• Hacked E-Mail keeps making it through

    Home » Forums » AskWoody support » Productivity software by function » MS Outlook and email programs » Hacked E-Mail keeps making it through

    Author
    Topic
    donebb
    AskWoody Lounger
    September 28, 2010 at 3:15 pm #471977

    A friend of mine got her e-mail account hacked a while back, about 6 months ago. It sent out an e-mail to everyone in her address list, with just a link in the e-mail. She closed the account and the e-mails stopped coming.

    Now in the last week or so, I have been getting them 2 – 4 times a day. I use the Windows Live Mail desktop client for Hotmail. I have repeatedly both added it to my blocked senders list and marked it as junk mail but it keeps coming back to my Inbox. I don’t want to block the senders domain because it comes from sbcglobal.net and I get several others from there.

    I have tried blocking it using both Live Mail and Hot Mail. Any suggestions.

    Reply | Quote
    Viewing 11 reply threads
    Author
    Replies
    • WSCLiNT
      AskWoody Lounger
      September 28, 2010 at 3:43 pm #1247065

      You may have to change your email address too. Since your friend’s contacts list, with your email address included, has been harvested.

      Reply | Quote
    • Paul T
      AskWoody MVP
      September 29, 2010 at 12:17 pm #1247187

      You may find the email address is spoofed and the real source is elsewhere. In that case you need to add that sender to your blacklist.
      To see the source you need to view the headers.

      cheers, Paul

      Reply | Quote
    • donebb
      AskWoody Lounger
      September 29, 2010 at 12:43 pm #1247203

      Thanks Paul and Clint. Paul, I don’t want to sound stupid but how do I view the header? When I edit the address, it shows as the one that I think it is.

      Reply | Quote
    • WSCLiNT
      AskWoody Lounger
      September 29, 2010 at 12:53 pm #1247206

      Right click on the email message and choose “properties”, then go to “details”, then click the “message source” button.

      Reply | Quote
    • donebb
      AskWoody Lounger
      September 29, 2010 at 2:02 pm #1247217

      Got it, thank you. Now, at the risk of sounder even dumber, what am I looking for?

      I see where it says Received From but it isn’t an e-mail address, I think, since it doesn’t have an @ in it.

      It shows web180111.mail.gq1.yahoo.com. Should I add that to my blocked senders list?

      The offending address, the one that used to belong to my friend, is also listed further down where it just says From.

      Thanks again for the help.

      Reply | Quote
    • joep517
      AskWoody MVP
      September 29, 2010 at 2:16 pm #1247228

      Please post a screenshot of the header.

      “From” email addresses are trivial to change. If the spammer in question has access to multiple servers even adding the mail server to your blocked list won’t do much other than block everyone who may be using that Yahoo server to send you email. IMO, you are fighting a losing battle.

      In WLM, what is your junk mail level setting? If you want to go through the work, setting it to Safe List Only should handle it.

      Joe

      --Joe

      Reply | Quote
    • donebb
      AskWoody Lounger
      September 29, 2010 at 9:02 pm #1247255

      It is already set at Safe List Only, that must be the default.

      Here is the header, bestno1@sbcglobal.net was my friends e-mail address:

