Results 1 to 11 of 11
  1. #1
    2 Star Lounger
    Join Date
    Feb 2009
    Location
    Tucson, AZ, USA
    Posts
    131
    Thanks
    3
    Thanked 3 Times in 3 Posts

    What does a hacked email address look like?

    A colleague lost his address book to hackers a couple of weeks ago and now those of us in it are getting phished. I replied to the address on the p-mail and it bounced;
    Delivery to the following recipient failed permanently: (his exact e-mail address)

    Every place his address occurs in the bounce message, the characters are the correct ones for his address. When I enter these characters in the to: line of Outlook, he gets the message, same for clicking on his address in my address book.

    How do the bastards mal-form an address so it looks valid?

    What can he do other than abandoning that account and getting a new one?
    Dan Lynch
    The stonecherub

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,172
    Thanks
    129
    Thanked 1,139 Times in 1,050 Posts
    Is there a reason given for the failure? Can you post the wording here?
    Rui
    -------
    R4

  4. #3
    2 Star Lounger
    Join Date
    Feb 2009
    Location
    Tucson, AZ, USA
    Posts
    131
    Thanks
    3
    Thanked 3 Times in 3 Posts
    Technical details of permanent failure:
    Google tried to deliver your message, but it was rejected by the server for the recipient domain aol.com by mailin-01.mx.aol.com. [64.12.88.132].

    The error that the other server returned was:
    521 5.2.1 : (HVU:B2) http://postmaster.info.aol.com/errors/554hvub2.html

    I didn't want to post my colleague's address or I would have seent the entire bounce message.
    Dan Lynch
    The stonecherub

  5. #4
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,172
    Thanks
    129
    Thanked 1,139 Times in 1,050 Posts
    From the AOL page for the error in question:

    There is at least one URL or domain in your e-mail that is generating substantial complaints from AOL members. Resolution will require opening a support request.

    Basically it means AOL blocked the email address, surely because it was spamming. Your colleague needs to do as suggested.
    Rui
    -------
    R4

  6. #5
    2 Star Lounger
    Join Date
    Feb 2009
    Location
    Tucson, AZ, USA
    Posts
    131
    Thanks
    3
    Thanked 3 Times in 3 Posts
    Well, the address is blocked - but it isn't. I got the first phish while on my way out to the field having no time to deal with it. I replied and the reply was bounced. I sent an e-mail from my address book that that was accepted. Tuesday. Today, another phish, another "click on the reply button," another rejection message, another send-an-e-mail that was not rejected, ostensibly to the same address.

    SO, why is this address blocked for a reply to a phish but not blocked for a normal message when the character strings for the e-mail addresses are identical? Or, why do they appear to be identical when Google thinks they are not?
    Dan Lynch
    The stonecherub

  7. #6
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,172
    Thanks
    129
    Thanked 1,139 Times in 1,050 Posts
    I fear I can't answer you, only AOL knows what AOL does. You or your friend need to contact their support, providing the same info I requested here.
    Rui
    -------
    R4

  8. #7
    Silver Lounger mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    2,137
    Thanks
    202
    Thanked 206 Times in 198 Posts
    Quote Originally Posted by stonecherub View Post
    Well, the address is blocked - but it isn't. I got the first phish while on my way out to the field having no time to deal with it. I replied and the reply was bounced. I sent an e-mail from my address book that that was accepted. Tuesday. Today, another phish, another "click on the reply button," another rejection message, another send-an-e-mail that was not rejected, ostensibly to the same address.

    SO, why is this address blocked for a reply to a phish but not blocked for a normal message when the character strings for the e-mail addresses are identical? Or, why do they appear to be identical when Google thinks they are not?
    There is a lot of detail in the message header that is normally hidden from view. That's why both emails look the same to you. There is something suspicious in the phishing email's header, but not in the legitimate email's header.

  9. #8
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,374
    Thanks
    1
    Thanked 595 Times in 532 Posts
    You need to look at the headers for the email. What is displayed by an email client or web interface is just a name not the actual address. It is very easy to change the underlying return address in the email header.

    Joe

  10. #9
    2 Star Lounger
    Join Date
    Feb 2009
    Location
    Tucson, AZ, USA
    Posts
    131
    Thanks
    3
    Thanked 3 Times in 3 Posts
    Thanks, guys, I did try to look at the header but Outlook 2003 doesn't show me much. Not enough to tell why one address is bad. It's a moot point, I'm just curious and it's somebody else's e-mail, not mine.

    Hmmm. I wonder what's hidden behind that link? 100 million Nigerian Rasbuckniks, I'll bet.
    Dan Lynch
    The stonecherub

  11. #10
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Rochdale, UK
    Posts
    824
    Thanks
    13
    Thanked 52 Times in 52 Posts
    Does this help?

    View Email Headers

  12. #11
    Star Lounger
    Join Date
    Jul 2010
    Location
    Australia
    Posts
    69
    Thanks
    8
    Thanked 27 Times in 14 Posts
    Replying to any phishing e-mail (or spam) is silly, it will just get you even more phishing e-mails.

    Almost certainly the e-mail headers are forged and the e-mails will come from a different domain each time (like most spam), making them hard to block. Even if your compromised colleague ceases using his current e-mail account for work so you can add it to your blocklist, the bad guys now have your e-mail address.

    Your compromised colleague should of course change his e-mail password, and any 'reminder' questions at its website ('Mother's maiden name' etc. etc. asked by Hotmail etc. etc.), so that the hacker can't regain access to his account. And his machine should be carefully checked for malware.

    Don't reply to the e-mails and they will probably stop coming after a while. If not, well sh1te happens. Perhaps this is a good time for your staff to get some training in basic computer security, like identifying phishing e-mails and not opening them?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •