Linux Format forums Forum Index Linux Format forums
Help, discussion, magazine feedback and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Suspicious email

 
Post new topic   Reply to topic    Linux Format forums Forum Index -> Help!
View previous topic :: View next topic  
Author Message
GeordieJedi
LXF regular


Joined: Thu Jun 14, 2007 11:36 pm
Posts: 327
Location: North East England

PostPosted: Thu Mar 28, 2013 11:22 pm    Post subject: Suspicious email Reply with quote

Hi all.

Right. I received a suspect email from a good friend yesterday.
(I spoke with them, and they never sent the email in question. They also checked their
sent items, so they definitely didn't send it).

They were curious about this, so I forwarded them the email.

I booted into a live CD (and using Firefox, Adblock plus and No script) I opened the
email and forwarded it on to them.
I (obviously) didn't click on on the link in the mail itself.

I suspect that their email address has been spoofed.

I've checked the recent activity details on my email account, and there doesn't seem to be
anything amiss.

Do you think it's necessary for my to change my email account password ?
(My current password it 19 alphanumeric string).


Am I being a little paranoid ?

Useful info -
We both use webmail

My email = Gmail
Friends email = Yahoo mail



TIA for any help or advice.
Back to top
View user's profile Send private message
Slip



Joined: Mon Feb 27, 2012 10:12 pm
Posts: 7

PostPosted: Fri Mar 29, 2013 2:11 am    Post subject: paranoid: yes Reply with quote

Hi,

You say you didn't follow the link-- no problem. Probably wouldn't have mattered if you did, since you use Linux, and a virus isn't likely to harm you.

Email spoofs, and hijackings happen all the time. If your friend uses yahoo mail, or one of the major web-based email outfits, it is likely someone has hacked his password. Otherwise it may just be a spoof. If you look at the detailed headers of the email, you may be able to tell if it actually originated from his account.

Either way, if it were me, I wouldn't worry about it.
Back to top
View user's profile Send private message
Dutch_Master
LXF regular


Joined: Tue Mar 27, 2007 2:49 am
Posts: 2423

PostPosted: Fri Mar 29, 2013 2:34 am    Post subject: Reply with quote

It's very easy to spoof the "from" header in an SMTP conversation, so your friend may not have to reset his password... (but as you don't know, it's safer to do anyway!)
Back to top
View user's profile Send private message
MartyBartfast
LXF regular


Joined: Mon Aug 22, 2005 8:25 am
Posts: 806
Location: Hants, UK

PostPosted: Fri Mar 29, 2013 11:38 am    Post subject: Reply with quote

As said above it's very easy to spoof an Email "From:" address, so if you receive a mail from some random name you've never heard of then it's likely to be a spoofed From address, however the chances of some spammer spoofing your friends address and randomly sending it to someone who knows him is slim, this suggests that whoever/whatever sent that mail has access to your friends mail contacts. Alternatively (and this has happened to me) there could be a third party who is also a contact of both you and your friend, that third party has their Email hacked and the hacker uses one of the names on the contact list as the spoof From: address and sends Emails to all the other names in the address book purporting to be from your friend.

Bottom line is it's likely someone has either been hacked or has got a virus, but it may not be your friend - he ought to change his passwords anyway.
_________________
I have been touched by his noodly appendage.
Back to top
View user's profile Send private message
bobthebob1234
LXF regular


Joined: Thu Jan 03, 2008 9:38 pm
Posts: 1368
Location: A hole in a field

PostPosted: Fri Mar 29, 2013 4:07 pm    Post subject: Reply with quote

I've had quite a few emails from yahoo email accounts recently, it seems that they have had a problem or someone has got a hold of a bunch of passwords and email addresses.

Get your friend to change his yahoo password

Also out of interest was/is your friend on linkedin, was his yahoo email linked to his linkedin, and did they have the same password?
_________________
For certain you have to be lost to find the places that can't be found. Elseways, everyone would know where it was
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8368
Location: Warrington, UK

PostPosted: Fri Mar 29, 2013 9:07 pm    Post subject: Reply with quote

The From: header is irrelevant as it is added by the sender, so they can put what they want. Of more interest are the server added headers, such as Received. They show the path the mail took to reach you. If it was sent from your friend's account, it will have started with a yahoo server, anything else and it is a spoofed mail sent from a spambot.

Using his address for From: is just a way of getting it through your spam filters, and encouraging you to read it.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
GeordieJedi
LXF regular


Joined: Thu Jun 14, 2007 11:36 pm
Posts: 327
Location: North East England

PostPosted: Fri Apr 19, 2013 8:49 pm    Post subject: Reply with quote

[Update]

OK,

I received a photo msg from a good friend asking if I had sent him a suspicious email yesterday.
He also included a screenshot of the offending email.

I assured him that I hadn't sent him anything.
In the screenshot It had my name (as the sender)
but being sent from a completely different email address than mine.

Once again I check my email account's sent items (my account has not sent anything)
and the list of IP addresses that have accessed my email account.
(And again, there's nothing untoward going on)

So it looks like that my email address has now been spoofed.

Im almost certain that my account has not been hacked.

However, do you think it would be wise to change my email account password ?

Thanks again for the help.
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8368
Location: Warrington, UK

PostPosted: Fri Apr 19, 2013 9:15 pm    Post subject: Reply with quote

As already stated, the From: header proves nothing, it i just a line of text inserted into the email. The Received: headers will show where it was actually sent from, if these include your ISP's mail server, you may have cause for concern.

As for changing your password, don't even think about it, just do it. If you even suspect that any password has been compromised you should change it. This applies tenfold to your email password, as gaining that enables someone to get hold of all your other passwords.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
MartyBartfast
LXF regular


Joined: Mon Aug 22, 2005 8:25 am
Posts: 806
Location: Hants, UK

PostPosted: Fri Apr 19, 2013 10:24 pm    Post subject: Reply with quote

If they had compromised your account then they wouldn't need to spoof the From: address. I would think it more likely that a mutual contact of you and your friend has had their account hacked, the hacker/virus has chosen you as the spoof From: address and is sending mails to the compromised account's address book. Most of the recipients will see a mail purporting to be from Geordi Jedi and will ignore it 'cos the name means nothing to them, but it rings alarm bells with your friend because he recognises the name and thinks it's come from you.

Still a good idea to change your passwords though.
_________________
I have been touched by his noodly appendage.
Back to top
View user's profile Send private message
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   Reply to topic    Linux Format forums Forum Index -> Help! All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Linux Format forums topic RSS feed 


Powered by phpBB © 2001, 2005 phpBB Group


Copyright 2011 Future Publishing, all rights reserved.


Web hosting by UKFast