      X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MTtTQ0w9Mw==
      X-Message-Status: n
      X-SID-PRA: bestno1@sbcglobal.net
      X-AUTH-Result: NONE
      X-Message-Info: JGTYoYF78jGRmfVa6LefMuWghy7k8BmQMVH60UaxL+0C7ZtBAwG4Zyi/DdoFfJptIVV4Q79/ZOs8PcOF/PxPz7glbj0uOilA
      Received: from web180106.mail.gq1.yahoo.com ([67.195.8.94]) by snt0-mc2-f10.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
      Wed, 29 Sep 2010 18:58:03 -0700
      Received: (qmail 40534 invoked by uid 60001); 30 Sep 2010 01:58:02 -0000
      DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sbcglobal.net; s=s1024; t=1285811881; bh=XHUppGegvB5WWTbViCpu2bxPDRf3N7CaSziJZsJuXKc=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:To:MIME-Version:Content-Type; b=v4Q/p/07DTEMS0wz5wiu6e/FykuoU+ib2er20QOEE4urALQhQ9pFKcY+pNHIXTUPoSZH4HLTXTDx1Wbqyn76/gpkQoOuxBzGt6tW3Opv5mc3XswpBNEJXgOxupXoStk4/o2UwxuKH17mdQLEVum64IwERmuo5kY3jp60u+oD7Jc=
      DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
      s=s1024; d=sbcglobal.net;
      h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:To:MIME-Version:Content-Type;
      b=o6mf11xLoCkMCm9Nm3JsCne+NXt+M7xMvQnu6noRy/QK3HeszaVGQc8ITIdyEGlg7qEIfp9nVkMauqsmW9FMtmGAIfnBXhtAb7Jn0nu9G8TAQylj/FCJdyknKR1T7SrHMkNPasr0zpLrxrYaPx3TsldKJvG4Ty7Y5PbUevLdYUA=;
      Message-ID:
      X-YMail-OSG: SHVsNb4VM1lE.1rED1n7.y_xRuiHrzKMIzH980TOm4nO5.J
      FLvqXqm_7aLLUhtfBu4LeKdhaEfqdomjdMSVGwPACq8PMkZ50on8.Fla8J8l
      6R5_iEIW4HyDonqaG_xHbvWLw2PFCBEbyXnhLxnShfQ2YOMnmBhHNSVJS6Jt
      c3WJpWADMSpKo_KIHP57C0nEgfiqCqyziYP.57G8MVxWgh9pgzu9IYicIWaX
      hRX3dYJ3xPh4zHQuGPmYSaLANAvziobDFjy.6SR.PAvjApQBK8Zb7AD7U_mW
      LHxyFueIMYshPmUHuzMLXf4RdbgALY2E7LkxAwg.e9WFE8Xsv6Eb62x5wMud
      QXlHZE1IsCX2wGh0AEpWKRsH2oC9jQnzqrzvLG7PAQ09bKpxkqlbmv6Fg7Vo

      Received: from [122.162.170.254] by web180106.mail.gq1.yahoo.com via HTTP; Wed, 29 Sep 2010 18:58:01 PDT
      X-Mailer: YahooMailClassic/11.4.9 YahooMailWebService/0.8.105.279950
      Date: Wed, 29 Sep 2010 18:58:01 -0700 (PDT)
      From: bestno1@sbcglobal.net
      Reply-To: bestno1@sbcglobal.net
      To: jbourgeois@hfinc.com, babahoy@yahoo.com, nima_weld@yahoo.com,
      LFessenden@mdea.com, pishrochi@comcast.net, donebb@hotmail.com,
      larry@americanpremiergroup.com, dmaybin@kluttspropertymanagement.com,
      dvmoses@roadrunner.com
      MIME-Version: 1.0
      Content-Type: text/plain; charset=us-ascii
      Return-Path: bestno1@sbcglobal.net
      X-OriginalArrivalTime: 30 Sep 2010 01:58:03.0871 (UTC) FILETIME=[EB1AEEF0:01CB6042]

      http://www.taiwan-ing.com/38002.html

      Reply | Quote
    • joep517
      AskWoody MVP
      September 30, 2010 at 8:36 am #1247289

      The bottom part of the header shows that the originator of the email was 122.162.170.254 which is an address in India. So, the Yahoo address is not the real culprit.

      If your junk mail setting is Safe List Only then removing your friend’s old e-mail address should route those emails to your spam folder.

      Joe

      --Joe

      Reply | Quote
    • donebb
      AskWoody Lounger
      September 30, 2010 at 12:29 pm #1247318

      Well, I really feel dumb. I thought I had deleted the offending e-mail address but when I went back and looked at my contacts, it was still there. I deleted it and hopefully that should take care of it. Thanks for the help.

      Reply | Quote
    • WSmjnelson99
      AskWoody Lounger
      October 28, 2010 at 1:39 pm #1252263

      I put one of my own email addresses in my address book. It is an address I use just for that purpose. That way if my computer gets hijacked, I will also receive an email and know about it.

      If your email addresses have been harvested and the mail is not coming from your own computer, that won’t do a whole lot of good except for the info.

      Reply | Quote
    • donebb
      AskWoody Lounger
      October 28, 2010 at 1:49 pm #1252268

      I do have my own e-mail address in my contact list but not for that purpose. That’s a very good idea.

      My friend finally got it under control, at least I haven’t gotten any in the last couple of weeks. She worked with the ISP, SBC and I guess they got it stopped.

      Reply | Quote
    • WSsparkz-in-aus
      AskWoody Lounger
      November 5, 2010 at 8:35 am #1253885

      I recently had a similar thing happen to my hotmail account. At the same time I found that all of my ‘Sent’ items had been deleted (but were still in the ‘Deleted’ folder). Amongst them I also found the bogus emails that had been sent to peeps in my contact list.

      Changed my hotmail password, restored the ‘Sent’ items and so far, haven’t had any further, apparent ‘hits’ against my account.

      Reply | Quote
    Viewing 11 reply threads
    Reply To: Hacked E-Mail keeps making it through

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.