Lyrics & Knowledge Personal Pages Record Shop Auction Links Radio & Media Kids Membership Help
The Mudcat Cafemuddy

Post to this Thread - Sort Descending - Printer Friendly - Home


Tech: troubling e-mail process

GUEST,leeneia 07 Nov 12 - 09:10 AM
Jack Campin 07 Nov 12 - 09:25 AM
Jack Campin 07 Nov 12 - 09:31 AM
Newport Boy 07 Nov 12 - 10:50 AM
GUEST,leeneia 07 Nov 12 - 10:34 PM
GUEST 08 Nov 12 - 02:40 AM
GUEST,skivee, guesting in 08 Nov 12 - 02:54 AM
JohnInKansas 08 Nov 12 - 05:16 AM
Richard Bridge 08 Nov 12 - 06:09 AM
Jack Campin 08 Nov 12 - 08:09 AM
Bernard 08 Nov 12 - 08:13 AM
JohnInKansas 08 Nov 12 - 08:15 AM
Jack Campin 08 Nov 12 - 08:58 AM
GUEST,leeneia 08 Nov 12 - 11:40 AM
Share Thread
more
Lyrics & Knowledge Search [Advanced]
DT  Forum
Sort (Forum) by:relevance date
DT Lyrics:




Subject: Tech: troubling e-mail process
From: GUEST,leeneia
Date: 07 Nov 12 - 09:10 AM

I've got a friend - let's call her Charlotte. She uses a computer but is not particularly savvy.

Recently people from her e-mail Address book received a fraudulent message, purportedly from her, saying she was stranded in Europe and needed money. Nobody took the e-mail seriuously, fortunately.

But now, something strange is going on. It's happened when I send her e-mail, and it's also happened when my husband sends Charlotte a message from work, where sophisticated spam protections are in place.

I send a message to CharlottejpxwiATswb.com, and I get a message back from the Mailer-Daemon saying 'Your message to CharlottejpxwiTyahoo.com could not be delivered.'

See what happened? Some process changed the domain from swb to Yahoo. I don't believe my friend has ever even had a Yahoo account.

Should we be worrying about this?


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: troubling e-mail process
From: Jack Campin
Date: 07 Nov 12 - 09:25 AM

I just tried sending a message to vvefvfdsvd@swb.com to see what the bounce message would look like. I dodn't get that far: my mail server said "550 Unrouteable address". Looks like swb.com has gone off line.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: troubling e-mail process
From: Jack Campin
Date: 07 Nov 12 - 09:31 AM

...and in addition www.swb.com is unknown to my name server as well.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: troubling e-mail process
From: Newport Boy
Date: 07 Nov 12 - 10:50 AM

swb.com is registered by 'DomainsByProxy' with a Scottsdale, Arizona address. Registration last paid 30 Nov 11, so it should be OK, but the site is unavailable.

Phil


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: troubling e-mail process
From: GUEST,leeneia
Date: 07 Nov 12 - 10:34 PM

No, no. 'swb' or whatever is her legitimate e-mail address. I just didn't type it right.   The problem is that the swb is changed to yahoo, and yahoo isn't in my address book or my husband's at work as her ISP. Why is mail to her being changed to yahoo without us doing it?


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: troubling e-mail process
From: GUEST
Date: 08 Nov 12 - 02:40 AM

She has combined accounts to simplify her life.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: troubling e-mail process
From: GUEST,skivee, guesting in
Date: 08 Nov 12 - 02:54 AM

Well, it does remind me a bit of the very common "Spanish Prisoner" con that goes back to the 19th century, but maybe brought up to date with hacked accounts.
Other versions of the con are those Nigerian Banking Fraud letters .
You should google "The Spanish Prisoner con" and get important info.


Be very cautious with any requests or demands of money that may follow
If it's more than chump-change contact the FBI. In fact,just contact the FBI


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: troubling e-mail process
From: JohnInKansas
Date: 08 Nov 12 - 05:16 AM

If someone is sending emails in her name and from her address it means that someone probably has managed to access her email account. This would give the criminal her address book and all her emails. This may have been done by hacking into just her account directly at the provider's site, by a more sophisticated hack of data at the providers site that involves other customers, or by hacking into her own local email (and everything else) on her computer.

It would be easy for someone with the information they apparently have to set up a new account in her name at a different provider, and to continue to pretend to be her. Most email providers allow you to have any email sent to your old account automatically forwarded to a new one, with new stuff all sent to the new one or with it sent to both the old and new ones at least for some limited time.

It probably would be simple for the malicious person to change the password on her account so that she could no longer get into the account information.

If the hacker got into her account on the site that was providing her email service, there's less likelihood that they have extremely sensitive information such as bank passwords, depending on whether individual emails may have been to or from secure places, or may have contained information about places where such information could also be accessed.

If the original penetration was on her own computer, then the hacker may know just about everything she knows. Potentially, THIS COULD BE VERY SERIOUS, and not just with respect to the web accounts that have been accessed. Just because someone got into some of your stuff doesn't necessarily mean that they WILL proceed to more malicious activities, but she should give serious thought to what actions to take to be aware of additional unusual transactions.

