Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


GEOMAX

450 posts

Ultimate Geek


#141036 27-Feb-2014 17:54
Send private message

I have changed my email password 3 times in 3 days and still get emails with both the from and to addresses being mine. My email is accessed from both Telecom and 2degrees via Nokia mail. Is there anything I can do to route my mail differently. Both phones are Nokia. I have to try something.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
freitasm
BDFL - Memuneh
74191 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #995690 27-Feb-2014 17:57
Send private message

Are these emails coming out of your account? Can you see sometihng in the SENT folder and more importantly, if you look at email headers do they show coming out of your email servers?

If not, then it's just someone spoofing your email address, not necessarily hijacking your account.




Support Geekzone by subscribing, making a donation. or using one of our referral links: Sharesies | Goodsync  | Mighty Ape | Backblaze | Norton 360 | Lenovo laptops 

 

freitasm on Keybase | My technology disclosure

 

 

 

 

 

 


Affiliate link
 
 
 

Affiliate link: Trade NZ and US shares and funds with Sharesies.
GEOMAX

450 posts

Ultimate Geek


  #995697 27-Feb-2014 18:09
Send private message

nothing in phone or fixed sent boxes. the headers show this .

Received: from 127.0.0.1  (EHLO 190.253.0.123) (190.253.0.123)
  by mta1005.tnz.mail.aue.yahoo.com with SMTP; Thu, 27 Feb 2014 04:19:19 +0000
Message-ID: <5DC7A8D50232BA7FE58AF72010985DC7@V857034BN>

I can include it all from one if you want more.

Stu

Stu
Hammered
6647 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #995710 27-Feb-2014 18:25
Send private message

As above, it seems more like spoofing than account hijack. I gather this is an @xtra.co.nz address? Nothing you can do about it because spoofing doesn't have anything to do with your actual account.

It's kinda like posting a letter but putting someone else's address as the senders address. No one has taken over the senders house, just purporting it was sent from there.



GEOMAX

450 posts

Ultimate Geek


  #995713 27-Feb-2014 18:31
Send private message

it is an @xtra address. I have 3 in the account. All have been used for SPAM .One  I have  not used for at least 12months. This is why I think it is the account that has been hijacked. The looking at Nokia etc was just clutching at straws.

freitasm
BDFL - Memuneh
74191 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #995714 27-Feb-2014 18:33
Send private message

It's not necessarily hijacking. The latest round seems to be just spoofing, using emails collected in previous rounds.

If you can post all the headers that would help a bit.




Support Geekzone by subscribing, making a donation. or using one of our referral links: Sharesies | Goodsync  | Mighty Ape | Backblaze | Norton 360 | Lenovo laptops 

 

freitasm on Keybase | My technology disclosure

 

 

 

 

 

 


GEOMAX

450 posts

Ultimate Geek


  #995726 27-Feb-2014 18:48
Send private message


here is all of one.



