email hack

Apr. 27th, 2014 09:58 pm
lettered: (Default)
[personal profile] lettered
I don't know what to do. People keep getting spam emails from me. I changed my password, which didn't help. Advice?

(no subject)

Date: 2014-04-28 05:55 am (UTC)
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
From: [personal profile] synecdochic
Is it from an AOL account?

What's happening with those (from what I've seen and from examining the headers of the AOL spam I'm getting) seems to be breakins, cloning the address book, then sending the spam (to members of the address book) with the victim's AOL address forged, so it's not coming from the account itself. There is, sadly, nothing you can do to stop it once they've already broken in, and there's been a huge wave of breakins this month. (I suspect AOL mail was vulnerable to Heartbleed. Or some other massive security vulnerability.) Even closing the account won't stop the spam, since they're not actually using the account itself.

If it's not an AOL account, and the spam is definitely coming from your account (as determined by examining the full headers of the email), there's two possible explanations: either a) you're using a password that's too close to the password that got cracked (ie, the same pw with different numbers or whatever), or b) the computer you changed your password on has a keylogger recording your actions and sending them somewhere.

To rule out a): Change your password to something completely unique that you use nowhere else. For maximum uncrackability combined with maximum rememberability, use five or more plain English words, spaces included. (If the service requires capital letters and numbers/symbols, make it a sentence with punctuation.)* Turn on two-factor authentication if the service supports it.

To rule out b): Boot from a recovery disk and run at least two separate antivirus checkers running the most recent virus definitions. The boot-from-disk part is the most important part: most keyloggers these days contain code that will try to disable virus checkers. (It's an arms race as to whether or not they can, but boot-from-disk is the best chance of getting them.)

* The standard suggestion of "a meaningless keysmash of 8 or more letters/numbers/symbols" for "secure password" is outdated and doesn't take into account the current generation of password cracking software.

(no subject)

Date: 2014-04-28 06:16 am (UTC)
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
From: [personal profile] synecdochic

I can check it for you if you get someone who's received the spam to forward me the full headers. (Gmail has instructions for many mail readers.)

Yes, changing your password on another computer would bypass a keylogger for that individual login, but the minute you logged in to your mail on your computer it would be compromised again (assuming your computer had a keylogger installed, I mean).

If you absolutely don't know how to boot from disk and none of the instructions you read help you, it's still worth doing the "run two separate virus scanners with up-to-date virus definitions" even if you do it from the potentially-compromised computer, but if you continue having problems with accounts being compromised, take it in to a local shop and have them do it for you.

(no subject)

Date: 2014-04-28 04:28 pm (UTC)
marycontrary: (Default)
From: [personal profile] marycontrary
Even if you had a keylogger, 2-factor authentication would help someone with a smart phone on gmail -- but I'm betting your address is being spoofed at this point.


lettered: (Default)
It's Lion Turtles all the way down

January 2015

456789 10

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags