It’s happened to both my brothers now. Out of the blue, I start getting spam email from them - porn, pharmaceuticals, et cetera. Both of them are sensible people but not computer nerds. One, I know, probably looks at his fair share of porn. I refuse to speculate about the other.
The fix that’s worked has been to log onto the account from a completely new computer and reset the password, and I’ve told both of them to run complete viral scans to make sure there isn’t a virus, keystroke capture program, or other tricksome creature.
What I’m wondering is the what the most likely vector is.
A virus downloaded with free software/music/porn?
A trojan on their job networks (both work in offices on hardwired networks, one has a good IT department, the other has no IT department).
A security problem on free Wifi networks? I know both of them are likely to use the networks at Starbucks or other public places.
Suggestions? Advice? Wild speculation? All are welcome.
I’d look into your spam folder and see if you’re getting similar messages from other contacts. The timing of both being compromised at once sounds dodgy to me. My guess is that some third party got compromised and is spamming everyone on that party’s contact list and spoofing emails from it. You’re just seeing the ones from your brothers because your client isn’t filtering them out immediately. That doesn’t explain changing the password helping, at all, of course. It’s just another potential explanation.
I have a friend (on an email list) whose Yahoo account was compromised at some point. About once a month, the list gets a spam message “from” her. She has changed her password, but claims that it happens when she logs on from a particular computer where the old password has been saved and she can’t get that computer to forget the password.
I don’t get it. Even if the other computer had the old password saved, that wouldn’t work any more - and that wouldn’t allow the spambot to send emails then and only then.
Anyway, no advice, I’m just watching to see what other say.
I am sort of curious about how much, exactly, his fair share is. I had not realized it was rationed.
Mama Zappa, I strongly suspect that your friend’s computer has a key logger on it. The “old password” isn’t being used. She is probably logging on to her email using that computer, and the key logger is dutifully capturing her new password.
I agree - that’s the only thing that makes sense to me, also. Though why the spam is sent out only sporadically, vs. all the time; you’d think the spammers would want to take better advantage of it. Of course, I think it’s a work computer so she doesn’t have full control to run virus scans etc.
One thing to be aware of is that an email appearing to come “from” someone doesn’t necessarily mean that person’s account was hacked. SMTP is a very simple insecure protocol, and anyone can spoof the “from” address with whatever value they like when sending messages. It requires no access to the fake sender’s email account, just the knowledge of their email address.
One way to confirm this is for your brothers to check their sent mail folders. If they see those same emails in their outboxes, then indeed their accounts were hacked, and the messages were actually sent from their accounts. If not, it’s more likely that the spammer just spoofed the sender field using their addresses and actually sent them from somewhere else. In the latter case, it’s probably safe to assume that no real hacking (i.e. full illicit access to their email accounts) actually occurred.
In the old days, spammers would spoof the “from” address with random entries, knowing that the novelty of an incoming email would always get attention regardless of whether the recipient knew the sender.
Nowadays, people have gotten jaded and tend to ignore or even filter messages from folks they don’t know. My guess is that the spammers have counteracted this by building databases of mutual contacts, so that the spoofed “from” addresses can be made to seem from a trustworthy source.
If it’s true that these emails were just spoofed, the real question is how they figured out the association between your email address and those of your brothers. They probably scraped this off Facebook or something. Do you all have public profiles linked together on any social networking sites?
Anecdote to illustrate the point: Ten years ago, back when our Exchange server was still an open SMTP relay, one of the guys on my team spoofed an email to the entire department that appeared to come from the boss, telling us all to take the afternoon off. About half the department fell for it (those who didn’t know about SMTP or this guy’s practical jokes) and went home early. (No one ratted on the culprit, but Don, if you’re reading this and still wondering who sent your guys home that day I’ll tell you for a price.)
I understand much better now. Lucky for me, my email password is completely different from all my other passwords, so it would take my webmail provider being hacked to be spamming friends. I’ll let my brothers know.
