What's happening with those (from what I've seen and from examining the headers of the AOL spam I'm getting) seems to be breakins, cloning the address book, then sending the spam (to members of the address book) with the victim's AOL address forged, so it's not coming from the account itself. There is, sadly, nothing you can do to stop it once they've already broken in, and there's been a huge wave of breakins this month. (I suspect AOL mail was vulnerable to Heartbleed. Or some other massive security vulnerability.) Even closing the account won't stop the spam, since they're not actually using the account itself.
If it's not an AOL account, and the spam is definitely coming from your account (as determined by examining the full headers of the email), there's two possible explanations: either a) you're using a password that's too close to the password that got cracked (ie, the same pw with different numbers or whatever), or b) the computer you changed your password on has a keylogger recording your actions and sending them somewhere.
To rule out a): Change your password to something completely unique that you use nowhere else. For maximum uncrackability combined with maximum rememberability, use five or more plain English words, spaces included. (If the service requires capital letters and numbers/symbols, make it a sentence with punctuation.)* Turn on two-factor authentication if the service supports it.
To rule out b): Boot from a recovery disk and run at least two separate antivirus checkers running the most recent virus definitions. The boot-from-disk part is the most important part: most keyloggers these days contain code that will try to disable virus checkers. (It's an arms race as to whether or not they can, but boot-from-disk is the best chance of getting them.)
* The standard suggestion of "a meaningless keysmash of 8 or more letters/numbers/symbols" for "secure password" is outdated and doesn't take into account the current generation of password cracking software.
I'm pretty sure it's not a)--the password is pretty different, and I've never used it for anything before.
However, I'm not sure how to be positive it's really coming from my account. The emails say they're from my account with the actual account name, but there's no sent spam in my sent box, and when I look at gmail security the only log ins are from my exact location.
I'm not sure how to boot from a disk. If I change my password from a different computer would that do the same thing? I'm really dumb about computers.
I can check it for you if you get someone who's received the spam to forward me the full headers. (Gmail has instructions for many mail readers.)
Yes, changing your password on another computer would bypass a keylogger for that individual login, but the minute you logged in to your mail on your computer it would be compromised again (assuming your computer had a keylogger installed, I mean).
If you absolutely don't know how to boot from disk and none of the instructions you read help you, it's still worth doing the "run two separate virus scanners with up-to-date virus definitions" even if you do it from the potentially-compromised computer, but if you continue having problems with accounts being compromised, take it in to a local shop and have them do it for you.
Even if you had a keylogger, 2-factor authentication would help someone with a smart phone on gmail -- but I'm betting your address is being spoofed at this point.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
What's happening with those (from what I've seen and from examining the headers of the AOL spam I'm getting) seems to be breakins, cloning the address book, then sending the spam (to members of the address book) with the victim's AOL address forged, so it's not coming from the account itself. There is, sadly, nothing you can do to stop it once they've already broken in, and there's been a huge wave of breakins this month. (I suspect AOL mail was vulnerable to Heartbleed. Or some other massive security vulnerability.) Even closing the account won't stop the spam, since they're not actually using the account itself.
If it's not an AOL account, and the spam is definitely coming from your account (as determined by examining the full headers of the email), there's two possible explanations: either a) you're using a password that's too close to the password that got cracked (ie, the same pw with different numbers or whatever), or b) the computer you changed your password on has a keylogger recording your actions and sending them somewhere.
To rule out a): Change your password to something completely unique that you use nowhere else. For maximum uncrackability combined with maximum rememberability, use five or more plain English words, spaces included. (If the service requires capital letters and numbers/symbols, make it a sentence with punctuation.)* Turn on two-factor authentication if the service supports it.
To rule out b): Boot from a recovery disk and run at least two separate antivirus checkers running the most recent virus definitions. The boot-from-disk part is the most important part: most keyloggers these days contain code that will try to disable virus checkers. (It's an arms race as to whether or not they can, but boot-from-disk is the best chance of getting them.)
* The standard suggestion of "a meaningless keysmash of 8 or more letters/numbers/symbols" for "secure password" is outdated and doesn't take into account the current generation of password cracking software.
no subject
It's gmail.
I'm pretty sure it's not a)--the password is pretty different, and I've never used it for anything before.
However, I'm not sure how to be positive it's really coming from my account. The emails say they're from my account with the actual account name, but there's no sent spam in my sent box, and when I look at gmail security the only log ins are from my exact location.
I'm not sure how to boot from a disk. If I change my password from a different computer would that do the same thing? I'm really dumb about computers.
Thanks again for your help, so much.
no subject
I can check it for you if you get someone who's received the spam to forward me the full headers. (Gmail has instructions for many mail readers.)
Yes, changing your password on another computer would bypass a keylogger for that individual login, but the minute you logged in to your mail on your computer it would be compromised again (assuming your computer had a keylogger installed, I mean).
If you absolutely don't know how to boot from disk and none of the instructions you read help you, it's still worth doing the "run two separate virus scanners with up-to-date virus definitions" even if you do it from the potentially-compromised computer, but if you continue having problems with accounts being compromised, take it in to a local shop and have them do it for you.
no subject