Attention: Please take a moment to consider our terms and conditions before posting.

HELP HELP HELP

My computer or e-mail account has sent out a e-mail to my entire database without me knowing. It is advertising viagra.Obviously very embarrasing.My e-mail provider has suggested that my e-mail account has been hacked into, so has changed the password.I was worried it was a virus, but I have run MCAFEE and no virus comes up.Has anyone heard of this happening before and is it likely to be what my e-mail provider said as opposed to a virus.

cheers
«1

Comments

  • Yes mate it happens to our coke emails alot costs us a fortune in virus protection
  • I got that email...

    If its on your email its likely to be a phishing thing from your emaila ccount rather than on your actual computer. Hopefully nobody the email went to would have been stupid enough to have clicked on the link...

    Leroy is your man for more details.
  • so is it likely to just be a hacker as opposed to a virus and now my password has been changed rectified ?
  • i would ask our IT but seeing as its friday and gone midday i wouldnt get ananswer till tuesday ;-(
  • edited July 2010
    Yeah get the same thing with my Hotmail account. sends all the people in my address book an email from me, including me!
    pain in the arse. Do you use the same login details for another website? i would suggest changing your password mate. I think people can gain all your contacts and change the FROM address to match your email address, so it looks like its come from you.

    I might be completely wrong
  • password has now been changed, just worried about the virus scenario
  • This happened to me.

    Many times the hackers simply run a programme that goes through the dictionary and tries every word and then adds common numbers to see if any match. Unlike things like telephones it wont lock out after so many unsuccessful tries.

    Therefore change your password so that it contains capitals and numbers and if you can remember it, a word that will not appear in a common dictionary.
  • I thought £5 for 1,000 tablets was too good to be true.

    Should have known it was a con when the endorsement said

    "Mr Northstand of Orpington said 'this stuff was so good it even put a smile on my face' "
  • any computer people help me out please
  • Sponsored links:


  • Cut and Pasted from a Google mail support forum so may not be entirely relevant but many of the principles are the same:

    Hacking Methods
    There are many ways an account can be compromised/hacked. A few (but by no means all) of the common ones follow some what in order of frequency used:

    Phishing
    * Requesting (often with threats of closing an account) a user to provide login/password information by return e-mail or by redirecting to a web-site that masks itself as legitimate.
    * Never respond to an e-mail that requests your login:password. Never follow a link that doesn't go to to a known url (for example: http:\\gmail.google.com\ is NOT the same as http:\\gmail.google.com.junk.ru\). Be aware that the url printed in the message may not be where the link actually goes so verify before you click.
    - Phishing: http://mail.google.com/support/bin/answer.py?hl=en&answer=8253
    - Reporting: https://mail.google.com/support/bin/answer.py?hl=en&answer=29381
    - Scams: http://mail.google.com/support/bin/answer.py?hl=en&answer=29380
    Common password usage
    * Using the same password for multiple accounts so if someone breaks into one (like Facebook) they can get into others. Getting access to an e-mail account can often lead them to Paypal, Ebay, YouTube and many other accounts.
    * Make sure you use a unique password for every site where you have an account. Especially critical for financial sites, or sites with links to other accounts (like social networking or e-mail sites).
    - Changing passwords: http://mail.google.com/support/bin/answer.py?hl=en&answer=6567
    - Selecting passwords: http://mail.google.com/support/bin/answer.py?hl=en&answer=29409
    Linked accounts
    * Related to the above in that one account has information leading to other accounts. If they gain access then they know about the other accounts too. This is hard to protect against when a forum or social networking site requires an e-mail address (if they break into the one site, look at your settings, they know your e-mail address too).
    * Do not store login:password information in an e-mail account where it can be accessed should the account be compromised. Also consider a "junk" e-mail address for all forum/web-site registrations so it does not lead back to your primary account.
    Failing to log out
    * Failing to close your account on a computer that others have access to (like at work, school, or library) so that anyone else can access your account.
    * Always close your account when you walk away from your computer (even at home for some people).
    - Sign out: http://mail.google.com/support/bin/answer.py?hl=en&answer=8154
    Browser auto-fill enabled
    * Like the above, having the browser configured to enter your login/password automatically so anyone using the computer can gain access to your account.
    * Never use the browser's auto-fill capabilities unless you're on a 100% private, secure, and trusted computer.
    - Clear saved data: http://mail.google.com/support/bin/answer.py?hl=en&answer=12095
    Keylogger
    * Any computer accessible by others can have a keylogger installed which will capture your login/password for any site you visit.
    * Never log into your account on a public computer (like at a library) and be very cautious using any computer that others have access to (like at work or school).
    Trojan/Virus/Malware
    * While not strictly used to steal an account, could do damage to your account or use it to send spam while you're logged in.
    * Always keep virus scanners enabled, and using up-to-date definition files. Regular use of malware type scanners is good too.
    - Virus protection: http://mail.google.com/support/bin/answer.py?hl=en&answer=8493
    - Anti-virus scanning: http://mail.google.com/support/bin/answer.py?hl=en&answer=25760
    Password guessing
    * A brute-force method of guessing someone's password, made easier if they know you in real-life, especially if you use a weak password (like a kid's or spouse's name).
    * Follow standard password generation safeguards: no common words or proper names, no patterns (1234 or qwerty), use mixed case and include numbers or punctuation, etc.
    - Strong passwords: http://mail.google.com/support/bin/answer.py?hl=en&answer=29409
    Server attack
    * When someone compromises a company's server gaining access to account or private information for a large number of users. This is typically seen in large identity-theft cases.
    * Nothing you can really do about this except deal with only reputable companies with good privacy policies.
    Network packet capture
    * Using software or hardware on wireless or free hot-spot networks to capture information.. Pretty rare, but still possible for non-encrypted networks.
    * Very little you can do about this except avoid using any unsecured wireless networks.


    http://www.google.co.uk/support/forum/p/gmail/thread?tid=560d53dee40be5e6&hl=en
  • Stop using AOL email for your business needs, it's the most hacked web based email in the world....

