Theme

Welcome · log in · join	food

Home

Reviews

Speed Test

	All Forums		Hot Topics		Gallery

Scam and Phishbusters → E-Mail "Contact List" Hack

uniqs
5555

« [Scam] Scam: Exchange site • Relative in trouble scam »
page: 1 · 2 · next

mattrixx join:2004-02-18 Orland Park, IL	mattrixx Member 2012-Jun-16 5:35 pm E-Mail "Contact List" Hack Not sure if this is the correct forum for my gripe, but what is going on with AT&T, Yahoo, SBC Global etc. E-Mail vulnerability? Everyone I know (including me) with these mail accounts have had their personal contact lists "hacked" somehow, with SPAM being sent out to everyone on their list, as if coming from the unfortunate "hacked" party! The end result is what I call a "circle jerk" of spreading chaos by people opening E-Mails from known friends and colleagues. As far as I can tell, this "hack" is accomplished by opening up E-mails without ANY attachments! And it seems to be stemming from ATT Yahoo accounts ? The only known solution is to change your E-Mail Password after the fact! Today the hacker is sending out SPAM, but with the users Password in hand, what will he do with it tomorrow? Can something be done to prevent or avoid further attacks? Anti-Virus and Anti -Malware Programs can't seem to deal with this problem and the ISP is clueless!
	actions · 2012-Jun-16 5:35 pm ·
Krisnatharok PC Builder, Gamer Premium Member join:2009-02-11 Earth Orbit	Krisnatharok Premium Member 2012-Jun-16 6:20 pm What does AT&T have do to with this? Are you opening up your Yahoo mail from an AT&T phone? I think the culprit would be an infected app or you clicked on a link that downloaded malware to the phone. If this is on your desktop, I would head over to the PC Cleanup forum and follow the steps there to attempt to rid yourself of a PC keylogger.
	actions · 2012-Jun-16 6:20 pm ·
pcdebb birdbrain Premium Member join:2000-12-03 Brandon, FL	pcdebb to mattrixx Premium Member 2012-Jun-17 1:12 am to mattrixx the ISP is not clueless. you have to do more than just open an email, and an attachment is not needed. But the link within has the trigger to make the dirty deeds happen. Blame the person that is clicking the links, not AT&T or Yahoo
	actions · 2012-Jun-17 1:12 am ·
nwrickert Mod join:2004-09-04 Geneva, IL	nwrickert to mattrixx Mod 2012-Jun-17 8:13 am to mattrixx said by mattrixx: Everyone I know (including me) with these mail accounts have had their personal contact lists "hacked" somehow, with SPAM being sent out to everyone on their list, as if coming from the unfortunate "hacked" party! That has not happened to me. I agree with others - it is probably a link that was clicked in an email.
	actions · 2012-Jun-17 8:13 am ·
Whip5 join:2009-01-23 Califon, NJ 1 recommendation	Whip5 to mattrixx Member 2012-Jun-17 11:10 am to mattrixx It is a yahoo issue as my contacts were harvested through messenger which I never use anymore. I do not click links nor give out passwords. I found out someone was logging into my messenger while looking through 'account info' and then 'view your recent sign-in activity'. I had found IPs from countries like Vietnam, Thailand in there. They never ever went into the mail account.
	actions · 2012-Jun-17 11:10 am ·
mattrixx join:2004-02-18 Orland Park, IL	mattrixx to Krisnatharok Member 2012-Jun-17 1:34 pm to Krisnatharok NO phone, just desktop use. OK, I will follow your advice and visit the PC Cleanup Forum. BTW, I have run current updated AVG 2012 (Free), Malwarebytes, Super Anti-Spyware etc. and each has found nothing! So your saying in effect, changing one`s Password is not enough to resolve this E-Mail "hack" problem because of the possibility of a "PC keylogger" that`s still hidden somewhere on my system? And this is a result of just clicking on a link? Funny my ISP representative never said a word about anything other than changing the Password! Thanks for any further insight into this.
	actions · 2012-Jun-17 1:34 pm ·
Krisnatharok PC Builder, Gamer Premium Member join:2009-02-11 Earth Orbit	Krisnatharok to Whip5 Premium Member 2012-Jun-17 3:18 pm to Whip5 said by Whip5: It is a yahoo issue as my contacts were harvested through messenger which I never use anymore. I do not click links nor give out passwords. I found out someone was logging into my messenger while looking through 'account info' and then 'view your recent sign-in activity'. I had found IPs from countries like Vietnam, Thailand in there. They never ever went into the mail account. How do you know you weren't hacked? Why blame Yahoo that someone guessed/got your password?
	actions · 2012-Jun-17 3:18 pm ·
