Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




450 posts

Ultimate Geek


# 141036 27-Feb-2014 17:54
Send private message

I have changed my email password 3 times in 3 days and still get emails with both the from and to addresses being mine. My email is accessed from both Telecom and 2degrees via Nokia mail. Is there anything I can do to route my mail differently. Both phones are Nokia. I have to try something.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
BDFL - Memuneh
64195 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 995690 27-Feb-2014 17:57
Send private message

Are these emails coming out of your account? Can you see sometihng in the SENT folder and more importantly, if you look at email headers do they show coming out of your email servers?

If not, then it's just someone spoofing your email address, not necessarily hijacking your account.






450 posts

Ultimate Geek


  # 995697 27-Feb-2014 18:09
Send private message

nothing in phone or fixed sent boxes. the headers show this .

Received: from 127.0.0.1  (EHLO 190.253.0.123) (190.253.0.123)
  by mta1005.tnz.mail.aue.yahoo.com with SMTP; Thu, 27 Feb 2014 04:19:19 +0000
Message-ID: <5DC7A8D50232BA7FE58AF72010985DC7@V857034BN>

I can include it all from one if you want more.

 
 
 
 


Stu

Hammered
5273 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 995710 27-Feb-2014 18:25
Send private message

As above, it seems more like spoofing than account hijack. I gather this is an @xtra.co.nz address? Nothing you can do about it because spoofing doesn't have anything to do with your actual account.

It's kinda like posting a letter but putting someone else's address as the senders address. No one has taken over the senders house, just purporting it was sent from there.



450 posts

Ultimate Geek


  # 995713 27-Feb-2014 18:31
Send private message

it is an @xtra address. I have 3 in the account. All have been used for SPAM .One  I have  not used for at least 12months. This is why I think it is the account that has been hijacked. The looking at Nokia etc was just clutching at straws.

BDFL - Memuneh
64195 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 995714 27-Feb-2014 18:33
Send private message


450 posts

Ultimate Geek


  # 995726 27-Feb-2014 18:48
Send private message


here is all of one.



