My Yahoo Mail account being used to send spam

Bendihorse

My yahoo mail email address is beign used to send out spam, I only know this becasue I am in receipt of numerious emails selling viagra from my own address! How can this happen and is it possible to make it stop?

FSL

Because it has your email address in the from it does not mean it came from you.

Spammers can easily spoof the from address. If you look at the headers you will be able to check the path and see if it did originate from Yahoo or not.

Having said that I would change the password and scan your computer for malware, just to be sure.

jakedixon2004

Download this tool www.malwarebytes.org/mbam.php if you want to scan your machine for any keyloggers or RAT's.
I have been using it for quite a while and it always picks up the infection.

LoLth

as FSL says, if you receive a piece of spam from an address that seems likea real person, usually the only thing you can say with any degree of certainty is that it did not originate from that address.

there are a lot of viruses and malware that will infect a machine and then spam everyone in the contact list on that machine while pretending to be someone else from that same contact list.

Malware scan and AV check on your own machine (in safemode if possible) and THEN changing the password to the mail account are good steps but dont be overly concerned if you dont find anything. try to use two different scanners (Malwarebytes is very good as is SuperAntispyware - despite the cheesy name - and also Spybot S&D).

Dude111

This happend to a couple friends of mine w/yahoo email accounts...

CHANGE YOUR PASSWORD STRAIGHT AWAY!! (Somehow they are getting people's password)


Good luck!

Shane O' Malley

Dude111 wrote: »

This happend to a couple friends of mine w/yahoo email accounts...

CHANGE YOUR PASSWORD STRAIGHT AWAY!! (Somehow they are getting people's password)


Good luck!

Sorry Dude111. Nothing to do with stolen passwords.

Alot easier to just spoof the email address than break into someone's account. Also, nothing gained by breaking into someone else's account.

Dude111

Well after she changed her password the spam stopped!

Maybe some dont get into yor account BUT SOME DO!!

Shane O' Malley

Dude111 wrote: »

Well after she changed her password the spam stopped!

Maybe some dont get into yor account BUT SOME DO!!

Just a fluke. Spam often uses the trick of pretending to be the recipient as they can be fairly sure that your own email address is on the allowed list of your anti spam software.

If the email account had been compromised then it might be used to send spam to other people or may be used to try to gain access to paypal, ebay etc that are linked to that account. IE Get ebay to reset the password by sending the new one to the email account.

Spam is the least of your worries with a compromised email account.

If you use Gmail then you can look at the ip addresses that accessed your account over the last 30 days. Some other email providers provide the same service.

If the account was compromised then advice would be to change all other passwords.

Shane

NoseyMike2010

I'm having the same problem .... I have changed my address and they have started spamming again from my account. Arghhhhhhhhhhhhhhhhhhhhh its driving me nuts!

ocallagh

Shane O' Malley wrote: »

Sorry Dude111. Nothing to do with stolen passwords.

Alot easier to just spoof the email address than break into someone's account. Also, nothing gained by breaking into someone else's account.

My yahoo email account was hacked and hundreds of my friends/co-workers received spam from me until I switched the password.

My sent folder on mail.yahoo.com has a copy of all these spam items in it so the bot/hacker defo had full access to my actual account rather than spoof my address.

I had a 10 digit strong password too. I now have a 20 digit pass for all my webmail accounts. I would suggest others do the same too.

NoseyMike2010

Would a copy of AVAST clear the problem? Or any other software recommendations?

RangeR

NoseyMike2010 wrote: »

Would a copy of AVAST clear the problem? Or any other software recommendations?

Did you read any of the above. It's not a problem with your account. The email address is being spoofed. This has been going on since the 90's, probably earlier. It's one f the easiest things to do on computers, spoof peoples email address.

I could send you an email, and make it look like it came from you. It's not that difficult and generally nothing to worry about.

RangeR

ocallagh wrote: »

My yahoo email account was hacked and hundreds of my friends/co-workers received spam from me until I switched the password.

My sent folder on mail.yahoo.com has a copy of all these spam items in it so the bot/hacker defo had full access to my actual account rather than spoof my address.

I had a 10 digit strong password too. I now have a 20 digit pass for all my webmail accounts. I would suggest others do the same too.

That's a different issue to the OP. I'd call this a PSIFOC issue.

