The Mudcat Café TM
Thread #147969 Message #3432893
Posted By: JohnInKansas
08-Nov-12 - 05:16 AM
Thread Name: Tech: troubling e-mail process
Subject: RE: Tech: troubling e-mail process
If someone is sending emails in her name and from her address it means that someone probably has managed to access her email account. This would give the criminal her address book and all her emails. This may have been done by hacking into just her account directly at the provider's site, by a more sophisticated hack of data at the providers site that involves other customers, or by hacking into her own local email (and everything else) on her computer.
It would be easy for someone with the information they apparently have to set up a new account in her name at a different provider, and to continue to pretend to be her. Most email providers allow you to have any email sent to your old account automatically forwarded to a new one, with new stuff all sent to the new one or with it sent to both the old and new ones at least for some limited time.
It probably would be simple for the malicious person to change the password on her account so that she could no longer get into the account information.
If the hacker got into her account on the site that was providing her email service, there's less likelihood that they have extremely sensitive information such as bank passwords, depending on whether individual emails may have been to or from secure places, or may have contained information about places where such information could also be accessed.
If the original penetration was on her own computer, then the hacker may know just about everything she knows. Potentially, THIS COULD BE VERY SERIOUS, and not just with respect to the web accounts that have been accessed. Just because someone got into some of your stuff doesn't necessarily mean that they WILL proceed to more malicious activities, but she should give serious thought to what actions to take to be aware of additional unusual transactions.
She should, of course, make sure that her own computer is "clean" by using strong AV scans, including things like root kit infections that are difficult for many AV programs to find.
A normal recommendation would be that she should CHANGE HER PASSWORDS FOR EVERY ACCOUNT SHE HAS regardless of how "sensitive" the individual accounts might be. She should be helped with how to use "strong passwords" and taught that it's necessary, and should be encouraged to use a different password for each account.
Because of the possibility that someone has more of her information than has been used thus far, she needs to be more than usually careful to look for any unexplained charges on any "money accounts" she has (charge accounts especially, but also phone bills and others) and/or for communications (email or snail mail, phone calls, etc) from unknown sources.
While it's possible that this is just someone messing idly with her email, she needs to be aware that it might not be "just about the email."
No need to be paranoid, unless/until there's evidence of something more serious, but it's approprate for her to be VERY NERVOUS ABOUT IT.
John