General Question

CyanoticWasp's avatar

Email account hijacked -- Help!

Asked by CyanoticWasp (20032 points ) December 14th, 2009

This evening I’m hearing from nearly everyone in my address book, and not for a good reason. It seems that one of my email accounts (the primary one, unfortunately) has been somehow hijacked and used to send spam to ALL of my address book entries. I’ve read (just a little) about this in the past, so I understand that it is happening (and I see the damn evidence in the return mail that I’m getting!), but I have no idea what to do about it.

I’ve written to abuse@yahoo.com (it’s a Yahoo! mail account), and I’m starting a virus scan of the whole computer. What else can I do? It seems like the whole attack has happened within the past four or five hours. This is embarrassing and upsetting—but I just want to get it fixed.

Thanks

Observing members: 0 Composing members: 0

13 Answers

J0E's avatar

If only Harrison Ford were here!

Can you get into the account?

buckyboy28's avatar

This happened to me last month on AOL. Don’t sweat it.

Step 1: Change your password.

Step 2: Send out a bulk e-mail to your contact list explaining what happened, and to delete any message “you” may have sent between “Time A and Time B”.

therookie's avatar

Take deep breath, it will work out.
DO a virus scan and change your password.
You did right about contacting Yahoo.
Delte all spam and your inbox.
and send an mass email expliaing what has happen and tell them to delte it. and scan thier pc as well.
It will work out. Remember to change your password often.

ChocolateReigns's avatar

Oh no! My condolences. Change your password, and quick!! This kind of happened to me last year, and I didn’t know about it because I didn’t have an address book in that email address, so they didn’t do anything with the account except change the password just to make me unable to use the account. You’re lucky that you can still get into the account. I say it again: change the password!!! Quick, before you lose the account!

Hawaii_Jake's avatar

The same thing happened to me, and it also happened to be a Yahoo account. You may have what’s called a trojan horse type of virus. I did, and my anti-virus software did not detect it.

Never fear. There is free software available to fix the problem. Go to malwarebytes.com and download their anti-malware. I did it and it found some infected files and fixed them.

I also changed my password on my account.

Good luck.

therookie's avatar

also you will want to delete all cookies amd temp files as well.
go to internet options under tools and delete your cookies and temp files.
better safe than sorrry.

LocoLuke's avatar

This exact same thing happened to me a couple weeks ago! For me, it only sent out one email to everyone in my address book though. The odd thing is that I haven’t used that particular email in over four years, and I’ve had this computer for about 2…

jaytkay's avatar

No single program catches everything.

If it’s Windows, I would run Microsoft Security Essentials or AVG or Avira.

Plus Malwarebytes

Daisygirl's avatar

I would try spybot S&D or malewarebytes like jaytkay said. We have been hacked a few times and each time the programs mentioned caught them. Remeber tho, it’s one or the other, something about the 2 programs clash and slow the computer down. Good luck :)

HasntBeen's avatar

It’s not necessarily true that there was a security breach. Many of these spambot attacks are spoofed by scraping ‘broadcast’ emails that you have sent in the past. That is—if you send a cartoon to 50 people, and use the CC: field to do it, a single copy of that message is all that a spambot needs to impersonate you and send to that same group.

This is why you should always use the BCC: field when sending in bulk, so that if one of those messages falls into the wrong hands (i.e. after being forwarded 20 times) it can’t be abused like this.

Daisygirl's avatar

@HasntBeen : thanks for the info! I never knew what all that was for, I figured it was for businesses. I’ll probably start using it.

CyanoticWasp's avatar

Of all the good advice I received—and it was all very welcome—@hawaii_jake had the best response (to suit my case). Malwarebytes did find the trojan horse virus that I was infected with (AVG anti-virus had not found it) and cleared it. The download was free, I ran the scan from the defaults, and three hours later (while I slept) the infected files were flagged and noted, for my selection and removal this morning.

Sending that bulk email notification to my list of contacts was fairly problematic. I had 550 addresses in my address book, most of which I never actually use any more. I had more “undeliverable mail” errors than I could shake a stick at—which also made the process of mailing them out to be a chore. (I’m surprised that my address book didn’t kill the spam mailer.)

And since I always use the bcc: address for the few bulk mails I do send out, that advice (as good as it is) was superfluous to me. But that is excellent advice. I cringe whenever I get a bulk mail from a friend with my name in plain sight.

But this has given me some very good ideas to apply to my own system:

1. Put bunches of “known bogus” email addresses at the top of the address book and at various other points, too. Anyone who attempts to send mail to the entire list will hit a wall of errors to start with, and that will at least slow them down. (I’m sure the spambots overcome this with relative ease, but those errors have to at least slow them down.)

2. Sprinkle some fake “contacts” containing your own email address in your address book. (As it happened, when I got to work this morning I did find where I had spammed my office address from home, because I often send mail as a simple reminder from home to work and vice versa.) If I had my normal “at home” contact information stored under “Joe Blow”, then I would have known about this as soon as it happened—as soon as the spam was sent to “Joe Blow”—since I was apparently online as it was happening.

Thanks again to all who responded. Yeah, it wasn’t as serious as a fire or flood, but it made me feel for a short while the way I did when my car was burgled in my driveway—a shock to the system.

kaledia's avatar

Im operating from a Mac. And i’ve got it as well.

Answer this question

Login

or

Join

to answer.

This question is in the General Section. Responses must be helpful and on-topic.

Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
or
Knowledge Networking @ Fluther