E-Mail Compromised

Mauricemcg · 08-01-2018 7:42pm #1

I wonder if anyone has any idea what might be happening here. A few weeks ago, a friend got an e-mail purporting to be from me (message was something like "you might like this" with an attached link). He opened the e-mail but didn't click on the link. I reset my e-mail password just in case, but no other contact of mine received similar e-mails. Then the same friend got another e-mail today. I suspect that his own e-mail account and/or device is/are compromised with some form of malware. Any thoughts?

Blowfish · 09-01-2018 9:59am

It's possible there was no compromise of any actual email addresses.

Basically, it's extremely easy to fake the 'from' field in emails. A lot of the bigger webmail companies have gotten better at spotting this (won't bore you with the details) but some still haven't.

What's likely happened is that an account from some other site was compromised (check your and your friends email addresses here) where both of your accounts, and thus email addresses, are linked some way, e.g. a 'friends list' or some other method. The spammers take advantage of this to fake mails from one person to others linked to them as people are more likely to open mails that appear to be from someone they know.

Mauricemcg · 09-01-2018 10:45am

Thanks Blowfish. That's very helpful. I checked both my and my friend's e-mail addresses on the link and there are some "pwned" incidents on both. Any way of finding out which websites are involved.

Maurice

rolion · 09-01-2018 1:55pm

Mauricemcg wrote: »

Thanks Blowfish. That's very helpful. I checked both my and my friend's e-mail addresses on the link and there are some "pwned" incidents on both. Any way of finding out which websites are involved.

Maurice

The only way to do it is to buy your own domain and setup individual AND unique email addreses for each site you register with.Then setup som sort of "catch-all" or "forwarding" or "aliases" to a single email account that you will check for incoming messages.

For example,Boards has my account with a unique email address,lets say "EmailForBoardsOnly@mydomain.me"
If suddenly i receive messages to that email account to my domain,it proves technically that the "boards.ie" backend database have been compromised AND/OR they are selling email addresses to third party.

In your case,if you registered with "adobe.com","yahoo.com" or "Linkedin.com" they have been massively compromised (as per online articles) and if your mail address is there,you're doomed !

Cought few of the third party like this...few good times ...and not "boards.ie" !

Joe Exotic · 09-01-2018 6:06pm

Mauricemcg wrote: »

Thanks Blowfish. That's very helpful. I checked both my and my friend's e-mail addresses on the link and there are some "pwned" incidents on both. Any way of finding out which websites are involved.

Maurice

Keep in mind that your email being in the "haveibeenpwned" database does not mean your account has been compromised. It means that your address was included in a list dumped online (often on dark web).

This could, for example, be because that someone you know was comprised and your address was in their contacts.

You should still change your password on any account listed to be sure though

Mauricemcg · 09-01-2018 6:15pm

Thanks for the useful feedback everyone. I've actually changed passwords on any website I'm registered on. Took me a while, but all the passwords are now complex gobbledygook, so unlikely to have any more problems.

Maurice

hmmm · 09-01-2018 11:39pm

Enable two factor authentication on your email just in case.

Mauricemcg · 11-01-2018 1:03pm

hmmm wrote: »

Enable two factor authentication on your email just in case.

I've done that now on Facebook and a couple of other sites that have that facility, but not all do. Thanks Hmmm.

E-Mail Compromised

Comments