Results 1 to 11 of 11
  1. #1
    5 Star Lounger
    Join Date
    Sep 2002
    Location
    Naples, Florida, USA
    Posts
    1,070
    Thanks
    25
    Thanked 2 Times in 2 Posts

    Question Hacked Email Address

    Hoping for advice on what, if anything, to do about this issue.

    Just discovered that my Windows Live Mail email address was stolen by someone in Nigeria when he hacked a friend's contacts. Spam has been arriving which I've been deleting as Junk mail without opening.

    2 concerns/questions:
    1. Is my email safe as long as no spam is opened?
    2. Hacked address is my company one so hacker now has our site URL. Is our site compromised?

    Any suggestions on action I should be taking?

    Thanks for any ideas!

    Linda

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    4,604
    Thanks
    66
    Thanked 522 Times in 471 Posts
    As long as nobody has been receiving Spam email using your Email address as the sender, you are probably OK. Your web site should be OK as well. It wouldn't hurt to change your email password though.

    There's not much you can do to stop the spam coming to your Email other than getting a new Email account. Just continue to delete them and don't respond if they supply an unsubscribe link. That just confirms a human is reading the spam and you will get more Spam. Recently a lot of the spam I have been getting has been requesting a received receipt. If your Email client supports it, block sending receipts of emails.

    I use a junk Hotmail/Yahoo/ or Google email account whenever I suspect possible spam when signing up for a website that needs an email address.

    Jerry

  4. #3
    5 Star Lounger
    Join Date
    Sep 2002
    Location
    Naples, Florida, USA
    Posts
    1,070
    Thanks
    25
    Thanked 2 Times in 2 Posts
    Thanks so much, Jerry. My shoulders have returned to their normal, tension-free level.

    I'd changed email passwords a couple of weeks ago (heartbleed issue reminded me it had been a while), but will change them on those accounts again. Extra security!

    Good advice re. read receipts: what a sneaky way to prove "humanity". Windows Live Mail asks if you want to send the requested receipt each time so will be sure to check "don't send". Thanks!

    As an aside, have been receiving email supposedly from Adobe. My email was one stolen in their breach last year. I had been reading them, but when I checked originating IP addresses, I saw that those addresses were known for generating from 46 to 90% spam! I now delete them without reading. Figure I can check the site when I need something from them.

    I appreciate your response and advice. Thanks again.

    Linda

  5. #4
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    4,604
    Thanks
    66
    Thanked 522 Times in 471 Posts
    You're welcome.

    Jerry

  6. #5
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,170
    Thanks
    129
    Thanked 1,138 Times in 1,049 Posts
    Email accounts exist for a reason - receiving email messages. If you receive email messages, even unwanted ones, this does not mean that your account was hacked. An hacked account means someone gained unauthorized access to your account, as if they were the owner, which doesn't seem to be the case. This also applies to the account being "stolen" - if someone else is not accessing your account without your permission, if you haven't been prevented from accessing your email account, I don't think this can be described as your account having been stolen.

    Spam is a huge inconvenience and you should not visit any of the links in a spam email message. Usually spam is just unwanted commercial stuff, although there can be also phishing messages or other messages with attached malware. In the former case, the risk is usually smaller, but it still is not advisable to click anything.

    One trick I use because I host my own email, is to use an email address that doesn't match an actual email account, but it is just a forwarding account. For example, using publicAddress@mydomain.com and have that account be a forwarding one to hiddenAccount@mydomain.com. This means that, as you never need to disclose the hiddenAccount@mydomain.com address, it is much likely to be safe from hacking than if you use disclose your normal account.

    Forwarding accounts have no passwords, so there is no hacking possible and your real account is always safe. This doesn't mean that the account will be free from spam, but it is very unlikely that anyone tries to brute force an account that is unknown. I had to do this after one of my actual accounts was disclosed in the Adobe breach and regular attempts to access it were leading it to be blocked on my email server - the server disable account access after a few failed login attempts, so I was being prevented from accessing my own account simply by the attempts to hack it. I changed things, now my public addresses always forward to undisclosed accounts and this adds another safety layer even in case of the ever more frequent website breaches we read about every day.
    Rui
    -------
    R4

  7. #6
    5 Star Lounger
    Join Date
    Sep 2002
    Location
    Naples, Florida, USA
    Posts
    1,070
    Thanks
    25
    Thanked 2 Times in 2 Posts
    More great information, Rui. Thanks, too, for clarifying what happened in my case.