From ********@xtra.co.nz Wed Feb 26 15:06:16 2014
 aXJpbmcgcHJvY2VzcyBhbmQgZ2l2ZSB5b3UgYSBicmllZiBzeW5vcHNpcyBvZiB0aGUgcG9zaXRpb24n
 cyBiZW5lZml0cyBhbmQgcmVxdWlyZW1lbnRzLiBJZiB5b3UgYXJlIHRha2luZyBhIGNhcmVlciBicmVh
 aywgYXJlIG9uIGEgbWF0ZXJuaXR5IGxlYXZlLCByZWNlbnRseSByZXRpcmVkIG9yIHNpbXBseSBsb29r
 aW5nIGZvciBzb21lIHBhcnQtdGltZQEwAQEBAQ--
X-Apparently-To: ********@xtra.co.nz via 72.30.239.84; Thu, 27 Feb 2014 04:19:20 +0000
Return-Path: <********@xtra.co.nz>
X-YahooFilteredBulk: 190.253.0.123
Received-SPF: none (domain of xtra.co.nz does not designate permitted sender hosts)
X-YMailISG: 6SA.ICkWLDuahTPVBUNAv.X9.522m_T5zCEpXW9NyVsOfafJ
 ppfoI7dvkD9HXw.BvoPDpQZwqMDISAE_..OyZZQU9yVDTzhf4tBxonYf0izg
 tRXhpyvbnj5.yvj.vBGNHF.nZ2n7EaR38eDEDbLuMjExlWNtYjkm1gbiL6xO
 1MyQY_0DgtfNluUZDwAEa0Mdu5dSVKpsXV1AgHzHPwV3qwryG23SxO1m0iDQ
 0zRlSO2xFLEJJ7xmO6LPnpT.cdsa0Hk.vmrQAHasuneoJzMQr89SG79Y_zZn
 vXK4eSxc6PSynu4ykiuyPUCtoEq7HxtkemFb.tw1zHpZfX4dBC4rKIkpQudY
 ngokDG2Isy86TT4i2H_ogzmf6SnK4v0PwQiayEKjaspJF.q8uFtV3JqPKH2h
 RlkluDmpVCOIomS4ji52QMbb.xQO3Gqt6xFqeY.N4dwon6DDbNGQmoJLQPV2
 Pe.SiABMIri9Qgp6XW6bR0IOWlG98gwUhY1NKd9GambYE8i2le.ceV_fCmif
 P_hvRFbbXt7Lkc0MGrKyZaq3gQxoJpV9Y6wiopi2aNBpQSFbGMbKPSQJ7NJz
 OB7ycczzZDfUyIXKuYBdMr2qSWTqL6MBz5CC3CT9bfA4mkV8Q3PZMsTT2YTo
 soMmj8cbk2o_7hRweGA63NskrUBGyLiruyDkKgTS1GJxbAci.HZ6_EPYNs7n
 zV.YPOumFrdpO8TWAbykATY3F_cI65xcNU3bmYwdFDeXAprIBbhfqdNPOlRk
 sUZ_EgauX8LBjJ6y0r1.4LB.vQN5XhV1HNLs85AgfuM.4dQ6ooWAM_uhkIoi
 06i7JXjNwQIR3JG8akW2qgA9QMvmL5S3308IN8Na8zm8bxTrDyt7maYnVTHt
 4WcRhiXMYN9dnRooGtjthwZLxbRkMO8bn0kA8eZNQ5Y16XF871yHtWNOFS5F
 gzfvmH2iniWirjODAZRu1eqlSev59GNudYvmsjc6E6aTwz0B7npmQ1NR.lOg
 KBhGtyBas9oiPBAH6rpxeg9ZIRXgHC.O5ovRjZzV3cG1EHejAnNPnt9spULP
 rXxAfobRxZR3PpxB1z2Cq25dySvWcam0Z3VPRRezkH4RgGY0s_Gkp8V3QQlt
 51Jkm5yW2w8jctwriTcwZq1m5qInlOKe9WyWxAtyObICM3wqUc.ESIqrxdpB
 h_UZ7scXzZK4dxIx1nDkMThzjcWyTKfo2htLI0CkVVIRBycs_Q--
X-Originating-IP: [190.253.0.123]
Authentication-Results: mta1005.tnz.mail.aue.yahoo.com  from=xtra.co.nz; domainkeys=neutral (no sig);  from=xtra.co.nz; dkim=neutral (no sig)
Received: from 127.0.0.1  (EHLO 190.253.0.123) (190.253.0.123)
  by mta1005.tnz.mail.aue.yahoo.com with SMTP; Thu, 27 Feb 2014 04:19:19 +0000
Message-ID: <5DC7A8D50232BA7FE58AF72010985DC7@V857034BN>
From: <********@xtra.co.nz>
To: <********@xtra.co.nz>
Subject: Vacancy - apply online
Date: 26 Feb 2014 17:06:16 -0600
MIME-Version: 1.0
Content-Type: text/plain;
 charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994
Content-Length: 872



450 posts

Ultimate Geek


  # 995747 27-Feb-2014 19:26
Send private message

I have 10 more going back to noon yesterday (Wednesday) if you need anymore.

 
 
 
 


15018 posts

Uber Geek


  # 995748 27-Feb-2014 19:27
Send private message

Looks like it is being sent from the IP, 190.253.0.123, is that a yahoo IP?

6827 posts

Uber Geek

Trusted
Subscriber

  # 995751 27-Feb-2014 19:36
2 people support this post
Send private message

I have a bunch of customers with personal accounts that now impact on their commercial emails in the same boat, there are literally thousands of emails each day that our filters are now blocking.

These are all spoofed from somewhere that is not here. As I see it there is now nothing you can do, as mentioned once before, Yahoo and their national lead outlet (Xtra) should be charged for public nuisance for this whole sad mess.

