This weekend my Yahoo! account started sending out spam to everyone in my address book.
I’ve already:
Changed the account password
Changed the verification 2nd email address associated with the account
(In progress) Running anti-virus/malware checks on my computer.
Are there any other steps I should take?
I’ve debated in my head making this email account my ‘trash’ account that gets submitted to things that ask for an email account. I’ve stuck with that account because I have a nice, short, easy-to-remember username. Still, I can’t have my friends being spammed because I made a mistake.
The other issue is that I wonder how much I can even do about this. Even though I’ve changed the password, can’t they still spoof the account address and spam anyone who accepts email from that address?
Any information or links to what to do would be helpful. Thanks!
Email can be sent with forged headers making it seem like it’s from you, even though it may never have touch your computer or online account.
Are you sure that it is actually your Yahoo account that’s sending the spam? Can you ask one of the recipients to send a spam sample, including all the header information that many email programs and services hide, back to you, so you can post it and we can go over the header information? That way we can at least see where it really came from…
You said it was sent from your yahoo account. There are two ways to understand this:
It was sent from your yahoo account just as if you logged in and sent them yourself.
Spammers sent the email from some random location but forged your yahoo email address in the From field. The spam looks like it came from your yahoo account, but if you look at the headers you can see it came from some other place (like Russia).
Do you know which scenario you are dealing with?
If it’s the first case, then the spammers likely got your email and password by hacking some other website. The other website stored your email/pw in a database and the hackers stole that. Likely they did not hack your computer with a virus, but you never know. Do you use the same password for yahoo as other websites? If so, hackers can hack those other websites to get your email password.
You should change all your passwords for all your accounts. The hackers may try the same email/pw combination on other sites that use email login like netflix, facebook, etc. In addition, hackers may have had access to your inbox and could have read any messages there. They may have downloaded those messages looking for other logins in the inbox messages.
That’s a great question - it occurred to me, but I don’t really know what I’m looking for. Luckily that acct had many outdated email addresses and I got bouncebacks from those:
Does the bolded portion indicate that my Yahoo account is actually the one sending the spam?
I’m guessing it does, but I don’t really know what I’m looking for.
I did have one other account that used the same password. I’ve changed that one too.
Seems to me that I’m dealing with scenario #1 from filmore’s post.
Those headers do look like they’re using your real yahoo account to send the spam. The address at the bottom (200.88.85.108) is the spammers computer in the Dominican Republic. From that computer he logged into yahoo. The rest of the headers seem to match the yahoo mail servers. So likely the spammers got your email/pw from somewhere and used it to log into your account and send spam.
Make sure the pw used on your email account is unique and used no where else.
I had this happen to me through my Yahoo account about 2 years ago.
But probably the worst thing about it was the fact that the SPAM which was sent out was CC’d to everyone in my contact list, which at the time included a VERY insecure girlfriend, and generated a ton of questions!
“Who’s THIS person?”
“Why do you still have your ex-girlfriend in your E-mail contacts?!?”, etc.
I thought she’d never stop asking about my contacts.
To keep this from ever happening again I did what you did, (Changed password; Verification E-mail; Virus scan) but I also added the words “REMOVE_BEFORE_SENDING” to all of my contacts’ E-mail addresses, right after their name, and before the “@”. Yes, it adds an extra step to delete those words before sending an E-mail, but I never have to worry about anyone getting SPAM through that account again.
If I’m concerned with security I run my default antivirus program, Microsoft Security Essentials, (it’s completely free for activated versions of Windows Vista and up [I have Win7]) as well as Malwarebytes, and SuperAntiSpyware.
Outside of the issue with Yahoo & the jealous ex I mentioned, I’ve not had any problems since.
I have both a yahoo account and a hotmail account that I use for sign-ups etc. where I don’t care if I get spam or junk mail. Neither of these is my main email account. Neither one has any contacts in the contact list, since I never send mail from them, but only receive mail. So am I safe from this spoofing thing WRT these two accounts?
There seems to have been quite a few Yahoo compromises in the past week - my brother’s account, and a friend’s account, both sent out spam. My brother said that his was in fact compromised; the friend didn’t say one way or the other. A careless hacker might not clean up the sent mail folder when spamming from a compromised account, and that’s pretty good evidence that they’ve actually gotten in. Of course, someone being extra careful would use your account for spamming, delete the sent mails, and avoid using your address book, all reducing the chances of getting caught.
Of course, even if your account was hacked, the hackers now have copied your address book and can continue to send out spam “from you” by spoofing the address. As far as I know, there’s nothing you can do about that :(.