Shane O' Malley

ocallagh wrote: »

My yahoo email account was hacked and hundreds of my friends/co-workers received spam from me until I switched the password.

My sent folder on mail.yahoo.com has a copy of all these spam items in it so the bot/hacker defo had full access to my actual account rather than spoof my address.

I had a 10 digit strong password too. I now have a 20 digit pass for all my webmail accounts. I would suggest others do the same too.

That's different. That is where they are using your own address book.

The previous example was where someone was receiving spam from their own email address.

Shane O' Malley

ocallagh wrote: »

My yahoo email account was hacked and hundreds of my friends/co-workers received spam from me until I switched the password.

My sent folder on mail.yahoo.com has a copy of all these spam items in it so the bot/hacker defo had full access to my actual account rather than spoof my address.

I had a 10 digit strong password too. I now have a 20 digit pass for all my webmail accounts. I would suggest others do the same too.

Also, it is unlikely the password was just guessed. More likely you accessed your account from a compromised computer. IE One with some spyware on it.

Having a better password will not help if you still have spyware.

NoseyMike2010

RangeR wrote: »

Did you read any of the above. It's not a problem with your account. The email address is being spoofed. This has been going on since the 90's, probably earlier. It's one f the easiest things to do on computers, spoof peoples email address.

I could send you an email, and make it look like it came from you. It's not that difficult and generally nothing to worry about.

I'm not getting the Spam emails .... Its everyone in my address book!

Shane O' Malley

NoseyMike2010 wrote: »

I'm not getting the Spam emails .... Its everyone in my address book!

Except you said that "i have the same problem"

You don't. The other poster had a problem with receiving spam from their own email address. That is called spoofing.

Your problem is that your address book has been compromised at some point.

NoseyMike2010

And the cure is???

RangeR

NoseyMike2010 wrote: »

And the cure is???

Cleaning your computer and educating yourself in safe and secure usage of same.

Shane O' Malley

NoseyMike2010 wrote: »

And the cure is???

Your address book is already in the hands of the spammers. Nothing you can do about that.

How it got to them is another story.

You need to run some anti spyware on your system

http://www.lavasoft.com/ This is pretty good. Just get the free version.

Also run an onlin antivirus scanner http://housecall.trendmicro.com/uk/

Check you have all your software updated. http://secunia.com/vulnerability_scanning/online/?task=intro

Dude111

ocallagh wrote:

My yahoo email account was hacked and hundreds of my friends/co-workers received spam from me until I switched the password.

Exactly....

Somehow the idiots are getting peoples passwords..

Im sorry your going thru this also

Shane O' Malley

Believe me, noone is going to go to much trouble to hack yahoo.

The problem is not with yahoo it is with your computer or a computer you used.

ocallagh

The only computer I use to access my yahoo account is this one, my Ubuntu Linux distro and in fact, that Yahoo account hadn't been accessed in over 6 months since I switched to gmail so I am quite confident it has nothing to do with key logging.

I used the same password for two other services online though, both of which are well established companies. The only explanation I can come to is that one of these services had personal account details stolen (similar to what happened on boards a while back) and they managed to re-create the hash stored for my password.

Long story short, keep extremely long, complicated and different passwords for everything web related!

ocallagh

RangeR wrote: »

That's a different issue to the OP. I'd call this a PSIFOC issue.

What does PSIFOC stand for?

ocallagh

Shane O' Malley wrote: »

Believe me, noone is going to go to much trouble to hack yahoo.

The problem is not with yahoo it is with your computer or a computer you used.

I agree key logging is one threat but it extends way past that. You can have every anti-virus under the sun running on your computer but still be vulnerable.

In a lot of cases the problem is to do with how online services store our account details. People use the same passwords and security questions for everything which means the weakest link compromises them all.

I've worked in companies where account tables were freely accessible by developers in the company, some accounts even stored passwords in plain text.

I did a security audit for a company which needed to link a desktop app to a web interface and they passed the user credentials in a HTTP GET request. Anyone with access to the browser history or the server logs would see the password in plain text.

Even if an online service uses hashing and salting to encrypt the password it's still quite easy to decrypt with a bit of processing power. Watson could probably decrypt most boards passwords in between questions on Jeopardy!

RangeR

ocallagh wrote: »

What does PSIFOC stand for?

PSIFOC = Person Sitting In Front Of Computer
Technically called a "Layer 8" issue.