    Doesn't your own website give you your own domain emails...?
  • Same thing happened to me a while back, including to my boss. All very cringeworthy as, bizarrely, one or two actually thought I'd taken the trouble to send them details of this great offer :-O

    Sent them all another email apologising and changed my password on hotmail and no problems since so wouldn't get yourself too worried.
  • cheers mate
  • How many Viagra have you got ? I'll ask around for takers if you like ;0)
  • NSS whispered, but since the answers I give might be helpful to others, I thought it best to make this a public response.

    First up, are you sure it was your account that was used? If you send mail to all the contacts in your mail program at once (rather than BCCing everyone in), it's just as likely that one of their mail accounts has been compromised, and the mass-mail worm they've been infected with is just spoofing your address. The best way of checking this is to have a good think about the password you used for your email account. If it's a simple dictionary word or name, maybe with a number chucked at the end, then there's a decent chance it was indeed your mail account that was compromised. If you already used a reasonably strong password, then it probably wasn't you.

    Secondly, ignore anything your ISP tells you. This is especially true if it's AOL (they are absolute dogs*it). The only advice they will ever give you is 'change your password' - which won't do shit if your machine is compromised.

    What you should do (as well as changing your password to something spitefully long and containing special characters (e.g. £$%@!# etc) is run an anti-malware scanner. AV scanners are pants at picking up malware, so head over to this link and click the 'DoWnload Now' button in the top right corner. Download it, run the install and let it update, then run a system scan on it (choose the 'Quick Scan' option as that will fix most things). When the scan's finished (can take anywhere up to 35-45 minutes), if it finds anything it will tell you and ask you whether you want to 'fix selected'. Do that and reboot, and you should be free of anything that's taken root.
  • cheers Leroy my password was pretty piss poor when I think about it, i'll run the anti-malware scanner tomorrow.

    Thank much appreciated
  • [cite]Posted By: northstandsteve[/cite]cheers Leroy my password was pretty piss poor when I think about it, i'll run the anti-malware scanner tomorrow.

    Thank much appreciated

    What was the password ? Smileysteve
  • Mclown
  • [cite]Posted By: uncle[/cite]
    [cite]Posted By: northstandsteve[/cite]cheers Leroy my password was pretty piss poor when I think about it, i'll run the anti-malware scanner tomorrow.

    Thank much appreciated

    What was the password ? Smileysteve

    Fiiiiish
  • Sponsored links:


  • As Leroy says, I don't think anyone has your password or have hacked your account. They've read your address book (as many applications can do e.g. Facebook/Myspace can run little apps to check if any of your friends are on their platform). The mail then goes out from them to your address book, but the email it's from is spoofed to look like yours. I'm completely non technical but I think that's what going on.

    Now, if there's any reward I'd like a stayhard weekend special, with the anti-chafing agent please Steve.
  • "Steve"
  • Oh and my two penneth: remove McAfee. Absolute dogshit. Made my computer run slow and - as soon as I got sick of it and switched to the (free) AVG product, it found a bunch of nasties that McAfee had been merrily overlooking.
  • [cite]Posted By: Henry Irving[/cite]I thought £5 for 1,000 tablets was too good to be true.

    Should have known it was a con when the endorsement said

    "Mr Northstand of Orpington said 'this stuff was so good it even put a smile on my face' "
    Genuine LOL
  • I run it Leroy and it didn't find anything ?
  • Then you're (probably) clear Steve. You could have been rootkitted, but it's not likely.Provided your AntiVirus .dat file is up to date, and updating automatically (you can check this by opening McAfee and checking the date on it) you should be OK. Always use a reasonably strong password (it doesn't have to be ridiculous - just chucking a non alphanumeric character in there and making it ten characters long or more is sufficient) and don't use the same password for all your accounts.

    Don't listen to the naysayers. McAfee is fine as an Anti-Virus client. Where it falls down is on malware - the detection engine it uses for malware protection is dreadful. AVG is no better overall than McAfee - though, of course, it is free. It's Norton that's utterly dreadful. Any product that is made by Symantec is horrendously bloated, impossible to remove and ridiculously resource-hungry (just like the shit it's supposed to remove, in fact!)

    I run McAfee at home, but I use the corporate 'Enterprise' client, rather than the home one because I run my own domain with about thirty servers, workstations and laptops. I manage everything via a server set up specifically to run McAfee's EPO software. You don't need all that, of course, but if you can get hold of McAfee 8.5 or 8.7 (depending on what operating system you're running) I'd advise you to use that instead of the 'home user' version - which comes bundled with a load of old crap you can't turn off properly.
  • thanks leroy much appreciated
Sign In or Register to comment.

Roland Out!