606
|
Post by drcard on Aug 20, 2016 14:20:20 GMT -5
Hi thai,
As I suspected, the different addy after the name means it did not come from your machine. Thus, you are not infected and is why all scans and changes you make won't make a difference. Someone who has your email address in their address book is the one that's infected. Even if that users get's rid of the trojan, the damage has been done as the spammer now has the email addresses and will continue to spam from other hacked servers. Don't worry about trying to track the exact location of where the email came from as these guys are experts in covering their trails that could lead back to them. Just be glad you are not infected and let your friends know that its not your fault if someone else gets infected.
|
|
thai
Full Member
Posts: 164
|
Post by thai on Aug 20, 2016 15:03:59 GMT -5
Hi Dana, You have made my day!! Thank you so much for all your help. And the results could not have been better. Two people who I know I am in their contacts have within the last 6 months, have given remote access of their machines to a solicited phone call from a foreign country. Could this be where I became compromised?
Thanks again...you're the best! Thai
|
|
Peter
Software Review Panel
Posts: 174
|
Post by Peter on Aug 24, 2016 20:38:24 GMT -5
Hi Thai: You and Dana have done very well to have tracked things down successfully. And reading through your and Dana's posts, I have learned things too. I will keep this thread marked so that I will be able to refer to it if/when the need arises.
Sorry to hear that your friends/contacts got bamboozled into giving remote control to their computers from strangers (no matter what the country). I hope that they did not get tricked into paying them money or giving them any personal information (bank, credit cards etc.) As Sgt. Esterhaus (Hill Street Blues) used to say: "Hey, lets be careful out there."
|
|
thai
Full Member
Posts: 164
|
Post by thai on Aug 25, 2016 21:37:27 GMT -5
Actually the one did pay out $250.00 the first time she was contacted and then when they called the second time demanding more, she hung up and they crashed her computer. The other one gave over access and then was asked for money, he refused and they crashed his as well! I preach the "be careful" mantra at every opportunity but what these two said to me was..."they sounded so legit, even you would be convinced!"
NOPE, not even close would I be convinced....lol.
Glad my issues were a learning experience for you.
Thai
|
|