Ohio Chatter
Ohio Chatter

Forums

All Threads Serious Business Sports Politics Archive Pick 'ems Wordio
Log In Create Account

Help? My e-mail account has been Hi-jacked...

Home Archive Serious Business Help? My e-mail account has been Hi-jacked...
ytownfootball's avatar

ytownfootball

Bold faced liar...

6,978 posts
Feb 18, 2011 10:31 AM
First time anything like this has happened to me, my primary use e-mail account has been used by someone other than myself for the purpose of spamming. The only way I know is that I got an e-mail from myself to myself, that went to my primary address and not the spam folder. It appears to have sent the same e-mails to those listed in my contacts as a way around ending up in the spam folder. I don't keep a lot of contacts listed just in case something like this were to happen but I don't like the fact that someone is sending e-mails for viagra and time shares in my name...

It's a yahoo account, do I need to contact them or what? Any help appreciated.
Feb 18, 2011 10:31am
T

thavoice

Senior Member

14,376 posts
Feb 18, 2011 10:40 AM
Could be a virus. Can you just just change your password?
Feb 18, 2011 10:40am
Bigred1995's avatar

Bigred1995

Ohio Chatter - CFO

1,042 posts
Feb 18, 2011 10:42 AM
Change your password!
Feb 18, 2011 10:42am
FatHobbit's avatar

FatHobbit

Senior Member

8,651 posts
Feb 18, 2011 10:42 AM
Email is not verified, so just because someone sends an email with your address does not mean they actually have access to your account, but I would change your password just to be safe.
Feb 18, 2011 10:42am
justincredible's avatar

justincredible

Nick Mangold

32,056 posts
Feb 18, 2011 10:44 AM
Not sure what to do about it now that it has already happened. You can probably contact yahoo and let them know. They should have logs of what IP addresses have logged in to your account. More than likely it was some hacker in another country.

Best way to prevent this in the future is to use a password that isn't easy to hack. Use uppercase, lowercase, numbers and special characters (i.e. !@#$). Don't use words that can be found in the dictionary.
Feb 18, 2011 10:44am
september63's avatar

september63

Senior Member

5,789 posts
Feb 18, 2011 10:47 AM
Example: Dont use raghead or towelhead as ur password?
Feb 18, 2011 10:47am
ytownfootball's avatar

ytownfootball

Bold faced liar...

6,978 posts
Feb 18, 2011 10:54 AM
Lol...well I changed the password, thing is it wasn't real easy to think of anyway. It happened once, I thought no big deal, just happened again this morning and thought I'd better do something. See what happens now...
Feb 18, 2011 10:54am
justincredible's avatar

justincredible

Nick Mangold

32,056 posts
Feb 18, 2011 10:57 AM
september63;682849 wrote:Example: Dont use raghead or towelhead as ur password?

lol, correct.

Easiest way to come up with a secure password. Think of a phrase, something like "Ohio Chatter is a minor league website compared to JJ Huddle." Take the first letter of each word and you've got "OCiamlwctJH". Now swap out some letters for numbers, like 0 for O, 1 for l. 0Ciam1wctJH. Add a special character at the beginning and the end for good measure. #0Ciam1wctJH&.

And now you've all got my password. Shit.
Feb 18, 2011 10:57am
LJ's avatar

LJ

Senior Member

16,351 posts
Feb 18, 2011 11:05 AM
I use I<3Justin
Feb 18, 2011 11:05am
LJ's avatar

LJ

Senior Member

16,351 posts
Feb 18, 2011 11:06 AM
Mantooth's password is "I<3(_(_)===D"
Feb 18, 2011 11:06am
O-Trap's avatar

O-Trap

Chief Shenanigans Officer

14,994 posts
Feb 18, 2011 11:09 AM
It's actually possible that the spammer didn't access your account.

It's possible that, either through a harvester or a dictionary email pinger, he acquired your address. At that point, he probably just spoofed the headers of the emails to make them look like they're from you, even though they actually aren't.

