cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Paladestar
Aspiring Contributor
2,344 Views
Message 1 of 10

Email Security Breach?

Today when I logged in to my BT Yahoo webmail I had a message from MAILER-DAEMON@yahoo.com about an undeliverable message. The message was sent to all my contacts, one of which is about 10 years out of date and doesn't exist any more hence the failure message I guess. Thing is I didn't send a message to all my contacts! The content of the message is just a link to what looks like a site trying to push various meds (the kind of thing you get in spam mail). Have I somehow been hacked or has there been a general security breach with the webmail service? I find it hard to believe I was somehow hacked, I have net protect with McAfee installed and it is saying everything is fine. I browse the web using the most recent version of Firefox with the Flashblocker and No Script plugins active. I don't use outlook or any locally installed email client, just the webmail web site. I always use stong passwords and have never reused my BT Yahoo password anywhere else. The undeliverable message says the email was sent from 81.114.***.***, is that part of a range belonging to BT Yahoo? I'm trying to work out of the actual email request came from my physical PC or somewhere else using the webmail site. My current IP doesn't match that given above, but are BT Yahoo IPs dynamic and could it have been that yesterday? Anyone have any ideas on this? Thanks 🙂
0 Ratings
9 REPLIES 9
Distinguished Sage
Distinguished Sage
2,338 Views
Message 2 of 10

Re: Email Security Breach?

this sounds like malware and suggest you download malwarebytes and run it - it's free



If you like a post, or want to say thanks for a helpful answer, please click on the Ratings 'Thumbs up' on left hand side.
If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’.
0 Ratings
Paladestar
Aspiring Contributor
2,318 Views
Message 3 of 10

Re: Email Security Breach?

Thanks for the advice, I gave that a try. Downloaded the free version of malwarebytes, installed it, updated it, ran a full scan on all drives and it found nothing. Does the free version only have limited functionality that could miss certain things?
0 Ratings
Distinguished Sage
Distinguished Sage
2,314 Views
Message 4 of 10

Re: Email Security Breach?

I think for your pupose it is the same but pay version ahs likes of real time protection, scheduled scanning etc.  does Mcafee not have any thing you could use to scan?



If you like a post, or want to say thanks for a helpful answer, please click on the Ratings 'Thumbs up' on left hand side.
If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’.
0 Ratings
Distinguished Sage
Distinguished Sage
2,312 Views
Message 5 of 10

Re: Email Security Breach?

Its quite easy for someone to forge your e-mail address, without even having access to your computer.

Spammers have software which can generate thousands of e-mails with fake "from" information.

As a sensible precaution, I would change your e-mail password, just in case someone has found it out.
0 Ratings
Paladestar
Aspiring Contributor
2,288 Views
Message 6 of 10

Re: Email Security Breach?

The delivery failure message came from MAILER-DAEMON@yahoo.com which suggests the outgoing spam mail was sent using the proper yahoo mail server and not some remote spam server where the from address could be spoofed, otherwise the delivery failure would have gone back to that spam server wouldn't it? I did change my password to be safe, and I left the undeliverable contact address in my contacts so if it happens again I can see it occur. Didn't see such a screen, but maybe i just missed it, is there a way to see what time my account was last logged in to the webmail each time I go there?
0 Ratings
Distinguished Guru
2,279 Views
Message 7 of 10

Re: Email Security Breach?

 


@Paladestar wrote:
The delivery failure message came from MAILER-DAEMON@yahoo.com which suggests the outgoing spam mail was sent using the proper yahoo mail server and not some remote spam server where the from address could be spoofed, otherwise the delivery failure would have gone back to that spam server wouldn't it? I did change my password to be safe, and I left the undeliverable contact address in my contacts so if it happens again I can see it occur. Didn't see such a screen, but maybe i just missed it, is there a way to see what time my account was last logged in to the webmail each time I go there?

 

Hi.

 

I believe that unfortunately, your account may well have been used by spammer. The IP address you mentioned (though the extra 3rd octet is helpful) indicates a Telecom Italia IP address, though this too could be a spammer using another connection.

 

Was the sent message by any chance in the webmail sent folder ?

 

There is not an inherent problen with webmail, if this was the case there would be millions of similar problems.

 

As others have said, altering the password is the first step. Is the mail account a Yahoo.co.uk account or a BTinternet.com address ?

 

Now, due to the explosion in social networking sites (do you happen to use any David?) - spammers can look at users' facebook details for example where a lot of folk let their guard down and give all sorts of details, including DoB, PostCode, Mothers maiden name, pets, etc, etc. Some of these items are by default used by people - and the "forgotten password" links (e.g. my shortcuts link 3a) use these.

Of course, doing this by a spammer/scammer would mean that users may not be able to get into their account due to thems altering passwords - but they may use the other details to guess passwords (pets, school ....).

 

It might be worth altering these details in case the password has been compromised (see my shortcuts 24a) - and altering will help to prevent changes. Of course, you need to remember what you use.

0 Ratings
Paladestar
Aspiring Contributor
2,246 Views
Message 8 of 10

Re: Email Security Breach?

Good thinking, checked sent folder, but it's not there.  My email is @btopenworld.com.  Never used any social networking sites.