Whip5 join:2009-01-23 Califon, NJ	Whip5 Member 2012-Jun-17 6:52 pm said by Krisnatharok: said by Whip5: It is a yahoo issue as my contacts were harvested through messenger which I never use anymore. I do not click links nor give out passwords. I found out someone was logging into my messenger while looking through 'account info' and then 'view your recent sign-in activity'. I had found IPs from countries like Vietnam, Thailand in there. They never ever went into the mail account. How do you know you weren't hacked? Why blame Yahoo that someone guessed/got your password? How would they even know where to begin? It was alpha-numeric. I know I, personally, wasn't if that's what you are implying. I have been reading forums like this for years so I know not to just randomly click anything. Why does it always have to be user error and not vulnerabilities in the system? Are you saying that everyone that had their credit card info stolen in both of the fairly recent processor hacks are themselves responsible somehow?
	actions · 2012-Jun-17 6:52 pm ·
mattrixx join:2004-02-18 Orland Park, IL	mattrixx Member 2012-Jun-17 10:30 pm The desktop computer that I opened my questionable E-Mail link happens to be a dual boot system. I am fairly certain I opened this latest link while in Linux MINT Operating System. I have been using the newly released MINT13 Maya much more recently than Windows 7. Since a LINUX O.S. by it`s nature pretty much more secure and or ignored by hackers, I have a hard time believing I was hacked via conventional means. So either I was infected from a previous E-Mail link while in Win7, OR the problem is not emanating from from a compromised Windows, but more likely from an ATT/Yahoo issue?
	actions · 2012-Jun-17 10:30 pm ·
MGD MVM join:2002-07-31 2 recommendations	MGD to mattrixx MVM 2012-Jun-17 11:04 pm to mattrixx said by mattrixx: Not sure if this is the correct forum for my gripe, but what is going on with AT&T, Yahoo, SBC Global etc. E-Mail vulnerability? ..... ........ Can something be done to prevent or avoid further attacks? Anti-Virus and Anti -Malware Programs can't seem to deal with this problem and the ISP is clueless! This has been a recurring issue for some time. In the past there was a rash of victim accounts where everyone in their address book were spammed with links for Chinese knock off product's websites. The support forums for both Yahoo and Microsoft live/hotmail were flooded with complaints of compromised accounts. Several reports of compromised accounts came from knowledgeable users who used complex passwords unlikely to be compromised via brute force. I doubt that your PC has been compromised. If you use an email client, turn previewing off. When you log in to a webmail account, do so in a single web browser session, and make sure to log out as soon as you are finished reading and/or sending email. Do not stay logged in to your email account when browsing the web. Make sure that auto displaying/downloading of images from non trusted senders is off. The best strategy is to practice risk mitigation. There are still ongoing issues with accounts compromised via session cookie hijacking. There are numerous internet postings on on email session cookie stealing, e.g.: Reference: »cyberprotector.blogspot. ··· ing.html MGD
	actions · 2012-Jun-17 11:04 pm ·
shearer Northern Lights Premium Member join:2002-06-18 Asia	shearer to mattrixx Premium Member 2012-Jun-19 1:56 am to mattrixx said by mattrixx: Everyone I know (including me) with these mail accounts have had their personal contact lists "hacked" somehow, with SPAM being sent out to everyone on their list, as if coming from the unfortunate "hacked" party! My Yahoo account fell victim to this a few days ago. Caught me by surprise. My OS is clean, I practise "safe hex", etc.. Spam was in my "Sent Items" but originating IP is from another country. Yahoo login history only shows my own IP. I highly suspect session cookie hijacking -or- Yahoo smtp vulnerability as the culprit. These folks also appear to run into the same scenario here: »security.stackexchange.c ··· nd-spams »help.yahoo.com/communiti ··· ef3cb537
	actions · 2012-Jun-19 1:56 am ·
carpetshark3 Premium Member join:2004-02-12 Idledale, CO	carpetshark3 Premium Member 2012-Jun-19 7:41 am I deleted my contacts from Yahoo years ago. It was out of spite. Yahoo was bugging me about setting up chat. No one I know will get Yahoo spam from me. I think my address might have been used, but not to much purpose. I haven't seen any replies about spam from anyone who supposedly got it. I haven't got a public profile much to Yahoo's disgust, either. I have contacts sitting on the desktop where I can copy and paste. And the file isn't named "contacts," either.
