People getting spammed from my email address?? Help

phuschnickensphuschnickens Beverly Hills, Michigan Member
edited April 2010 in Science & Tech
A friend of mine came to me asking what to do... his contacts, work, friends, etc. are getting spam that claims to originate from his email address. I told him it could be just spoofing his email address, but I do find it a little odd that it has a list of his address book. I know address book harvesting was common 10 or 15 years ago, but now? I believe his email address is @yahoo and he is not using an email client. I believe he only uses his own computer for email (not one at home, one at work). Also, I'm currently doing a scan of his computer, but it's really not acting virus ridden. Assuming the computer proves to be 'clean', what do I tell him? What is happening and what is the solution. Is there a solution?

Thanks guys!

Comments

  • RichDRichD Essex, UK
    edited April 2010
    it maybe that someone has gotten hold of his username and password and is exploiting it. tell him to change his password and see if that helps. also report it to yahoo. They may look into it. Does he have pop3 forwarding enabled? by standard it is disabled but if someone has got his logon details they could enable forwarding and use an external client to spam from his address. Im not an expert bu i know this happens with facebook all the time.
  • ardichokeardichoke Icrontian
    edited April 2010
    There seems to be a rash of this going on lately. I've gotten reports from a few coworkers that they have had friends and family members whose accounts have been exploited. Even one of my friends got hit with it and spammed me. Seems to be just a case of cracked passwords though from what I've seen so far. Have them check their sent mail, if there is spam there then it's likely their account was compromised, if there isn't any of the spam there it's less likely that the account itself was compromised. Either way, I'd tell them to change their password, also give them the strong password lecture (greater than 8 characters, lowercase, uppercase, numbers and symbols, no dictionary words, names, birthdates, etc. Come up with an acronym and then replace letters with symbols or numbers seems to be the best method for most people)
  • phuschnickensphuschnickens Beverly Hills, Michigan Member
    edited April 2010
    Great. Thanks for the info.
  • RichDRichD Essex, UK
    edited April 2010
    Incidentally, with yahoo, if the messages have been sent using a client they wont appear in sent items on the web interface. Only items that have been sent via the web interface appear in sent items. I would also suggest he checks his seconary email address. The hacker may have changed this so that even if you friend changes his password he can use the secondary address to regain access (I cant remember if password recovery sends you old password or asks you to change it).
  • phuschnickensphuschnickens Beverly Hills, Michigan Member
    edited April 2010
    I am by no means a pro on this stuff, but it just seems so unlikely that someone would take time the time to manually mess with each individual compromised email account. The amount of time the hacker would have to spend on each email address for the amount of money he stands to gain just doesn't seem worth it (it's almost like getting paid a reasonable hourly wage at an honest job like the rest of us :grumble:). The only reason spending time on each address might be better than simply harvesting a giant list might be worth it is that you can in turn get a list of that person's contacts which would allow the spamming to be slightly more effective. Even at that, unless it quickly leads to a compromised bank or credit card account, is it worth the pay-out? Or maybe it is (like I said I'm no pro).

    Am I wrong?
  • kryystkryyst Ontario, Canada
    edited April 2010
    While it's possible his account was compromised or his computer has a virus or something. Those scenarios are actually a lot less likely then the following one:

    He did a reply all to a bunch of people in a mailing list, and the chain goes on and on. The originator of that email or somewhere along the list is an email harvesting spam bot. It picks an email at random from the list and spoofs it to all the other recipients on the list.

    One way to check this is if you get a spam from him go into the actual message details and check the send from info and start tracing it, odds are it's not tracing back to the real senders servers it's some where else.
  • RichDRichD Essex, UK
    edited April 2010
    in addition to what has been said above you email password is probably the most important password you own. think about what happens if you cant remember you user name and password to access a site. they either email you a reminder or reset instructions. once someone has access to your email they can look at what site you are registered to, and start accessing other site by exploiting the"i forgot my password" button.

    that said what kryyst has said is far more likely.
  • ardichokeardichoke Icrontian
    edited April 2010
    I was going to point out that what kryyst suggests is not, in fact, more likely because any company with half a brain uses spf records these days to prevent spoofing. A quick dig on yahoo.com though shows that Yahoo doesn't actually employ spf records. What a pile of fail. Yet another reason I don't use Yahoo mail.
  • RichDRichD Essex, UK
    edited April 2010
    they are pretty poor. It is difficult to share contacts with them and now you have to pay them to setup pop forwarding. i would recomend google mail. the only reason i use yahoo is because it is too much hassle to change it.
  • kryystkryyst Ontario, Canada
    edited April 2010
    ardichoke wrote:
    I was going to point out that what kryyst suggests is not, in fact, more likely because any company with half a brain uses spf records these days to prevent spoofing. A quick dig on yahoo.com though shows that Yahoo doesn't actually employ spf records. What a pile of fail. Yet another reason I don't use Yahoo mail.

    Exactly why I suggested it, yahoo has a huge hole in their security.
Sign In or Register to comment.