Email Mystery - Possible Hack

Richard Sinkler · Post by **Richard Sinkler** » 26 Jul 2018 7:05 am

Erv Niehouse keeps getting an email with a link that is supposedly from me. It's not. When I right click on my name (as the sender), I get harry.gether@t-online.de.

Since the time before this, I have changed all my passwords. SGF, Facebook, Gmail, Yahoo, ATT Mail, Google, Microsoft, Apple, pretty much everyone.

He seems to be the only one I know who gets the email. Is there any way to see if I got hacked or if he got hacked?

Wiz Feinberg · Post by **Wiz Feinberg** » 26 Jul 2018 8:14 am

The link goes to a fat burning scam page on a compromised website. I see these all the time. They come from the Necurs Botnet.

As for how the spammers captured your name to use in the From field, it's done by harvesting email addresses on compromised computers. People get infected with Trojans. Some of the Trojans drop a spam bot component that scans for user names and email addresses and sends this information home to the bot controller. They compose a list of names and email accounts to send spam to/from, then rent time on a spam botnet.

You can change your passwords on all email accounts and set up 2FA with a smart phone if it is available. That would warn you if somebody else logs into your email server with an unrecognized device or IP address.

As in the former cases of the Nigerian 419 scammers who plagued our forum in the mid-2000s, you are welcome to "forward as attachment" a sample of a scam email. Contact me by PM to arrange this. In the meantime, read my old blog article that explains how display the originating email headers for reporting. It contains a section about forwarding as an attachment and explains why this is necessary. The article is old, but the information is valid.

Jim Cohen · Post by **Jim Cohen** » 26 Jul 2018 8:23 am

Wiz Feinberg wrote:...As in the former cases of the Nigerian 419 scammers who plagued our forum in the mid-2000s...

Come to think of it, I get way fewer emails these days from purported "Barristers" telling me that I have inherited the sum of "Twenty Million US Dollars" and I just need to provide my banking information for them to transfer the funds to me.

How come?

Richard Sinkler · Post by **Richard Sinkler** » 26 Jul 2018 10:36 am

Heck Jim. Send me 20 million through PayPal, and I won't need you banking info. 20 mil will set me up for life and I won't have to steal more from you.

Jim Cohen · Post by **Jim Cohen** » 26 Jul 2018 10:51 am

Sure thing Richard. Just PM me your bank account number, password and last 4 of your social security and I'll take care of the rest.

Richard Sinkler · Post by **Richard Sinkler** » 26 Jul 2018 11:33 am

Jim Cohen wrote:Sure thing Richard. Just PM me your bank account number, password and last 4 of your social security and I'll take care of the rest.

Heck, for you I'll even give all of the numbers in my social security number. Or I might send you my actual social security card.

Jim Cohen · Post by **Jim Cohen** » 26 Jul 2018 11:40 am

Richard Sinkler wrote:Heck, for you I'll even give all of the numbers in my social security number. Or I might send you my actual social security card.

Don't bother, I was just kidding. I already have all that. It came in one of the data packs I purchased a few months ago...