Here's the full body of the failure notice email, maybe some more clues in there I don't understand how to interperet?:

Hi. This is the qmail-send program at yahoo.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<[censored]@[censored]>:
[IP address of target email address server] does not like recipient.
Remote host said: 550 Unrouteable address
Giving up on [IP address of target email address server].

--- Below this line is a copy of the message.

Return-Path: <[censored]@btopenworld.com>
Received: (qmail 75179 invoked by uid 60001); 7 Sep 2010 21:03:33 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btopenworld.com; s=s1024; t=1283893413; bh=doVA1JX7O/a1AvlRjH89sCG6wcc+/8oChZbtqw1qqoA=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=ThpJee6SYPQiPRJy4fNEKvO5p8bXWVUJKAP97tMrIDnUAdL318uyvWqWQ51WzjhJ3o6/t2xXS52f26BW1asHOIJvD2icynfUS1ECZBdMHRFkmnWZuRGImafWIM0JAN+vGomzh7A9rW5Fl8naS1Ey5Bw0ewYd2v5eqwqzAI4JFEo=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=btopenworld.com;
  h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=iNoSLGOin3nTVU7/vJ6WwrZshAn7YhFgEfmTsDQyljDYfQ8ks2Wz4v5KqJUjiLX1D+WoEmRuvcF+l36iSzj4ZOLrFhsxWP6m6PZAFIL7l/xiSGzxbpDvEPQNABqwp5vldnVwtFP9StkmK7twVZNTBjvpMYbu1DTerVkKQmf3TxU=;
Message-ID: <672783.75140.qm@web86106.mail.ird.yahoo.com>
X-YMail-OSG: woGQxKwVM1k6YCLjZA9mAf6F38zxSXCNscVkM_Zjz92LuWA
XF5pdxc3WdbcRHU2YyCFZvtd_263.wSGU_JKVoAEjbYuxbtfasIY1KInxEDy
9vFbU47PbWmaCmZIugvkgj7ZxkfSghIbhtCoUSTSaActMiCXcucd8FAsOA0p
.svhAyyIMchx6Y32FEbI5uypc5LZPdVTfRgrzUNsqy_rmqP_8dsiG5N8Q2CO
gkCqarIRD8PQ88.ckWjx2VQHJ9sDrt5yMtQPna1Hdocwqi3xK6f4d1vM1WAo
SNv9sFQ_NkbBxfX5gQra0st2YueBkhlEmK5nGMlXJ
Received: from [82.114.186.97] by web86106.mail.ird.yahoo.com via HTTP; Tue, 07 Sep 2010 21:03:33 GMT
X-Mailer: YahooMailWebService/0.8.105.279950
Date: Tue, 7 Sep 2010 21:03:33 +0000 (GMT)
From: [My Name] <[censored]@btopenworld.com>
To: [censored]@[censored], [censored]@[censored], [etc - each of my contact's email addresses]
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

http://[address to some meds site]

0 Ratings
Egret
Beginner
889 Views
Message 9 of 10

Re: Email Security Breach?

I have today received a very similar email, also indicating an email sent from my current email address to a defunct email address from an old contacts list.

 

I have in the past suffered emails being sent from what appears to be my email address to contacts taken from my mailbox.

 

I reported this to BT on two occasions.

 

On the first BT advised me to change my password and to regularly use MacKeeper and to contact them if this recuurred. Despite doing this I had a repeat 'attack' using the same email addresses and again reported this to BT, I was asked to escalate the matter to the spev=cialist BT security team by forwarding the offen=ding enail to theor special email address. 

 

I did this, but despite chasing the matter, and also raising a complaint, I have heard nothing more.

 

Like you, the offending emails do not show in my computers sent folder or indeed in the various folders in my BT mailbox. I therefore conclude that either there is a security breach within the BT domain enabling people to establish a clone email address, or that this can be done by them to clone any organisation's address. (in which case it would be impossible to digfferentiate spam from bona fides emails.

 

I rather suspect we would have heard about it if the latter were the case so I am highly suspicious that BT have a big problem. I am seriously considering moving away from BT now as this mornings email incident suggests to me that BT have not been able to resolve the matter satisfactorily.

 

If the person can totally clone my email address there is a very real risk that they can access many of my otherwise secure online accounts by using my email address and perhaps might also be able to reive copies of emails being sent to me.

 

Not a comfortable thought!

0 Ratings
vofsanity2
Recognised Expert
853 Views
Message 10 of 10

Re: Email Security Breach?



Received: from [82.114.186.97] by web86106.mail.ird.yahoo.com via HTTP; Tue, 07 Sep 2010 21:03:33 GMT
X-Mailer: YahooMailWebService/0.8.105.279950
Date: Tue, 7 Sep 2010 21:03:33 +0000 (GMT)
From: [My Name] <[censored]@btopenworld.com>
To: [censored]@[censored], [censored]@[censored], [etc - each of my contact's email addresses]
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

http://[address to some meds site]


This indicates that the email was sent using Webmail from Yemen.

 

If you are still on BT Yahoo then check your Login History using 

 

http://api.login.yahoo.com/login/history

 

Login using your Btopenworld address and password

 

 

Display both Location and IP address.

 

Note that if your email account has been compromised then it is usual that none of the antivirus / anti malware products detect the breach because of the way it is done.

0 Ratings