I'm not kidding. This shit is possible. In the above process, he violates at least three elements of the CAN-SPAM Act (mailing a list acquired through the use of a bot, spoofing the headers, and sending email with a deceptive "from" address) ... four if he used botnets to send the mail.
Feb 18, 2011 11:09am
Bigred1995's avatar

Bigred1995

Ohio Chatter - CFO

1,042 posts
Feb 18, 2011 11:12 AM
O-Trap;682868 wrote:It's actually possible that the spammer didn't access your account.

It's possible that, either through a harvester or a dictionary email pinger, he acquired your address. At that point, he probably just spoofed the headers of the emails to make them look like they're from you, even though they actually aren't.

I'm not kidding. This shit is possible. In the above process, he violates at least three elements of the CAN-SPAM Act (mailing a list acquired through the use of a bot, spoofing the headers, and sending email with a deceptive "from" address) ... four if he used botnets to send the mail.

Crap! When was that Act enacted? I know when I was in college I did that several times as a joke!
Feb 18, 2011 11:12am
O-Trap's avatar

O-Trap

Chief Shenanigans Officer

14,994 posts
Feb 18, 2011 11:18 AM
Bigred1995;682873 wrote:Crap! When was that Act enacted? I know when I was in college I did that several times as a joke!

I need to clarify, the CAN-SPAM (short for "Controlling the Assault of Non-Solicited Pornography And Marketing) Act was enacted in 2003, updated as recently as 2008, but typically only applies to emails sent in "bulk."

Bulk email can be a variety of things:
- Email Newsletters
- Announcements
- Marketing
- Fundraising
- Volunteer Recruitment
- more

Essentially, it's any email that is a single message sent out to a "bulk" number of email addresses. Oddly enough, the Fed never got around to defining how many constitutes "bulk," but you'll have that.

To be fair, I do think that you can still get in trouble doing what you did in single emails. I used to do it too.
Feb 18, 2011 11:18am
ytownfootball's avatar

ytownfootball

Bold faced liar...

6,978 posts
Feb 18, 2011 11:20 AM
O-Trap;682868 wrote:It's actually possible that the spammer didn't access your account.

It's possible that, either through a harvester or a dictionary email pinger, he acquired your address. At that point, he probably just spoofed the headers of the emails to make them look like they're from you, even though they actually aren't.

I'm not kidding. This shit is possible. In the above process, he violates at least three elements of the CAN-SPAM Act (mailing a list acquired through the use of a bot, spoofing the headers, and sending email with a deceptive "from" address) ... four if he used botnets to send the mail.

I believe they got in somewhere due to the fact that my name was used specifically as the recipient. Nowhere does my name appear in the e-mail address. It may have been some random form filled out in the past but I'm pretty careful not to include any info unless it's on a secure site. I know that doesn't mean it can't happen but it's the least you can do as far as protecting yourself.
Feb 18, 2011 11:20am
O-Trap's avatar

O-Trap

Chief Shenanigans Officer

14,994 posts
Feb 18, 2011 11:23 AM
ytownfootball;682882 wrote:I believe they got in somewhere due to the fact that my name was used specifically as the recipient. Nowhere does my name appear in the e-mail address. It may have been some random form filled out in the past but I'm pretty careful not to include any info unless it's on a secure site. I know that doesn't mean it can't happen but it's the least you can do as far as protecting yourself.

Yeah, "secure" doesn't mean it won't get stolen or sold once those people have it. I've done email marketing in the past, and though we never bought email lists, there were people from time to time that were weirded out that we had their name ... even though they (or I suppose someone they know trying to play a prank?) filled out a form and gave it to us.
Feb 18, 2011 11:23am
se-alum's avatar

se-alum

The Biggest Boss

13,948 posts
Feb 18, 2011 11:24 AM
I used to enjoy hacking into my friends email accts w/ dictionary hacking software. It is so easy, and some people still refuse to use the "strong password" format.
Feb 18, 2011 11:24am
O-Trap's avatar

O-Trap

Chief Shenanigans Officer

14,994 posts
Feb 18, 2011 11:31 AM
se-alum;682886 wrote:I used to enjoy hacking into my friends email accts w/ dictionary hacking software. It is so easy, and some people still refuse to use the "strong password" format.