	actions · 2012-Jun-19 7:41 am ·
DrStrange Technically feasible Premium Member join:2001-07-23 Bristol, CT	DrStrange to MGD Premium Member 2012-Jun-24 8:02 pm to MGD Thanks for the info on how this is happening. I'm going to explore the Yahoo Messenger angle as well [anyone know if MSN Messenger would do the same for Hotmail, or AIM for AOL?], the next time I have to troubleshoot this issue.
	actions · 2012-Jun-24 8:02 pm ·
NormanS I gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P	NormanS to Krisnatharok MVM 2012-Jul-4 1:30 am to Krisnatharok said by Krisnatharok: What does AT&T have do to with this? Are you opening up your Yahoo mail from an AT&T phone? AT&T contracts with Yahoo! to provide email services for AT&T users. Yahoo! mail with AT&T's legacy 'pacbell.net'. My old 'pacbell.net' accounts are still active, even after I quit using AT&T DSL service. They can be accessed via either IMAP, or the web, using any ISP.
	actions · 2012-Jul-4 1:30 am ·
DC DSL There's a reason I'm Command. Premium Member join:2000-07-30 Washington, DC Actiontec GT784WN	DC DSL to mattrixx Premium Member 2012-Jul-4 11:50 am to mattrixx I had wondered about this myself but never got a chance to post the query. Over the last month I have been receiving increasing amounts of spam from people I know who have (or had) Yahoo addresses and are addressed to their address book. It is a certainty that Yahoo was compromised and not just some malware infestation of client computers. I just received 6 messages this morning from an account I created solely for testing a specific development project 5 years ago that no one has used since (I am the only one who has the password and it was never kept online or emailed anywhere. On top of that, the password was part of a GUID which means it couldn't have been simply broken via dictionary or brute force.) I reported this to Yahoo and all I got was an autoresponder telling me how to report spam and how to identify scam emails, and to contact them if I have any questions. Replying to that addy just got another autoresponder telling me the same thing. Dollars to donuts they know they were hacked and are working on saving face before admitting it.
	actions · 2012-Jul-4 11:50 am ·
NormanS I gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P	NormanS MVM 2012-Jul-4 2:35 pm said by DC DSL: I reported this to Yahoo and all I got was an autoresponder telling me how to report spam and how to identify scam emails, and to contact them if I have any questions. Replying to that addy just got another autoresponder telling me the same thing. Dollars to donuts they know they were hacked and are working on saving face before admitting it. Based on the post about hijacking session cookies, I wonder if "hack" is the appropriate term? I have several Yahoo! accounts, from the first, signed up July 7, 1999 to the latest, signed up October 26, 2011. They cover a variety of domains, from the original 'yahoo.com', through the ISP domains ('pacbell.net'), to the "free for all" 'att.net'. None have been compromised. But I haven't clicked on any dubious links in email. I suppose it also helps that I sign out fully, which shortens the window of opportunity to hijack a session.
	actions · 2012-Jul-4 2:35 pm ·
DC DSL There's a reason I'm Command. Premium Member join:2000-07-30 Washington, DC Actiontec GT784WN 1 recommendation	DC DSL Premium Member 2012-Jul-4 2:47 pm said by NormanS: Based on the post about hijacking session cookies, I wonder if "hack" is the appropriate term? I have several Yahoo! accounts, from the first, signed up July 7, 1999 to the latest, signed up October 26, 2011. They cover a variety of domains, from the original 'yahoo.com', through the ISP domains ('pacbell.net'), to the "free for all" 'att.net'. None have been compromised. But I haven't clicked on any dubious links in email. I suppose it also helps that I sign out fully, which shortens the window of opportunity to hijack a session. No, it's a hack. The account of mine and, as far as I have been able to determine, the dormant accounts of friend had not been accessed in any way for years. The computers I used back then were decommissioned and nothing from them was ported forward. Also none of the people I know whose active Yahoo accounts are spewing were clickjacked or have malware infestations, don't have any Yahoo software, don't use mobile access. So, unless there's some new way of getting account credentials that aren't in any way available on a computer, or aren't being bandied about for unsecured wifi sniffing, this is inside-out access.
	actions · 2012-Jul-4 2:47 pm ·

