The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
Email stolen???
ShinyRedKnight
Registered User regular
Registered User regular
So I just checked my spam box.... guess what is at the top? Spam, selling Viagra, from MY email address. So, after the small heart attack, I changed the password. But still, this is a big FREAKING problem. I checked my sent emails folder, and that specific email is not shown. Yet the spam email is clearly labeled as coming from my own email address. Anyone hear of this? Please help 
PSN: ShinyRedKnight Xbox Live: ShinyRedKnight
ShinyRedKnight on
0
Posts
Don't freak out immediately. It's way, WAY simple to forge the email sender address. It happens all the time, and is not an immediate indication that your email has been compromised in any way. Spammers love to get your attention this way. Nevertheless, changing your password was a good step toward peace of mind, provided you're confident your computer itself is secure.
If you're really concerned and you've still got the email sitting in your spam box, check the header. Look for the "Received: from (address)" entry. The address in this case should indicate what email provider sent the actual message to your inbox. If you're using gmail, for example, and you send a message to someone, if they check the header it will say "Received: from [blahblah].google.com". If that line is from some completely weird address, then someone just spoofed your address as the sender, and you're probably fine. If the message did come from your own account, then it'll be indicated as being received from the same address as your email service.
PSN: ShinyRedKnight Xbox Live: ShinyRedKnight
What email service are you using? Some of them allow you to see the IP address from which the email box has been accessed for the last few log ins. You could check that record to see if the session history points to an unfamiliar IP range.
Anyhow, if we assume a worst-case scenario that your email address has been compromised, your login credentials were likely pinched in one of two ways. Either (1) a phishing or social engineering method which obtained your login details when you unknowingly entered them into an insecure page designed to harvest them, or (2) a trojan/keylogger infection on your machine.
If they got your login details with (1), then by changing your password you're safe. They shouldn't have any way to get back into your account.
If they got your login details with (2), then they saw you change your password. In this case, you'll want to scan your computer with an Antivirus and/or Antimalware program to ensure nothing's got your system infected. The highly recommended solutions are MalwareBytes AntiMalware located here, and Microsoft Security Essentials, located here.
To be clear, I've seen so much backscatter in my day that I'm not terribly convinced that this is an indication you've been compromised. It's possible, but not a sure thing. Nevertheless, running some scans can at least help to give you some peace of mind.
I've been accessing my email tons at my university's labs... they don't seem to be the most well protected or up to date machines.
My machine should be clean, I used AVG for the longest time. Only recently did I try out avast just to see how it works.
PSN: ShinyRedKnight Xbox Live: ShinyRedKnight
Bet on the keylogger from your description.
The software mentioned though, malware bytes and Microsoft security essentials, can they be used in in conjunction with avast or is it instead of avast.
PSN: ShinyRedKnight Xbox Live: ShinyRedKnight
Generally instead of. Stacking alot of anti-virus is like putting on multiple condoms, it's a pain and doesn't actually provide you with any more protection really.
Computing also feels way way WAY better without antivirus.
FFBE: 898,311,440
Youtube: http://www.youtube.com/dElementalor
Yeah, I wouldn't worry about it. When other people start to get spam from you, then you have a problem.
Yeah pretty much I think getting that kind of spam is pretty normal.
FFBE: 898,311,440
Youtube: http://www.youtube.com/dElementalor
PSN: ShinyRedKnight Xbox Live: ShinyRedKnight
This whole thing.
Art.
It's called a "joe job" - in this case you're probably just the victim of automated spam - and can be very difficult for a non-technical user to distingiush it from an actually compromised email user account.
Unfortunately, forged FROMs are extremely common, and it is more likely what's happening than your Yahoo account being compromised. It's usually possible to distinguish between a joe job and a compromised e-mail account by reading the detailed e-mail headers. Carefully. Since there's usually a lot of obfuscation going on in there, and they're only marginally human-readable to begin with without a roadmap.
It's common for spam to be addressed FROM the person they're spamming TO, because once upon a time spam filters were pretty stupid, and this is a technique that would get it past the rudimentary filters of the time (which wouldn't distinguish between outgoing and incoming whitelists). Now, it probably only causes people to slightly panic, which still gets it read, and maybe even clicked - so it's not totatlly ineffective as a technique. Spam is a statistical predator - it doesn't have to fool all the people all of the time. Just some.
The Wikipedia article (and the one linked to it on backscatter) will probably be of interest to explain the phenonmenon.