Email address and password hacked - need advise

[Sheryl]

I got an email today sent from my own email address as follows:

 

" Hello!
I'm a member of an international hacker group.

As you could probably have guessed, your account XXXX .com was hacked, I sent message you from it.

Now I have access to you accounts! You still do not believe it?
So, this is your password: XXXX , right?"

 

It goes on to demand a ransom and claim it has dumps of online porn sites I've visited, that part must be a boilerplate wording as I have never visited an internet porn site, so much for the blackmail aspect. But naturally I am concerned to figure out what happened and its implications.

 

What is odd is that the password they reference  is NOT the password to my email account. It is, however, a password I use on a number of websites and also the administrative password to my computer, which is a Mac.

 

I am trying to figure out if they actually hacked into my computer, which I think is supposed to be hard to do on a Mac and I don't see any other signs of (no settings changed etc) or if they just lifted my email and password from some online site.  I have a Linkedin account that was using the email and password they mention and I think there was a breach on LinkedIn about a year ago so maybe that was the source. What puzzles me is, if they got password and email addy from a compromised web site, how are they able to send emails from my account without remote access to my computer? Is there a way to do that?

 

I'm not seeing any unusual credit card charges anywhere which I would expect to see if they had gotten credit card details so probably not lifted from something that entailed a financial transaction.

 

Obviously I have changed passwords and am in the process of getting a different email account. Anything else I should do?

 

 

 

 

[champers]

Call the police and check your insurance policy, if you have one. Even if the police do not act, an insurer would want to know they were contacted.

[JaiMaai]

The first thing to do would be to change (or at least try to) change the password on the email account concerned. After that, change the passwords on any other accounts linked to that email.

 

Then monitor your accounts for any other suspicious activity.

[Sheryl]

Insurance policy for what exactly?

 

And is there really any expectation Thai police will do something?

 

From the message headers this seems to have come from Viet Nam.

 

I neglected to mention, I did a malware scan which showed nothing, critical area BotDefender scan showed nothing. I now have a deep biutDefender scan running (Bit Defender for Mac) and thus far it has identified  Torjan.agent.cyvo.

[lopburi3]

Spoofing your email address is easy and seems to be all that he currently has (and access to your old password).  If he had access to your email he would have posted a quote to prove it.  Suspect he got your old password and trying to make something from it as he can not use it online.

https://lifehacker.com/how-spammers-spoof-your-email-address-and-how-to-prote-1579478914

[kkerry]

Sheryl, paste the first fifteen words of that e-mail in to Google...  also check the headers of the e-mail you received... probably not really sent from yours.

[Sheryl]

Put it into Google. A number of other people reporting same thing, various websites blamed but none that I ever use.  Others also report the password referenced not being their email password so I think the email itself was not hacked but rather spoofed.

 

Headers are how I know it came from Viet Nam. The last header listing is:

 

Received: from [171.234.229.146] (HELO [171.234.229.146])
  by <my email provider>(CommuniGate Pro SMTP 6.1.18)
  with ESMTPS id 115150489 for (my email addy) ; Tue, 25 Sep 2018 21:48:36 +0700
From: <(my email addy)>
To: "(password, but not the password of the email account)" <my email addy>
 

 

The ISP in bold above resolves to VN

[holy cow cm]

If you changed the password and your personal info a little bit then you would be fine. Just don't click on any links. They are probably using your server as a gateway. 

[BigT73]

This is a old trick, they are going on the assumption most people use 1 password for all online and email accts as its easier to remember.   So somewhere where you have logged in they have spoofed a fake address to get this info. Yahoo and hotmail offer a second free email acct called alias email accounts which you can use when signing up  for online activaties forums etc and just use your real email for close friends and banking.

[Rc2702]

Coincidence this happened after publishing request for advice on large sums of money?

 

 

[Esso49]

Immediately advise the appropriate authorities in your own country.   As it is a MAC computer then be on the safe side and just burn it after smashing it to pieces, its only a nerdy gimmick anyway. ????   Post pictures on your Facebook page ( guess you have one) of it burning and then destroy your iphone too in a similar manner ( guess you have one of those to).  You are fully aware of all the serious MAC IOS systems hacks taken place in the last 2 year I hope ? ????