From ********@xtra.co.nz Wed Feb 26 15:06:16 2014
 aXJpbmcgcHJvY2VzcyBhbmQgZ2l2ZSB5b3UgYSBicmllZiBzeW5vcHNpcyBvZiB0aGUgcG9zaXRpb24n
 cyBiZW5lZml0cyBhbmQgcmVxdWlyZW1lbnRzLiBJZiB5b3UgYXJlIHRha2luZyBhIGNhcmVlciBicmVh
 aywgYXJlIG9uIGEgbWF0ZXJuaXR5IGxlYXZlLCByZWNlbnRseSByZXRpcmVkIG9yIHNpbXBseSBsb29r
 aW5nIGZvciBzb21lIHBhcnQtdGltZQEwAQEBAQ--
X-Apparently-To: ********@xtra.co.nz via 72.30.239.84; Thu, 27 Feb 2014 04:19:20 +0000
Return-Path: <********@xtra.co.nz>
X-YahooFilteredBulk: 190.253.0.123
Received-SPF: none (domain of xtra.co.nz does not designate permitted sender hosts)
X-YMailISG: 6SA.ICkWLDuahTPVBUNAv.X9.522m_T5zCEpXW9NyVsOfafJ
 ppfoI7dvkD9HXw.BvoPDpQZwqMDISAE_..OyZZQU9yVDTzhf4tBxonYf0izg
 tRXhpyvbnj5.yvj.vBGNHF.nZ2n7EaR38eDEDbLuMjExlWNtYjkm1gbiL6xO
 1MyQY_0DgtfNluUZDwAEa0Mdu5dSVKpsXV1AgHzHPwV3qwryG23SxO1m0iDQ
 0zRlSO2xFLEJJ7xmO6LPnpT.cdsa0Hk.vmrQAHasuneoJzMQr89SG79Y_zZn
 vXK4eSxc6PSynu4ykiuyPUCtoEq7HxtkemFb.tw1zHpZfX4dBC4rKIkpQudY
 ngokDG2Isy86TT4i2H_ogzmf6SnK4v0PwQiayEKjaspJF.q8uFtV3JqPKH2h
 RlkluDmpVCOIomS4ji52QMbb.xQO3Gqt6xFqeY.N4dwon6DDbNGQmoJLQPV2
 Pe.SiABMIri9Qgp6XW6bR0IOWlG98gwUhY1NKd9GambYE8i2le.ceV_fCmif
 P_hvRFbbXt7Lkc0MGrKyZaq3gQxoJpV9Y6wiopi2aNBpQSFbGMbKPSQJ7NJz
 OB7ycczzZDfUyIXKuYBdMr2qSWTqL6MBz5CC3CT9bfA4mkV8Q3PZMsTT2YTo
 soMmj8cbk2o_7hRweGA63NskrUBGyLiruyDkKgTS1GJxbAci.HZ6_EPYNs7n
 zV.YPOumFrdpO8TWAbykATY3F_cI65xcNU3bmYwdFDeXAprIBbhfqdNPOlRk
 sUZ_EgauX8LBjJ6y0r1.4LB.vQN5XhV1HNLs85AgfuM.4dQ6ooWAM_uhkIoi
 06i7JXjNwQIR3JG8akW2qgA9QMvmL5S3308IN8Na8zm8bxTrDyt7maYnVTHt
 4WcRhiXMYN9dnRooGtjthwZLxbRkMO8bn0kA8eZNQ5Y16XF871yHtWNOFS5F
 gzfvmH2iniWirjODAZRu1eqlSev59GNudYvmsjc6E6aTwz0B7npmQ1NR.lOg
 KBhGtyBas9oiPBAH6rpxeg9ZIRXgHC.O5ovRjZzV3cG1EHejAnNPnt9spULP
 rXxAfobRxZR3PpxB1z2Cq25dySvWcam0Z3VPRRezkH4RgGY0s_Gkp8V3QQlt
 51Jkm5yW2w8jctwriTcwZq1m5qInlOKe9WyWxAtyObICM3wqUc.ESIqrxdpB
 h_UZ7scXzZK4dxIx1nDkMThzjcWyTKfo2htLI0CkVVIRBycs_Q--
X-Originating-IP: [190.253.0.123]
Authentication-Results: mta1005.tnz.mail.aue.yahoo.com  from=xtra.co.nz; domainkeys=neutral (no sig);  from=xtra.co.nz; dkim=neutral (no sig)
Received: from 127.0.0.1  (EHLO 190.253.0.123) (190.253.0.123)
  by mta1005.tnz.mail.aue.yahoo.com with SMTP; Thu, 27 Feb 2014 04:19:19 +0000
Message-ID: <5DC7A8D50232BA7FE58AF72010985DC7@V857034BN>
From: <********@xtra.co.nz>
To: <********@xtra.co.nz>
Subject: Vacancy - apply online
Date: 26 Feb 2014 17:06:16 -0600
MIME-Version: 1.0
Content-Type: text/plain;
 charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994
Content-Length: 872

GEOMAX

450 posts

Ultimate Geek


  #995747 27-Feb-2014 19:26
Send private message

I have 10 more going back to noon yesterday (Wednesday) if you need anymore.



mattwnz
18772 posts

Uber Geek


  #995748 27-Feb-2014 19:27
Send private message

Looks like it is being sent from the IP, 190.253.0.123, is that a yahoo IP?

freitasm
BDFL - Memuneh
74191 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #995750 27-Feb-2014 19:34
Send private message

It's a Colombian IP address. I'd say it's just spoofing the address, not accessing the mailbox.




Support Geekzone by subscribing, making a donation. or using one of our referral links: Sharesies | Goodsync  | Mighty Ape | Backblaze | Norton 360 | Lenovo laptops 

 

freitasm on Keybase | My technology disclosure

 

 

 

 

 

 


cyril7
8766 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #995751 27-Feb-2014 19:36
Send private message

I have a bunch of customers with personal accounts that now impact on their commercial emails in the same boat, there are literally thousands of emails each day that our filters are now blocking.

These are all spoofed from somewhere that is not here. As I see it there is now nothing you can do, as mentioned once before, Yahoo and their national lead outlet (Xtra) should be charged for public nuisance for this whole sad mess.