    Really like your idea about forwarded/hidden accounts. I'm going to talk to our ISP about doing just that for us. It seems like a very wise move given our public addresses are from our 2 business domains.

    While on the subject of which address to use, can you offer advice on this personal vs. business email address issue?

    I have a Gmail account but only because I have to have it for Google services (freedom of choice??!). My suspicion was always that such accounts were easier prey for hackers.

    Am I correct? Or would it make better sense to use Gmail for personal email and keep the 2 business ones strictly for business?

    If this is off topic, I'm happy to post in a new thread.

    Thanks for taking the time to provide all your information. I say it often, but this Lounge - and its Loungers - are terrific!

    Linda

  8. #7
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,170
    Thanks
    129
    Thanked 1,138 Times in 1,049 Posts
    Hi Linda,

    I think it is important to have at least an email account that you know won't change, ever, regardless of who your ISP is. This means either using one of the big email providers (Microsoft via hotmail / outlook.com), Gmail or even Yahoo, or using a domain of your own, that you host somewhere. I, of course, prefer the latter, which means that I can keep my email regardless of my ISP (I only changed once in 13 years or so, but change even once, it can be a source of problems). This I would think it should be your personal account, one that you use for your friends and family or under any circumstances you want to make sure you will always be reachable by email.

    You can then have business accounts, one or more, that will be tied to your specific business and its domain. These will last while your business lasts, which hopefully will be long, but businesses can have a more transitory nature, even if the business is successful and you sell or do something similar. So I would use a business email address for business purposes alone.

    This may mean you can have many email addresses through your life. That's why your personal address should be stable, to avoid losing contact with people you want to remain in contact with regardless of whatever happens in your business life, who your ISP is or any other changing variables.

    HTH
    Rui
    -------
    R4

  9. #8
    5 Star Lounger
    Join Date
    Sep 2002
    Location
    Naples, Florida, USA
    Posts
    1,070
    Thanks
    25
    Thanked 2 Times in 2 Posts
    I think I see what you mean but just to confirm:
    - ideally, as well as the 2 business domains, have a personal one for friends and family email that you keep always.
    - if not going third domain route, go with Gmail (or one of the others).

    Have I got it?

    Thanks again,

    Linda

  10. #9
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,170
    Thanks
    129
    Thanked 1,138 Times in 1,049 Posts
    Yes, Linda, those would be my choices.

    Regards

    Rui
    Rui
    -------
    R4

  11. #10
    5 Star Lounger
    Join Date
    Sep 2002
    Location
    Naples, Florida, USA
    Posts
    1,070
    Thanks
    25
    Thanked 2 Times in 2 Posts
    Thanks for your reply, Rui - super fast, as always!

    Update: have changed email password on account that was part of the "hacked" contacts from a friend and asked ISP about how to set up hidden accounts for extra security!

    Wouldn't life be a lot simpler without all these nasties out there!?

    Linda

    UPDATE #2: Can't do the hidden address trick according to our ISP. They just recommended strong passwords, which I do have. Ah well, that will hopefully be sufficient.
    Last edited by IreneLinda; 2014-05-14 at 15:13. Reason: Added further update

  12. #11
    2 Star Lounger cyberdiva's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    131
    Thanks
    15
    Thanked 6 Times in 6 Posts
    Quote Originally Posted by IreneLinda View Post
    I have a Gmail account but only because I have to have it for Google services (freedom of choice??!). My suspicion was always that such accounts were easier prey for hackers.
    Linda, I've had two Gmail accounts for a number of years, and I've been impressed with Gmail's security. For example, any time there's an attempt to log in to my account from an IP number different from my usual one, Gmail will block it and send me a message letting me know of the attempt, the date, time, location, and IP number, and it will ask whether I was the one who tried to log in. It will notify me at both my Gmail account and at a security email address I've provided. There are other ways, too, that Gmail tries to make accounts more secure. Perhaps for that reason, I've known many more people whose Yahoo, Hotmail, or AOL accounts were hacked than Gmail accounts. It's possible, of course, but I think less easy.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •