dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
422
share rss forum feed

Tig

join:2006-06-29
Carrying Place, ON
Reviews:
·voip.ms

Spam sent from my account

In my yahoo account, I was cc'd on spam that seemed to come from me. I did not verify this, the other recipients were familiar, but unused in the past four years, so I figured it was one of them. I deleted it via a logged in android app.
My son then contacted me to say that my account spammed him.
I could not start a new login at yahoo, but I was able to recover my account via an alternate email addr and update the ow, recovery settings/questions etc. It looked like my recovery questions had been changed a couple weeks ago.
After I purged my address book of all but the bare essentials I looked in my sent folder. I do not see the spam going out. In my trash I have the note I deleted.
I next updated my gmail account, where I found a suspicious activity notice about an ip address from Mexico.
What's going on?

TheMG
Premium
join:2007-09-04
Canada
kudos:3
Reviews:
·NorthWest Tel
Possibly a keylogger on one of the machines/devices that you used to log in to those accounts.

Either that, or you've used the same password across multiple sites, and one of those accounts have become compromised, giving them access to all your accounts that use the same password.

Or just weak passwords to begin with.

Tig

join:2006-06-29
Carrying Place, ON
Reviews:
·voip.ms

1 edit
Thanks for your thoughts.
Unique password of decent strength involved.
Only one account that seems to have been compromised.
Virus/malware scans up to date.
Not overly confident about my android security.
It just seemed odd that I have no trace of these notes being sent.


dib22

join:2002-01-27
Kansas City, MO

1 recommendation

reply to Tig
You would need to have someone forward the message to you WITH HEADERS INTACT (forward as an attachment usually does this)... then you could see if it originated at your machine, or someone simply used your email address as the return address.

Internet email standards do not verify the from address, you can make an email look like it's from anyone... if you look at the headers you can find the originating ip address.

Tig

join:2006-06-29
Carrying Place, ON
Reviews:
·voip.ms

1 recommendation

Ok, now I see, thanks. Funny I always look at the spam I get to see where it comes from, but it did not occur to look at this.
The origin is the Ukraine. It was sent via a yahoo smtp server in Ireland.
Seems they have my address book and have sent notes via another account.
That explains why I don't see the outgoing notes from my account.
Now to figure out how I let this happen......

Tig

join:2006-06-29
Carrying Place, ON
Reviews:
·voip.ms

1 recommendation

Upon closer review they are not using my address book. They are just spoofing my account. They are using addresses that seem to be related to a club my son and I used to belong to. Some of the addresses I cannot identify.
Seems I over reacted.
Still over reacting and scanning everything.


dib22

join:2002-01-27
Kansas City, MO
said by Tig:

Seems I over reacted.
Still over reacting and scanning everything.

Better safe than sorry