Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Community > MacNN Lounge > Hotmail's gone awry. Phishing insults.

Hotmail's gone awry. Phishing insults.
Thread Tools
dzp111
Senior User
Join Date: Mar 2007
Location: Sudbury, ON
Status: Offline
Reply With Quote
Oct 21, 2009, 01:29 AM
 
I received an hotmail basically saying nothing except to click 'here'. It was sent from my nephew's cousin (whom I don't really know). I replied and told him to shove it since it forwarded me to a nuisance site. (phishing no doubt).

A few days later I get a reply from someone I haven't spoken to/emailed in a long time. Apparently she received the same email from me!!??

I only use Hotmail for subscriptions and nothing else (personal/family & friends are on my Mac Mail).

Something's going on, and I don't like it. Someone's tapped in my Hotmail's contacts.

What's going on? Any theories?
.................................................. .................................................. ..................................www.DNCH.com

.................................................. .................................................. .......................www.daniel.poirier.com
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Reply With Quote
Oct 21, 2009, 02:41 AM
 
There's no evidence here that anybody has tapped into your contacts. An email's "sender" is about as reliable as a shirt tag that says "Hi, my name is Snuffaluffagus." I could send you an email from [email protected] if I were so inclined. Somebody or several somebodies with these names in their contact list has been compromised, and the names are being randomly assigned as senders and recipients, but there's no proof that you're the one who's been raided.

I would recommend in the future, though, not clicking on unknown links in fishy emails.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
reader50
Administrator
Join Date: Jun 2000
Location: California
Status: Offline
Reply With Quote
Oct 21, 2009, 03:46 AM
 
My theory: there has been at least one "send to all" email exchanged between you which lists everyone's email. And one of the recipients has a Windows PC which has been compromised. A spammer got it, and is using the list of related people to send exciting offers.

Send-to-all emails are commonly used when someone changes email addresses. They send their new address to everyone.
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Oct 21, 2009, 07:39 AM
 
...or someone who has your nephew's cousin and you in their Windows machine's address book got pwned by a trojan which is now using that address book's entries as camouflage for the phishing/spam/crap it's sending out.

Glenn -----OTR/L, MOT, Tx
     
olePigeon
Clinically Insane
Join Date: Dec 1999
Status: Offline
Reply With Quote
Oct 21, 2009, 12:54 PM
 
"…I contend that we are both atheists. I just believe in one fewer god than
you do. When you understand why you dismiss all the other possible gods,
you will understand why I dismiss yours." - Stephen F. Roberts
     
dzp111  (op)
Senior User
Join Date: Mar 2007
Location: Sudbury, ON
Status: Offline
Reply With Quote
Oct 22, 2009, 03:18 PM
 
Well it happened again. An old friend on my contacts list received the same phishing email "from me".

They write back asking what do I mean with the email..

Should I just open an new account? I can't have my friends going through this. I'm concerned that if they click the link at the bottom of the email, that their accounts will also be compromised.
.................................................. .................................................. ..................................www.DNCH.com

.................................................. .................................................. .......................www.daniel.poirier.com
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Reply With Quote
Oct 22, 2009, 03:43 PM
 
What effect would opening a new account have?
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
dzp111  (op)
Senior User
Join Date: Mar 2007
Location: Sudbury, ON
Status: Offline
Reply With Quote
Oct 22, 2009, 06:00 PM
 
Ya you're probably right.

What if I clean (swipe) my Contacts list? Like I said I hardly ever use Hotmail except for some subsriptions.

Think that would help?

I really need a solution. I can't have this happening to others.

I read that a similar scam/hack happened to Europeans not long ago. It was suggested that clients change their passwords. Apparently that didn't even help.

Anyway, I'm decided. I'll delete everyone in my Contacts list. I'll let you know how that goes.
.................................................. .................................................. ..................................www.DNCH.com

.................................................. .................................................. .......................www.daniel.poirier.com
     
reader50
Administrator
Join Date: Jun 2000
Location: California
Status: Offline
Reply With Quote
Oct 22, 2009, 06:32 PM
 
All of your emails have been exposed. The only fast escape is for all of you to get new addresses. btw - check long headers on your email. See if it really came from the other person's account, or if it's just a rebadged sender. If it's rebadged, you should all get new emails to avoid spam from each other.

If it really was mailed from their account, then each person with a hacked account need to kill your existing accounts pronto - with your real login info, they could reach everything you have stored on the servers. Which can be a lot on web-based email.

Changing your password may not work, not if it sends a confirm-change email out. Or if the hacker was logged in at the time you changed the pass. It might be enough to change the pass, but it's hard to be certain.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Oct 24, 2009, 03:07 AM
 
Originally Posted by dzp111 View Post
Ya you're probably right.

What if I clean (swipe) my Contacts list? Like I said I hardly ever use Hotmail except for some subsriptions.

Think that would help?

I really need a solution. I can't have this happening to others.

I read that a similar scam/hack happened to Europeans not long ago. It was suggested that clients change their passwords. Apparently that didn't even help.

