Bay 12 Games Forum

Please login or register.

Login with username, password and session length
Advanced search  

Author Topic: Question about an e-mail issue.  (Read 505 times)

Seriyu

  • Bay Watcher
    • View Profile
    • Springless Clock
Question about an e-mail issue.
« on: March 01, 2013, 11:29:22 pm »

So my mom's e-mail has recently been sending out spam e-mail. I did a bit of research and noted the way we found out was because we were getting "mailer-daemon" error messages back, which, and here's the question, are indicitive of only one kind of e-mail fraud?

I forget the specific type but it's like e-mail forging I think it was called? Where some other e-mail pretends to be your e-mail and there's basically nothing you can do about it besides make a new account. Am I correct? Or is there a serious security threat here? We can still get into the account and have been able to for a long while so I somehow doubt anyone is actually accessing the account. My mom is pretty great about internet security so it's not a huge issue but I just wanted to make sure.

Thanks!

zombie urist

  • Bay Watcher
  • [NOT_LIVING]
    • View Profile
Re: Question about an e-mail issue.
« Reply #1 on: March 02, 2013, 12:39:50 am »

It's not terribly difficult to forge the headers.

Change the password and see if that helps. If not you might have to create a new account.
Logged
The worst part of all of this is that Shakerag won.

gimlet

  • Bay Watcher
    • View Profile
Re: Question about an e-mail issue.
« Reply #2 on: March 02, 2013, 02:14:27 am »

It's not even necessarily being originated from your account, it could be the account of someone you sent a mail to once upon a time, or someone who sent you a mail, or a mailing list you're on.  The malware will harvest all the contacts in a compromised account and then spoof the headers of the mail it sends to look like it comes from one of those captured addresses so the recipient is more likely to open it.   If it's rejected for any reason by some mail handler on the way to the recipient, the error message comes back to the spoofed orginating address - ie YOU.

It's kind of scary how many companies, websites/forums and mailing lists are compromised - I give a unique mail address to every site/person I correspond with so I can track where things come from.

And it's still a good idea to lock things down - turn off automatic image opening on your incoming mails, be REAL careful what attachments you open, don't ever use any Microsoft program to handle your mail (Outlook and it's ilk used to be bug filled infection vectors, I hear it's somewhat better now but why risk it?), look at email first as plain text and only after you're pretty sure it's legit possibly switch on the fancy HTML formatting.  (Lots of junk mail embeds unique id's in the addresses of the images in the mail, so just OPENING the mail and displaying the image confirms that it was sent to a valid email address AND that you opened it - just exactly what they want to know to send you more junk and sell your now-confirmed address to every other spammer under the sun).
Logged

Seriyu

  • Bay Watcher
    • View Profile
    • Springless Clock
Re: Question about an e-mail issue.
« Reply #3 on: March 02, 2013, 06:10:34 pm »

Yeah we use a browser, images are already pre locked, not sure about the attachments but she's tech savvy enough to know not to just download anything that shows up so I doubt it's an issue, virus scans didn't turn up anything anyway. Changing the password didn't help either, so it looks like it's an e-mail forging issue. It's not happening terribly often and my mom is very resiliant to changing her e-mail so it looks like we'll just be putting up with it, at least until it gets worse. Thanks everyone!