Your computer wasn't hacked, but change your email password (mini rant)

Ok we keep getting threads like this one and this one where the OP is looking for help cleaning malware from their machine because they are spamming their friends.

People helpful try to get the OP to download various sorts of anti-malware apps, reinstall their OS or get a new AV app.

The actual problem is not on the OP’s computer. You’re sending them down a rabbit hole with your responses. They don’t know the difference between POP mail and webmail so getting them to try all sorts of goofy other stuff is not going to be helpful.

I sympathize with the folks who don’t understand the difference between POP mail and webmail. I keep trying to explain and not get mad. I don’t sympathize with the folks who keep sending them down the wrong path.

If you use Outlook, Thunderbird, Eudora, Entourage or any program that physically downloads email to your computer, and your contacts start getting spam email from you, then yes your computer is compromised.

However, most people are complaining that their Yahoo, Gmail, Hotmail and AOL addresses are sending out emails to their contacts. If you go to a Web site to send and receive email, as in most cases with these services, you are using Web mail. Your email is not on your computer. Your contacts are not on your computer. No one is sending email from your computer because it doesn’t exist there.

In the past few months I’ve gotten spam from friends at Yahoo, Hotmail and AOL. Upon checking their accounts we’ve seen that in their SENT folder are copies of this spam. This spam was not sent from their computer, it was sent by someone logging in to their webmail account and using it to send spam.

Just the same as how you can use any computer in the world to check your Gmail as long as you have the username and password…anyone else anywhere in the world can log on to your Gmail account as long as they have the username and password. This has nothing to do with your computer.

“But how do they get my username and password if not through my computer?”

Simple - I saw this just the other day on one of my hosted clients’ sites.

A hacker uploads a malicious script to a Web site. Usually the site is built around a popular pre-made system such as the shopping cart osCommerce. Being familiar with the system, the hacker knows where the database connection file is stored and what tables in the database holds the userbase’s email addresses and passwords. Their malicious file connects to the database and downloads everyone’s email address and password. Now they have all of the email addresses and passwords from the userbase of this site.

There’s a good chance that mary12@yahoo.com, who uses the password Mary12 on the freshly-hacked site, uses Mary12 as her password for Yahoo mail too. The hacker tries this login info at Yahoo and viola! They’re in.

Now the hacker can send spam to all your friends, which they will open because they know you. And they can grab your friends’ email addresses for later use, since you probably only keep valid email addresses in your address book.

NONE of this transpired on your computer. YOU didn’t get hacked but possibly one of the hundreds of Web sites where you have a stored login did get hacked. There’s nothing YOU can do about it except - and this is important - change your webmail password.

Also important, and also suggested in other threads (eventually) is that you try not to use the same passwords everywhere. Or, at LEAST, make your webmail password extremely unique and don’t use it anywhere else. And don’t use dictionary words.

You might not give a toss if your SDMB password and your fantasy football accounts get hacked (they probably won’t) but if your email address and password at one site match your login on your webmail site…that is just bad news.

There really is a rash of this going around right now. For real. Please change your password, make it secure, and make it unique.

And stop agreeing when people think they are hacked. Unless you’re sure that the person is using a POP client, they aren’t.

I’m one of those folks. Can you help me to understand the difference?

POP mail is downloaded to your computer from a distant server. Once it is downloaded to your computer, it can be erased from the server, and it then exists nowhere else. You must use a program on your computer to look at the mail on your computer, and you can only look at it on your computer.

Webmail is stored on a distant computer. You connect to this computer using a web browser and a password, and view the mail as part of a website through the browser. The mail is not downloaded to your computer. You can look at your mail from any computer that can connect to the mail website.

It’s possible to have more complicated scenarios, but this is the simplest. POPmail = download, webmail = view online.

I know at least one Doper who would disagree with you.

LOL that’s exactly what popped into my head when I wrote that aside…I should have added it as an aside to my aside :slight_smile:

My Yahoo account was compromised just last night. Grrrrrrrr.

Apparently my Hotmail account was compromised, because it’s been partially blocked from me. The way to turn it back on is they send a text message to my mobile phone, but I don’t use one, so I’m kind of stuck.

Not that I really use Hotmail anymore, so it’s no great loss really. I just use it for my MSN messenger login.

No, that’s a related lesson, which is to log out when not at your others-accessible computer or to password-lock the computer itself. :smiley:

Thanks, Sunspace. What does POP stand for?

POP stands for Post Office Protocol

I thought I would mention the best of both worlds, IMAP, where you can use webmail if you want, but also store a copy of the e-mail locally on your desktop.

Mine two days ago. Generated spam emails to everyone in my Yahoo address book. I changed my password at Yahoo and all other online mail services and deleted all contacts from the address books.

It’s happening. It’s a rash. Not sure why the media isn’t reporting it (ok, I haven’t really looked too hard) but pleeeeeease change your passwords!

I hate to complicate this any further, but you can ( and I do ) use POP to access your Yahoo and Google mail as well.

Today I informed a friend that one of her email accounts has been burgled and I’m receiving between 3-6 spam mails from her account per day.
“No, you’re not”
“Yes, I am. It’s from your [very specific only to you]@aim.com
“I don’t use aim for email”
“You used to, I remember”
“You’re wrong”
Yes, friend. I’m wrong. The very specific only to you @ aim spams that are being sent to me and others I know from your usual mailing list are magic. Someone, somewhere, knew enough about you to create a new mail addy for you and somehow knew all the people on your mailing list.

I could not get it through her head that yes, she DID have an aim address at one point (it was at least 4 years ago, at which time we switched IM clients) and someone did get into it. I gave up and just blocked her address.

Yep. And then you would fit in to the group I mention here:

And not this group:

Maybe you guys are trying to help some how by introducing the idea of downloading your GMail or using IMAP but it sort of goes against the issue at hand.

I think maybe my OP was too wordy tho. Hard to scan for “does this apply to me?” My bad. I was a little angry when I wrote it.

I’m here to help and so are others…as long as we’re all on the same track. The issue here is that a lot of web-based email accounts are being hacked and used to send spam, and folks need to understand what that means and how to fix it.

As always, there is a relevant XKCD cartoon.

Yeah, that. It’s true.

I just changed my pword. Thanks, ZipperJJ.

To add further confusion there is another scenario(ish), if your computer is compromised and you are using POP then during the infection your email address and contacts list can be sent off to the person collecting them who then sends emails to your contacts pretending to be you (quite easily done to make email look like it came from someone else). This is a particularly annoying occurrence as even after you remove the infection from your PC the emails continue to be sent.

When you are using POP you can select to leave a copy of the messages on the server, that way you have your local copy in Outlook or whatever but can still access your inbox anywhere in the world.