Spam - a lot can be stopped from coming in, but what about going out? (email, gmail) - - City-Data Forum

mawipafl · 12-29-2011, 08:32 AM

More and more I'm seeing that my friends' email accounts are being somehow compromised so that their contacts' addresses are grabbed and spam is sent out.

First, I don't really understand what is happening (how it's happening). Does the criminal (that's what I call them) come in and steal the addresses and then uses them to email junk from his/her own address but makes it look like the spam is coming from my friend when it really isn't? OR has the criminal taken over my friend's email account and is truly sending out the spam from my friend?

My daughter has a very old AOL email address that she has literally not used in years. She did use it a lot up until probably 2007, but hasn't touched it since. The inbox became quite full of crap, but we never bothered with it - just left the 3,000+ emails sitting there. However, about 2 weeks ago we started receiving junk from that old address. Further discovery was that everyone in that old address book got crap, too.

I went in and deleted all the emails (didn't open any - just deleted them) and deleted all her contacts except my email address plus a bogus one. Sure enough last week more crap was sent out to me and of course the bogus address bounced back with a mailer daemon.

We have five other AOL email accounts (my daughter's is not the primary) and they are fine - not compromised. Can anyone explain to me what is happening so that I can figure out how to stop it? I do realize that closing the email account would stop it, but closing it is not an option (long story).

ChiGuy2.5 · 12-29-2011, 08:49 AM

I had this happen to my account last week. I went through all of the steps necessary to protect it from getting taken over again.

1. Change the password on the account. Make it STRONG! (at least 12 chars, letters and digits)
2. Immediately after change any security questions and answers to those security questions.
3. If you have an alternative email linked to that account be sure to deactivate it and link up a different email address.
4. Make sure you have any email forwarding turned OFF.

This will ensure that nobody can access your account again. Unless of course your computer is bugged, in which case they could get in again if something is wrong with your comp. I would suggest you update your anti virus and run a round of malwarebytes. Its a free program for download.

The sole purpose of this is basically to spread their malware/virus/whatever to others computers through the use of your daughters email reputation. A lot of average users know not to open up strange attachments, but when it comes from a reputable person like your daughters email, they think its okay.

mawipafl · 12-29-2011, 10:35 AM

One of the first things I did was run full scans with Avast and Malwarebytes - neither found anything.

I just changed the password and security question, so fingers crossed the problem is solved. Thank you ChiGuy2.5.

I'm not a programmer, so I don't know why someone hasn't written some sort of 'reverse' program to only allow mail to be sent when the account owner gives specific permission for outgoing mail. I haven't yet figured out the logic to how it would work, but I know there must be a way to write something such as an alert that pops up in the tray whenever email is sent. That way a person who isn't writing emails and not in the 'send' process would know a criminal was invading.

Peregrine · 01-03-2012, 08:12 AM

Quote:

Originally Posted by mawipafl

I'm not a programmer, so I don't know why someone hasn't written some sort of 'reverse' program to only allow mail to be sent when the account owner gives specific permission for outgoing mail. I haven't yet figured out the logic to how it would work, but I know there must be a way to write something such as an alert that pops up in the tray whenever email is sent. That way a person who isn't writing emails and not in the 'send' process would know a criminal was invading.

With the advent and proliferation of webmail, this would be near impossible. Since the email and email client do not reside on your computer anymore, if the account has been hacked then the hacker could just APPROVE the emails to be sent...

mawipafl · 01-04-2012, 06:11 AM

Quote:

Originally Posted by Peregrine

With the advent and proliferation of webmail, this would be near impossible. Since the email and email client do not reside on your computer anymore, if the account has been hacked then the hacker could just APPROVE the emails to be sent...

I agree that it's difficult, but I think it's possible. But it would mean not everyone would have this "butler" who's given the permission to take one's piece of mail and deliver it to the post office.

It would have to be instituted by an email service provider, such as AOL for example, and written into the programming. Certainly a hacker could eventually get in and 'approve' the email to be sent, but it would at least add another layer for them to hack through.

Actually it would behoove email providers to try and come up with something. Yahoo, hotmail, msn, gmail, aol, etc. -- all of them are in constant competition to grab and/or hold onto customers, and the first to come up with a "butler" would certainly become a better competitor.