Cyril



450 posts

Ultimate Geek


  # 995756 27-Feb-2014 19:59
Send private message

freitasm: It's a Colombian IP address. I'd say it's just spoofing the address, not accessing the mailbox.


addresses not address. 3 email addresses in my account just happen to be selected and spoofed at the same time?
Possible but highly unlikely.

BDFL - Memuneh
64195 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

374 posts

Ultimate Geek


  # 996280 28-Feb-2014 12:13
Send private message

GEOMAX:
freitasm: It's a Colombian IP address. I'd say it's just spoofing the address, not accessing the mailbox.


addresses not address. 3 email addresses in my account just happen to be selected and spoofed at the same time?
Possible but highly unlikely.


You can check to see access to your account via: https://api.login.yahoo.com/login/history/

That will show you Recent Login Activity - Your most recent activity includes any times that you signed into Yahoo! by entering your Yahoo! ID and password (not limited to Mail).




Current Phone:
- Android: Samsung SM-G900F Galaxy S5 (XT)
- Win Phone 8: Samsung ATIV S (XT)

Current Tablet:

 

- Acer Iconia 7" Android Tablet

 

Twitter: qraider


563 posts

Ultimate Geek


  # 996300 28-Feb-2014 12:29
Send private message

+1 that you're email accounts probably havn't been "hacked" but probably scrapped from another person's account that has been hacked, downloaded from a hacked database (inc. Yahoo/Xtra) or simply brute forced (guessed) and as others have said is now being used to spoof messages.

I'd recommend changing to another email provider (I.e Gmail) that actually employs Email Authentication (DKIM & SPF) to reduce the ability of 'hackers' to forge your mail.

See: http://en.m.wikipedia.org/wiki/E-mail_authentication





1823 posts

Uber Geek


  # 996421 28-Feb-2014 14:29
Send private message

GEOMAX:
freitasm: It's a Colombian IP address. I'd say it's just spoofing the address, not accessing the mailbox.


addresses not address. 3 email addresses in my account just happen to be selected and spoofed at the same time?
Possible but highly unlikely.


Possible & VERY likely.
It happens all the time.

It wont be JUST your 3 email adresses, it will be a huge number of xtra email spoofed at the same time. Your email adresses are just part of the  spammers list of emails adresses to use.

Its also common with email adresses NOT associated with xtra/yahoo . Its a scam thats been around a long time.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Kiwi workers still falling victim to old cyber tricks
Posted 12-Aug-2019 20:47


Lightning Lab GovTech launches 2019 programme
Posted 12-Aug-2019 20:41


Epson launches portable laser projector
Posted 12-Aug-2019 20:27


Huawei launches new distributed HarmonyOS
Posted 12-Aug-2019 20:20


Lenovo introduces single-socket servers for edge and data-intensive workloads
Posted 9-Aug-2019 21:26


The Document Foundation announces LibreOffice 6.3
Posted 9-Aug-2019 16:57


Symantec sell enterprise security assets for US$ 10.7 billion to Broadcom
Posted 9-Aug-2019 16:43


Artificial tongue can distinguish whisky and identify counterfeits
Posted 8-Aug-2019 20:20


Toyota and Preferred Networks to develop service robots
Posted 8-Aug-2019 20:11


Vodafone introduces new Vodafone TV device
Posted 7-Aug-2019 17:16


Intel announces next-generation Intel Xeon Scalable processors with up to 56 cores
Posted 7-Aug-2019 15:41


Nokia 2.2 released in New Zealand
Posted 5-Aug-2019 19:38


2degrees celebrating ten years
Posted 5-Aug-2019 05:00


Sure Petcare launches SureFeed microchip pet feeder
Posted 2-Aug-2019 17:00


Symantec Threat Intelligence: revival and rise of email extortion scams
Posted 2-Aug-2019 16:55



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.