 

But seriously take the precaution already advised by other posters and are you sure when you said you got an email from your own email address it really was so and not a fake. Did you try and track the email source ?

 

[NanLaew]

I had a similar sort of email experience about 6 months ago where some fellow workers and peers said they were getting spam/spoof emails that appeared to come from my email address. In this instance, the source was in Japan. Knowing I run a pretty tight internet security regimen, I did actually take the time to reset a whole bunch of email and website passwords that had been unchanged for far too long, deleted surplus email accounts from my ISP and similarly deleted the email addresses held on file by various websites. I was surprised to see that LinkedIn had 4 email addressees 'open' for me so trimmed that back to the one, generic, disposable 'junk repository' email address.

 

Pretty sure that the OP has just seen an email spoof in the wild and nothing to worry about. However, if anyone has been putting off cleaning up their miscellaneous internet accounts and web presence or haven't changed paswords recently, take some time to do it now.

[OneMoreFarang]

It's a known scam. Not long ago there was a similar thread in TV.

- It's easy to send you an email which seems to come from your email address - it doesn't mean anything.

- It's also easy to send you a mail from [email protected] or something similar, be careful.

- Obviously you should change passwords. Make sure you do this on a 100% virus free computer.
The last thing you want is doing that on a computer which has maybe a keylogger and your old and new passwords are all send to the hacker!

- And I guess you know this already: Never use the same password on multiple websites. And it's a good idea to change them from time to time.

[Sheryl]

37 minutes ago, Rc2702 said:

Coincidence this happened after publishing request for advice on large sums of money?

 

 

I think so.

 

Neither the email nor password in question linked to my TV account.

 

 

[Sheryl]

30 minutes ago, Esso49 said:

 

...But seriously take the precaution already advised by other posters and are you sure when you said you got an email from your own email address it really was so and not a fake. Did you try and track the email source ?

 

Yes, please see my prior post. Sent from someone in VN spoofing my email addy.

[DanaDeLuxe]

I think you are right, Sheryl, it's a spoof and I would take it as a wake up call. Time to renew all the passwording on open services. I use a password saver (part of my Avast payed account), creating strong passwords and saving them encrypted.

 

It's good that you are on a Mac as they are harder to hack.

Good luck to get back to normal quickly!

[blackhorse]

The best thing to do is transfer all your passwords to your antivirus vault. I use Avast paid version and with one click of a button it transferred years of saved passwords from my browser where hackers can see them into its password vault where they couldn't. Everything works the same but now there is a yellow key next to my passwords. Also you can use there own encrypted passwords if you want...totally bullet proof

 

You should also check your AV if it has a full security check (not av scan) to locate all the weak spots on your PC. Your router is another easy access to hackers and your AV should advise if you need to change anything there as well

[kkerry]

If your e-mail supports it, read up on 2 Factor Authentication. It makes it much harder for anyone to sign-in to your account, especially if you travel and use different computers, internet cafes etc. Gmail are one provider you can do this with.

[Sheryl]

1 hour ago, OneMoreFarang said:

It's a known scam. Not long ago there was a similar thread in TV.

- It's easy to send you an email which seems to come from your email address - it doesn't mean anything.

- It's also easy to send you a mail from [email protected] or something similar, be careful...

 

Yes, I get fake emails from my email provider all the time (says something about their security I suppose). This is the first time I got one fake from myself but what unnerved me was not so much that someone had my email but that they  also had a password I have used on a number of websites and which is (was) the admin password for my computer. I am now in the laborious process of changing passwords on multiple sites.

 

Also in the lengthy process of updating my contacts list (which is humungous and has people I don't even remember) prior to sounding out a mass notification of new email address, I'm switching to proton.

 

 

[Rc2702]

Just now, Sheryl said:

Yes, I get fake emails from my email provider all the time (says something about their security I suppose). This is the first time I got one fake from myself but what unnerved me was not so much that someone had my email but that they  also had a password I have used on a number of websites and which is (was) the admin password for my computer. I am now in the laborious process of changing passwords on multiple sites.

 

Also in the lengthy process of updating my contacts list (which is humungous and has people I don't even remember) prior to sounding out a mass notification of new email address, I'm switching to proton.