What'd you use? Adam And Eve? Brutus?
Feb 18, 2011 11:31am
McFly1955's avatar

McFly1955

Senior Member

1,441 posts
Feb 18, 2011 11:58 AM
O-Trap;682868 wrote:It's actually possible that the spammer didn't access your account.

It's possible that, either through a harvester or a dictionary email pinger, he acquired your address. At that point, he probably just spoofed the headers of the emails to make them look like they're from you, even though they actually aren't.
This.

Happened in my little e-mail circle a few weeks ago, and after some research, I concluded that my password/account weren't actually hacked, but I changed my password to be safe.
Feb 18, 2011 11:58am
Bigred1995's avatar

Bigred1995

Ohio Chatter - CFO

1,042 posts
Feb 18, 2011 12:15 PM
O-Trap;682879 wrote:I need to clarify, the CAN-SPAM (short for "Controlling the Assault of Non-Solicited Pornography And Marketing) Act was enacted in 2003, updated as recently as 2008, but typically only applies to emails sent in "bulk."

Bulk email can be a variety of things:
- Email Newsletters
- Announcements
- Marketing
- Fundraising
- Volunteer Recruitment
- more

Essentially, it's any email that is a single message sent out to a "bulk" number of email addresses. Oddly enough, the Fed never got around to defining how many constitutes "bulk," but you'll have that.

To be fair, I do think that you can still get in trouble doing what you did in single emails. I used to do it too.
Well I attended college from 95 - 99 so I'm good! LOL
Feb 18, 2011 12:15pm
O-Trap's avatar

O-Trap

Chief Shenanigans Officer

14,994 posts
Feb 18, 2011 12:33 PM
Bigred1995;682960 wrote:Well I attended college from 95 - 99 so I'm good! LOL

That was pre-spam, pre-spam folder, pre-rules. A lot of unsavory characters made a LOT of money at that time spamming. There was no junk folder, and people weren't numb to soliciting emails.
Feb 18, 2011 12:33pm
se-alum's avatar

se-alum

The Biggest Boss

13,948 posts
Feb 18, 2011 2:26 PM
O-Trap;682897 wrote:What'd you use? Adam And Eve? Brutus?
Honestly, I don't remember the name of it. Our Network Security instructor gave us some low-level hacking software just so we would understand how it works. It was a very basic program.
Feb 18, 2011 2:26pm
O-Trap's avatar

O-Trap

Chief Shenanigans Officer

14,994 posts
Feb 18, 2011 2:27 PM
McFly1955;682940 wrote:This.

Happened in my little e-mail circle a few weeks ago, and after some research, I concluded that my password/account weren't actually hacked, but I changed my password to be safe.

Yep. I get emails from me, to me, all the time. Just part of being on the innernetz.
Feb 18, 2011 2:27pm
O-Trap's avatar

O-Trap

Chief Shenanigans Officer

14,994 posts
Feb 18, 2011 2:30 PM
se-alum;683146 wrote:Honestly, I don't remember the name of it. Our Network Security instructor gave us some low-level hacking software just so we would understand how it works. It was a very basic program.

Probably Brutus, then. Not aesthetic, and very basic, but as a result ... FASTEST brute force software I've ever used (used to hack friends' Facebook accounts, post some crazy update, and make some mention of them forgetting to log out to cover my ass :D).

Keyloggers were also effective, not only for passwords, but for finding out what people do on their computers. :D

RATs are crazy, but they can work even more effectively. Harder to detect as well, since they're often used by IT professionals to access a desktop remotely.
Feb 18, 2011 2:30pm