Erv Niehouse keeps getting an email with a link that is supposedly from me. It's not. When I right click on my name (as the sender), I get harry.gether@t-online.de.
Since the time before this, I have changed all my passwords. SGF, Facebook, Gmail, Yahoo, ATT Mail, Google, Microsoft, Apple, pretty much everyone.
He seems to be the only one I know who gets the email. Is there any way to see if I got hacked or if he got hacked?
Email Mystery - Possible Hack
Moderator: Wiz Feinberg
- Richard Sinkler
- Posts: 17067
- Joined: 15 Aug 1998 12:01 am
- Location: aka: Rusty Strings -- Missoula, Montana
Email Mystery - Possible Hack
Carter D10 8p/8k, Dekley S10 3p/4k C6 setup,Regal RD40 Dobro, NV400, NV112 . Playing for 53 years and still counting.
- Wiz Feinberg
- Posts: 6091
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
- Contact:
The link goes to a fat burning scam page on a compromised website. I see these all the time. They come from the Necurs Botnet.
As for how the spammers captured your name to use in the From field, it's done by harvesting email addresses on compromised computers. People get infected with Trojans. Some of the Trojans drop a spam bot component that scans for user names and email addresses and sends this information home to the bot controller. They compose a list of names and email accounts to send spam to/from, then rent time on a spam botnet.
You can change your passwords on all email accounts and set up 2FA with a smart phone if it is available. That would warn you if somebody else logs into your email server with an unrecognized device or IP address.
As in the former cases of the Nigerian 419 scammers who plagued our forum in the mid-2000s, you are welcome to "forward as attachment" a sample of a scam email. Contact me by PM to arrange this. In the meantime, read my old blog article that explains how display the originating email headers for reporting. It contains a section about forwarding as an attachment and explains why this is necessary. The article is old, but the information is valid.
As for how the spammers captured your name to use in the From field, it's done by harvesting email addresses on compromised computers. People get infected with Trojans. Some of the Trojans drop a spam bot component that scans for user names and email addresses and sends this information home to the bot controller. They compose a list of names and email accounts to send spam to/from, then rent time on a spam botnet.
You can change your passwords on all email accounts and set up 2FA with a smart phone if it is available. That would warn you if somebody else logs into your email server with an unrecognized device or IP address.
As in the former cases of the Nigerian 419 scammers who plagued our forum in the mid-2000s, you are welcome to "forward as attachment" a sample of a scam email. Contact me by PM to arrange this. In the meantime, read my old blog article that explains how display the originating email headers for reporting. It contains a section about forwarding as an attachment and explains why this is necessary. The article is old, but the information is valid.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Come to think of it, I get way fewer emails these days from purported "Barristers" telling me that I have inherited the sum of "Twenty Million US Dollars" and I just need to provide my banking information for them to transfer the funds to me.Wiz Feinberg wrote:...As in the former cases of the Nigerian 419 scammers who plagued our forum in the mid-2000s...
How come?
- Richard Sinkler
- Posts: 17067
- Joined: 15 Aug 1998 12:01 am
- Location: aka: Rusty Strings -- Missoula, Montana
- Richard Sinkler
- Posts: 17067
- Joined: 15 Aug 1998 12:01 am
- Location: aka: Rusty Strings -- Missoula, Montana
Heck, for you I'll even give all of the numbers in my social security number. Or I might send you my actual social security card.Jim Cohen wrote:Sure thing Richard. Just PM me your bank account number, password and last 4 of your social security and I'll take care of the rest.
Carter D10 8p/8k, Dekley S10 3p/4k C6 setup,Regal RD40 Dobro, NV400, NV112 . Playing for 53 years and still counting.