 

 

I'd be very concerned about that situation it would keep me up at night.

 

I'd probably sacrifice the computer for peace of mind and start over.

 

 

[smileydude]

Thanks for sharing Sheryl.  I am not IT savvy so I'd be pretty freaked out if it happened to me but we have a lot of knowledgeable hackers...I mean people on here!

[observer90210]

I would humbly suggest to also check the access of your router at home if you have wifi,  and call a proper specialist to re-secure the access.

 

Check also with your internet provider and see if they have heard of any such issues ?

[chrisinth]

58 minutes ago, Sheryl said:

Yes, I get fake emails from my email provider all the time (says something about their security I suppose). This is the first time I got one fake from myself but what unnerved me was not so much that someone had my email but that they  also had a password I have used on a number of websites and which is (was) the admin password for my computer. I am now in the laborious process of changing passwords on multiple sites.

 

Also in the lengthy process of updating my contacts list (which is humungous and has people I don't even remember) prior to sounding out a mass notification of new email address, I'm switching to proton.

 

 

Sheryl, the 'hacker' has said he sent from your email address. Just to rule it out, have you checked your sent items? Even if he deleted after sending, they would have to delete again from the trash, I don't think that is likely.........................

[Sheryl]

It's not in sent folder nor trash. Per prior post I think it's been established that this was a "spoofing" email, sent from someone in VN, and they got my email address and password from some website, don't know which but in any case means I have to stop using that password and change it on all sites where it is.  Also changed the computer admin password just in case but it doesn't look like they actually accessed my computer (a relief), rather  got the email addy and password from a  breach on some site or other.

[KneeDeep]

The time when some tried to spoof me, pretending that he was a friend, I strung him along for weeks. Telling him that I had sent money to different locations via Western Union etc. I sent him authentic looking Western Union tracking numbers, but I would leave certain numbers out for the sake of security.

Telling him that the numbers left out were the years his daughter was born. He spent ages trying all combinations in trying to collect the money. Then when he came back frustrated, I told him that because he didn't pick it up in time, it was returned to me.

So then I 'sent it out' via MoneyGram. Similar rigmarole.

In the end he was begging me to leave him alone. ????

 

[CharlieH]

I have had exactly the same email everyday for the last month. Actually arrived in gmail spam folder, I just ignored it and changed the password.

 

Phishing emails, they have somehow got the info from somewhere obviously, but I just ignore the emails and nothing bad has happened (so far). ????

[jollyhangmon]

 

... keep those useless b'stards busy:

 

https://tech.thaivisa.com/next-time-sent-scam-email-forward-address/25579/

 

=> sneak peek: 

 

At last!: Company creates a chat bot to give email scammers a taste of their own medicine

Something that will bring a smile to many people’s faces is an artificially intelligent bot that can bombard email scammers with a never-ending stream of questions.

 

...

 

[topt]

18 hours ago, Sheryl said:

nd they got my email address and password from some website, don't know which but in any case means I have to stop using that password and change it on all sites where it is.

Like CharlieH I had a number of these mails last month.

They have got hold of your email and password from a hack of a web site which could have happened any time in the last 5 years. I think mine came from a Linked In hack (apparently originally in 2012).

 

Just changing that password on the sites you have used it should be ok. It won't stop this kind of mail because once they have your email it will keep getting used.

 

One way to check if your email has been compromised is to go here - https://haveibeenpwned.com/

[Sheryl]

It lists me as having been pwned from 6 sites. 1 of this is apparently an amalgamation from numerous sites. 3 are sites I never went on. The other 2 are LinkedIn and Adobe.

 

 

Sent from my SM-J701F using Thailand Forum - Thaivisa mobile app

 

 

 

 

[Sheryl]

On 9/26/2018 at 4:47 PM, observer90210 said:

I would humbly suggest to also check the access of your router at home if you have wifi,  and call a proper specialist to re-secure the access.
 
Check also with your internet provider and see if they have heard of any such issues ?

My internet provider is ToT and they could care less to put it mildly.

How exactly do I go about checking the access of my router? (I do have wifi).

Sent from my SM-J701F using Thailand Forum - Thaivisa mobile app