NormanS I gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA	NormanS MVM 2012-Jul-4 3:10 pm If what you say is true, then it would appear that a Yahoo! employee has violated his trust. Which also isn't "hacking", per se.
	actions · 2012-Jul-4 3:10 pm ·
DC DSL There's a reason I'm Command. Premium Member join:2000-07-30 Washington, DC	DC DSL Premium Member 2012-Jul-4 4:00 pm I think a breach from outside is far more likely.
	actions · 2012-Jul-4 4:00 pm ·
NormanS I gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P	NormanS MVM 2012-Jul-5 1:35 am said by DC DSL: I think a breach from outside is far more likely. I would think that an "outside-in" breach would be pretty far-reaching, and affect more users than the handful who have reported this issue. .
	actions · 2012-Jul-5 1:35 am ·
DC DSL There's a reason I'm Command. Premium Member join:2000-07-30 Washington, DC	DC DSL Premium Member 2012-Jul-5 6:56 am Handful of reports here, perhaps. I'm getting spam from over 100 addresses.
	actions · 2012-Jul-5 6:56 am ·
NormanS I gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P	NormanS MVM 2012-Jul-5 12:46 pm said by DC DSL: Handful of reports here, perhaps. I'm getting spam from over 100 addresses. I have, maybe, thirty-six contacts with some variation of Yahoo! Mail addresses, including 'pacbell.net, 'sbcglobal.net', and the core 'yahoo.com' addresses. The only one who had an account hijacked lost her 'msn.com' account. In fact, I'd guess, based on reports I have seen, MSN has a larger problem than Yahoo!.
	actions · 2012-Jul-5 12:46 pm ·
DC DSL There's a reason I'm Command. Premium Member join:2000-07-30 Washington, DC	DC DSL Premium Member 2012-Jul-5 12:55 pm All core Yahoo. I haven't seen any actual msn/live/hotmail spam (originating from their server, not spoofed) for well over a year.
	actions · 2012-Jul-5 12:55 pm ·
NormanS I gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P	NormanS MVM 2012-Jul-5 1:05 pm I did have one of my 'yahoo.com' email addresses forged, once, a decade ago; nothing that was ever hijacked. The only accounts I've personally encountered that were hijacked were 'aol.com', and 'msn.com'. Neither were mine. All of the major web mail providers seem to be prone to this problem. I've had to play "CAPTCHA" with Yahoo! recently because I've moved residence about three times since last February; with the corresponding IP address changes. So their underlying security features seem to be functional.
	actions · 2012-Jul-5 1:05 pm ·
DC DSL There's a reason I'm Command. Premium Member join:2000-07-30 Washington, DC	DC DSL Premium Member 2012-Jul-5 1:15 pm These aren't spoofed. They are going out through Yahoo's servers.
	actions · 2012-Jul-5 1:15 pm ·
NormanS I gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P	NormanS MVM 2012-Jul-5 1:46 pm said by DC DSL: These aren't spoofed. They are going out through Yahoo's servers. Can you post example headers?
	actions · 2012-Jul-5 1:46 pm ·
DC DSL There's a reason I'm Command. Premium Member join:2000-07-30 Washington, DC	DC DSL Premium Member 2012-Jul-5 1:58 pm Why are you trying so hard to try and pin it on users and NOT a breach or other form of compromise?
	actions · 2012-Jul-5 1:58 pm ·
NormanS I gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA	NormanS MVM 2012-Jul-5 2:23 pm Because Yahoo! pays me $10,000,000 per month to do so? Or, possibly because I've seen no credible evidence of an "outside-in" breach. And I have seen many examples online, and two witnessed, of user error.
	actions · 2012-Jul-5 2:23 pm ·
DC DSL There's a reason I'm Command. Premium Member join:2000-07-30 Washington, DC Actiontec GT784WN	DC DSL Premium Member 2012-Jul-5 3:07 pm Are you a Yahoo employee or someone in an official capacity to do anything? If so, then PM me your information and I will verify it. Lose the attitude, regardless. As I said, I absolutely know for fact that there is NO POSSIBLE WAY the test address I created years ago could have had its credentials obtained in any manner other than someone getting their hands on the account data. It was never used for anything but testing a site I was developing and then never used again after that. The only contacts it had in the address book were some test addresses at the target domain and my domain; in fact, no one else ever knew it existed. The name, password, and answers to the security questions were from GUIDs that I generated so the chances that anyone guessed 1 of them, much less all, are so infinitesimally low they are nil. What makes clear that the information was obtained from inside is the address book: It contained every address I had entered into it, including ones I had deleted. According to RIPE, the originating IP appears to be an Android mobile browser in Israel. All of the IPs between it and my mail server check out as valid Yahoo addresses.
	actions · 2012-Jul-5 3:07 pm ·
NormanS I gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P	NormanS MVM 2012-Jul-5 8:43 pm I wanted to see at least this line: Received: from akari.aosake.net (Y!_User@108.219.37.227 with login) by smtp203.mail.ne1.yahoo.com with SMTP; 01 May 2012 08:55:09 -0700 PDT But to get access to the contact list would require logging in at 'mailo.yahoo.com'. And to get the the user login data from where ever Yahoo! stores it would be gold mine to the hacker; and should result in such a flood of exploits it would be top-of-the-page news on many sites, besides this one. Again, Hotmail has been more severely exploited than Yahoo!.
	actions · 2012-Jul-5 8:43 pm ·

Forums → Software and Operating Systems → Scam and Phishbusters	« [Scam] Scam: Exchange site • Relative in trouble scam »
page: 1 · 2 · next