She should, of course, make sure that her own computer is "clean" by using strong AV scans, including things like root kit infections that are difficult for many AV programs to find.

A normal recommendation would be that she should CHANGE HER PASSWORDS FOR EVERY ACCOUNT SHE HAS regardless of how "sensitive" the individual accounts might be. She should be helped with how to use "strong passwords" and taught that it's necessary, and should be encouraged to use a different password for each account.

Because of the possibility that someone has more of her information than has been used thus far, she needs to be more than usually careful to look for any unexplained charges on any "money accounts" she has (charge accounts especially, but also phone bills and others) and/or for communications (email or snail mail, phone calls, etc) from unknown sources.

While it's possible that this is just someone messing idly with her email, she needs to be aware that it might not be "just about the email."

No need to be paranoid, unless/until there's evidence of something more serious, but it's approprate for her to be VERY NERVOUS ABOUT IT.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: troubling e-mail process
From: Richard Bridge
Date: 08 Nov 12 - 06:09 AM

It is not necessarily Charlotte's machine (although she may carelessly have installed a trojan). If a third party (let's say "Dumbo") has a trojan and also has Charlotte's email address in his addressbook, the trojan could be spoofing the "from" field in the emails it send out so as to appear to be coming from Charlotte. Close inspection of the headers will reveal (I have done it in the past but would have to look up how to do it if I wanted to do it again).

It also may be a problem at swb.com. Has anyone tried a ping on SWB.com to see if it is responding? The problem may be there. None of my Win98SE machines are on the network at the moment and I am less happy about how to get into the command line in XP, or I would do it.

In fact, I think the problem is more likely at swb as that is the most probable place for the swb address to be being switched to a yahoo address.

Have you tried logging into a yahoo email account with Charlotte's details (but yahoo in stead of swb)? You won't get in because you have not got the new password but if you go to the "forgot your password" link it will reveal if there is an account there with her yahoo email address (ie the fake one).


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: troubling e-mail process
From: Jack Campin
Date: 08 Nov 12 - 08:09 AM

Could it be that leeneia's machine is set up to try yahoo as its default mail domain, and that since swb.com seems have gone off air, it tries that instead?


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: troubling e-mail process
From: Bernard
Date: 08 Nov 12 - 08:13 AM

Quite a few ISPs use Yahoo as their mail provider - here in the UK, BT is one such. This could be a simple explanation of part of the problem. Because the account has been compromised, maybe it has been blocked.

There has been a spate of fake emails with 'video attachments' or some such which then cause the user's email account to be compromised. This would typically happen when the attachment is opened whilst logged in to webmail.

Usually you can sort it out fairly easily - on the log-in page you should find a link for changing your password. Only do this after running a security scan (not just ant-virus) on your computer first.

After you've changed your password you will probably find the mail provider asks you to do it again, because they have detected suspicious activity on your account.

However, if the account has been blocked you may have to contact the service provider for advice.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: troubling e-mail process
From: JohnInKansas
Date: 08 Nov 12 - 08:15 AM

One of the reasons for not getting paranoid immediately is that there are enough things that could cause just about any "strangeness" that you can get yourself confused if you rush into trying to fix everything that might be wrong all at once.

I don't recognize the "domains by proxy" that Newport Boy mentioned, and first thought was it might be one those "redirector" services that let you send email without showing the real address of the sender. Maybe someone knows more about that(?). This would suggest that whoever is sending them might be working a little harder at it.

Any recent Windows versions (prior to Win8) lets you find the Command Prompt at Start|Programs|All Programs|Accessories, if memory serves me. Vague memories say it might be a step further, at System Tools or something similar in some older versions(?) but it shouldn't be hard to find. You can also get there if you hit Start and put "Command" into the "search box" at the bottom and hit Enter.

"ping mudcat.org" in a Command window would send a ping to mudcat and tell you if it got through. One of the handy things is that you can use the "name url" (e.g. mudcat.org") or the "numeric" one, but the ping will report back using the numeric address (173.163.150.105 for mudcat), which is the simplest way I've found to find the numeric one when all you've got is the "familiar one."

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: troubling e-mail process
From: Jack Campin
Date: 08 Nov 12 - 08:58 AM

Scottsdale, AZ is where they invented spam - it has the largest population of internet gangsters in the world. If swb.com was once a legitimate site (I can't find any trace of it) but has now been hijacked by an entity based there, I would assume the worst about what they're doing with any user accounts they've managed to compromise.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: troubling e-mail process
From: GUEST,leeneia
Date: 08 Nov 12 - 11:40 AM

Thanks for all the info. Enough friends have expressed concern that she's paid for professional help to get the problem resolved.


Post - Top - Home - Printer Friendly - Translate
  Share Thread:
More...

Reply to Thread
Subject:  Help
From:
Preview   Automatic Linebreaks   Make a link ("blue clicky")


Mudcat time: 19 February 11:13 PM EST

[ Home ]

All original material is copyright © 1998 by the Mudcat Café Music Foundation, Inc. All photos, music, images, etc. are copyright © by their rightful owners. Every effort is taken to attribute appropriate copyright to images, content, music, etc. We are not a copyright resource.