Anyway, I'm decided. I'll delete everyone in my Contacts list. I'll let you know how that goes.

Don't waste your time. Spoofing, backscatter, and like the are simply the nature of email, there is nothing you can do about this. Deleting everybody in your Contacts list will accomplish absolutely nothing.

What you should learn to do, or have your contacts do, is examine the full headers of the email for the envelope address of the message (rather than the "from") address. This reveals the true origin of the email. Chances are these emails are not even coming from this country, in which case the horse has already left the barn.

There are all sorts of ways for spammers to harvest email addresses:

- purchasing them
- harvesting them from webpages where they are exposed
- viruses on any computer with your name in an address book
- etc.

There are also countless ways to send email messages with forged headers, and many techniques to exploit web based forms to utilize them as a means to send spam.

There is much you can learn about this subject, but in the meantime I would definitely not suggest taking action without understanding what you are doing. Like I said, deleting your Address Book would almost certainly be a complete and utter waste of your time.
     
goMac
Posting Junkie
Join Date: May 2001
Location: Portland, OR
Status: Offline
Reply With Quote
Oct 24, 2009, 11:05 PM
 
Originally Posted by dzp111 View Post
Ya you're probably right.

What if I clean (swipe) my Contacts list? Like I said I hardly ever use Hotmail except for some subsriptions.

Think that would help?

I really need a solution. I can't have this happening to others.

I read that a similar scam/hack happened to Europeans not long ago. It was suggested that clients change their passwords. Apparently that didn't even help.

Anyway, I'm decided. I'll delete everyone in my Contacts list. I'll let you know how that goes.
Nothing you can do will fix this.

They likely aren't even sending the email from your account. It's extremely easy to forge an email to make it look like it came from your account.
8 Core 2.8 ghz Mac Pro/GF8800/2 23" Cinema Displays, 3.06 ghz Macbook Pro
Once you wanted revolution, now you're the institution, how's it feel to be the man?
     
dzp111  (op)
Senior User
Join Date: Mar 2007
Location: Sudbury, ON
Status: Offline
Reply With Quote
Oct 25, 2009, 01:19 AM
 
So...everyone on my contacts list and everyone on their contacts lists, etc., are screwed? Etc.???

Like a damn pyramid?

I'm seriously pissed.

F*ck it. Hotmail's out of my life. Period.

Question - Could this happen to Mail? (Mac).
.................................................. .................................................. ..................................www.DNCH.com

.................................................. .................................................. .......................www.daniel.poirier.com
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Oct 25, 2009, 01:27 AM
 
dzp: you aren't getting it. This is not a Hotmail problem. This is not a Mac problem, or a mail client problem, or a Windows problem. This is an internet problem. It's a simple reality that we all have to accept, we are all defenseless to it.

Like I said, learn to check your full headers for the actual address. Educate people about spoofing. Get your recipients to use PGP or email certificates. That's all one can do, we're all in the same boat.
     
goMac
Posting Junkie
Join Date: May 2001
Location: Portland, OR
Status: Offline
Reply With Quote
Oct 25, 2009, 03:15 AM
 
Originally Posted by dzp111 View Post
So...everyone on my contacts list and everyone on their contacts lists, etc., are screwed? Etc.???

Like a damn pyramid?
It's not like a pyramid, no.

This really isn't anything new. I've seen spam emails that "came from my account" for years now. Basically, once a spammer has your email address, he can fake emails coming from it without access to your email account.

I don't know why someone in your contacts list happened to get an email from "you", but just because someone gets the email, it doesn't mean their contacts are exposed.
8 Core 2.8 ghz Mac Pro/GF8800/2 23" Cinema Displays, 3.06 ghz Macbook Pro
Once you wanted revolution, now you're the institution, how's it feel to be the man?
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Oct 25, 2009, 10:41 AM
 
Every now and then I'll get a passel of "undeliverable" reports from a variety of mailer daemons that I've never even heard of before. They're because somewhere one of my addresses has been used as the "from" line in some sort of spam, and a few domains' mailer systems recognize the crap as spam and reject it, or the spammer's address list is faulty and it uses nonexistent addresses. It's odd and a little scary when it happens the first time, but I don't even bother reporting this stuff to postmasters anymore; they know what's going on.

Glenn -----OTR/L, MOT, Tx
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Oct 25, 2009, 02:02 PM
 
What ghporter refers to is called "backscatter", in case anybody wishes to Google that term.
     
Oisín
Moderator Emeritus
Join Date: Mar 2004
Location: Copenhagen
Status: Offline
Reply With Quote
Oct 25, 2009, 03:03 PM
 
Interestingly, I just got a whole batch about 50 of those today, after not having received a single one for at least a year. Thought that somewhat appropriately timed, what with this thread here being just up and open …
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Oct 25, 2009, 04:56 PM
 
Originally Posted by besson3c View Post
What ghporter refers to is called "backscatter", in case anybody wishes to Google that term.
Ah. Makes sense too. Thanks for the info.

Glenn -----OTR/L, MOT, Tx
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 01:21 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,