My computer or e-mail account has sent out a e-mail to my entire database without me knowing. It is advertising viagra.Obviously very embarrasing.My e-mail provider has suggested that my e-mail account has been hacked into, so has changed the password.I was worried it was a virus, but I have run MCAFEE and no virus comes up.Has anyone heard of this happening before and is it likely to be what my e-mail provider said as opposed to a virus.
cheers
0
Comments
If its on your email its likely to be a phishing thing from your emaila ccount rather than on your actual computer. Hopefully nobody the email went to would have been stupid enough to have clicked on the link...
Leroy is your man for more details.
pain in the arse. Do you use the same login details for another website? i would suggest changing your password mate. I think people can gain all your contacts and change the FROM address to match your email address, so it looks like its come from you.
I might be completely wrong
Many times the hackers simply run a programme that goes through the dictionary and tries every word and then adds common numbers to see if any match. Unlike things like telephones it wont lock out after so many unsuccessful tries.
Therefore change your password so that it contains capitals and numbers and if you can remember it, a word that will not appear in a common dictionary.
Should have known it was a con when the endorsement said
"Mr Northstand of Orpington said 'this stuff was so good it even put a smile on my face' "
Hacking Methods
There are many ways an account can be compromised/hacked. A few (but by no means all) of the common ones follow some what in order of frequency used:
Phishing
* Requesting (often with threats of closing an account) a user to provide login/password information by return e-mail or by redirecting to a web-site that masks itself as legitimate.
* Never respond to an e-mail that requests your login:password. Never follow a link that doesn't go to to a known url (for example: http:\\gmail.google.com\ is NOT the same as http:\\gmail.google.com.junk.ru\). Be aware that the url printed in the message may not be where the link actually goes so verify before you click.
- Phishing: http://mail.google.com/support/bin/answer.py?hl=en&answer=8253
- Reporting: https://mail.google.com/support/bin/answer.py?hl=en&answer=29381
- Scams: http://mail.google.com/support/bin/answer.py?hl=en&answer=29380
Common password usage
* Using the same password for multiple accounts so if someone breaks into one (like Facebook) they can get into others. Getting access to an e-mail account can often lead them to Paypal, Ebay, YouTube and many other accounts.
* Make sure you use a unique password for every site where you have an account. Especially critical for financial sites, or sites with links to other accounts (like social networking or e-mail sites).
- Changing passwords: http://mail.google.com/support/bin/answer.py?hl=en&answer=6567
- Selecting passwords: http://mail.google.com/support/bin/answer.py?hl=en&answer=29409
Linked accounts
* Related to the above in that one account has information leading to other accounts. If they gain access then they know about the other accounts too. This is hard to protect against when a forum or social networking site requires an e-mail address (if they break into the one site, look at your settings, they know your e-mail address too).
* Do not store login:password information in an e-mail account where it can be accessed should the account be compromised. Also consider a "junk" e-mail address for all forum/web-site registrations so it does not lead back to your primary account.
Failing to log out
* Failing to close your account on a computer that others have access to (like at work, school, or library) so that anyone else can access your account.
* Always close your account when you walk away from your computer (even at home for some people).
- Sign out: http://mail.google.com/support/bin/answer.py?hl=en&answer=8154
Browser auto-fill enabled
* Like the above, having the browser configured to enter your login/password automatically so anyone using the computer can gain access to your account.
* Never use the browser's auto-fill capabilities unless you're on a 100% private, secure, and trusted computer.
- Clear saved data: http://mail.google.com/support/bin/answer.py?hl=en&answer=12095
Keylogger
* Any computer accessible by others can have a keylogger installed which will capture your login/password for any site you visit.
* Never log into your account on a public computer (like at a library) and be very cautious using any computer that others have access to (like at work or school).
Trojan/Virus/Malware
* While not strictly used to steal an account, could do damage to your account or use it to send spam while you're logged in.
* Always keep virus scanners enabled, and using up-to-date definition files. Regular use of malware type scanners is good too.
- Virus protection: http://mail.google.com/support/bin/answer.py?hl=en&answer=8493
- Anti-virus scanning: http://mail.google.com/support/bin/answer.py?hl=en&answer=25760
Password guessing
* A brute-force method of guessing someone's password, made easier if they know you in real-life, especially if you use a weak password (like a kid's or spouse's name).
* Follow standard password generation safeguards: no common words or proper names, no patterns (1234 or qwerty), use mixed case and include numbers or punctuation, etc.
- Strong passwords: http://mail.google.com/support/bin/answer.py?hl=en&answer=29409
Server attack
* When someone compromises a company's server gaining access to account or private information for a large number of users. This is typically seen in large identity-theft cases.
* Nothing you can really do about this except deal with only reputable companies with good privacy policies.
Network packet capture
* Using software or hardware on wireless or free hot-spot networks to capture information.. Pretty rare, but still possible for non-encrypted networks.
* Very little you can do about this except avoid using any unsecured wireless networks.
http://www.google.co.uk/support/forum/p/gmail/thread?tid=560d53dee40be5e6&hl=en
Doesn't your own website give you your own domain emails...?
Sent them all another email apologising and changed my password on hotmail and no problems since so wouldn't get yourself too worried.
First up, are you sure it was your account that was used? If you send mail to all the contacts in your mail program at once (rather than BCCing everyone in), it's just as likely that one of their mail accounts has been compromised, and the mass-mail worm they've been infected with is just spoofing your address. The best way of checking this is to have a good think about the password you used for your email account. If it's a simple dictionary word or name, maybe with a number chucked at the end, then there's a decent chance it was indeed your mail account that was compromised. If you already used a reasonably strong password, then it probably wasn't you.
Secondly, ignore anything your ISP tells you. This is especially true if it's AOL (they are absolute dogs*it). The only advice they will ever give you is 'change your password' - which won't do shit if your machine is compromised.
What you should do (as well as changing your password to something spitefully long and containing special characters (e.g. £$%@!# etc) is run an anti-malware scanner. AV scanners are pants at picking up malware, so head over to this link and click the 'DoWnload Now' button in the top right corner. Download it, run the install and let it update, then run a system scan on it (choose the 'Quick Scan' option as that will fix most things). When the scan's finished (can take anywhere up to 35-45 minutes), if it finds anything it will tell you and ask you whether you want to 'fix selected'. Do that and reboot, and you should be free of anything that's taken root.
Thank much appreciated
What was the password ? Smileysteve
Fiiiiish
Now, if there's any reward I'd like a stayhard weekend special, with the anti-chafing agent please Steve.
Don't listen to the naysayers. McAfee is fine as an Anti-Virus client. Where it falls down is on malware - the detection engine it uses for malware protection is dreadful. AVG is no better overall than McAfee - though, of course, it is free. It's Norton that's utterly dreadful. Any product that is made by Symantec is horrendously bloated, impossible to remove and ridiculously resource-hungry (just like the shit it's supposed to remove, in fact!)
I run McAfee at home, but I use the corporate 'Enterprise' client, rather than the home one because I run my own domain with about thirty servers, workstations and laptops. I manage everything via a server set up specifically to run McAfee's EPO software. You don't need all that, of course, but if you can get hold of McAfee 8.5 or 8.7 (depending on what operating system you're running) I'd advise you to use that instead of the 'home user' version - which comes bundled with a load of old crap you can't turn off properly.