Cyril

GEOMAX

450 posts

Ultimate Geek


  #995756 27-Feb-2014 19:59
Send private message

freitasm: It's a Colombian IP address. I'd say it's just spoofing the address, not accessing the mailbox.


addresses not address. 3 email addresses in my account just happen to be selected and spoofed at the same time?
Possible but highly unlikely.

freitasm
BDFL - Memuneh
74191 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #995760 27-Feb-2014 20:04
Send private message

Sure can happen. Spammers send millions of emails every day and there was a series of Yahoo!Xtra addresses used in the last few months.




Support Geekzone by subscribing, making a donation. or using one of our referral links: Sharesies | Goodsync  | Mighty Ape | Backblaze | Norton 360 | Lenovo laptops 

 

freitasm on Keybase | My technology disclosure

 

 

 

 

 

 


qraider
374 posts

Ultimate Geek


  #996280 28-Feb-2014 12:13
Send private message

GEOMAX:
freitasm: It's a Colombian IP address. I'd say it's just spoofing the address, not accessing the mailbox.


addresses not address. 3 email addresses in my account just happen to be selected and spoofed at the same time?
Possible but highly unlikely.


You can check to see access to your account via: https://api.login.yahoo.com/login/history/

That will show you Recent Login Activity - Your most recent activity includes any times that you signed into Yahoo! by entering your Yahoo! ID and password (not limited to Mail).




Current Phone:
- Android: Samsung SM-G900F Galaxy S5 (XT)
- Win Phone 8: Samsung ATIV S (XT)

Current Tablet:

 

- Acer Iconia 7" Android Tablet

 

Twitter: qraider


kenkeniff
628 posts

Ultimate Geek


  #996300 28-Feb-2014 12:29
Send private message

+1 that you're email accounts probably havn't been "hacked" but probably scrapped from another person's account that has been hacked, downloaded from a hacked database (inc. Yahoo/Xtra) or simply brute forced (guessed) and as others have said is now being used to spoof messages.

I'd recommend changing to another email provider (I.e Gmail) that actually employs Email Authentication (DKIM & SPF) to reduce the ability of 'hackers' to forge your mail.

See: http://en.m.wikipedia.org/wiki/E-mail_authentication

1101
3054 posts

Uber Geek


  #996421 28-Feb-2014 14:29
Send private message

GEOMAX:
freitasm: It's a Colombian IP address. I'd say it's just spoofing the address, not accessing the mailbox.


addresses not address. 3 email addresses in my account just happen to be selected and spoofed at the same time?
Possible but highly unlikely.


Possible & VERY likely.
It happens all the time.

It wont be JUST your 3 email adresses, it will be a huge number of xtra email spoofed at the same time. Your email adresses are just part of the  spammers list of emails adresses to use.

Its also common with email adresses NOT associated with xtra/yahoo . Its a scam thats been around a long time.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

OPPO Launches ColorOS 13 Global Version
Posted 19-Aug-2022 11:30


GoTo Launches IT Helpdesk Functionality Within GoTo Connect
Posted 18-Aug-2022 16:55


HP on Track With Recycling Program
Posted 18-Aug-2022 16:51


Belkin Screenforce Tempered Glass Screen Protector and Bumper - Apple Watch
Posted 15-Aug-2022 17:20


Samsung Introducing Galaxy Z Flip4 and Galaxy Z Fold4
Posted 11-Aug-2022 01:00


Samsung Unveils Health Innovations with Galaxy Watch5 and Galaxy Watch5 Pro
Posted 11-Aug-2022 01:00


Google Bringing First Cloud Region to Aotearoa New Zealand
Posted 10-Aug-2022 08:51


ANZ To Move to FIS Modern Banking Platform
Posted 10-Aug-2022 08:28


GoPro Hero10 Black Review
Posted 8-Aug-2022 17:41


Amazon to Acquire iRobot
Posted 6-Aug-2022 11:41


Samsung x LIFE Picture Collection Brings Iconic Moments in History to The Frame
Posted 4-Aug-2022 17:04


Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media
Posted 4-Aug-2022 16:50


Microsoft Announces New Solutions for Threat Intelligence and Attack Surface Management
Posted 3-Aug-2022 21:54


Seagate Addresses Hyperscale Workloads with Enterprise-Class Nytro SSDs
Posted 3-Aug-2022 21:50


Visa Launching Eco-friendly Payment Solutions in New Zealand
Posted 3-Aug-2022 21:48









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







Backblaze unlimited backup