Hacking E Mail Accounts

[Maggie/915]

How can we stop people.

I have received two suspect E mails.

One about green coffee beans and the other about working from home.

Both look as if they are from friends.

Once you have opened these things, what should you do. I thought Apple products were save!

[keith lockey]

Golden rule, Maggie, learnt at great cost, Never open an email unless you know whom its from. I once opened one and got a load of p.rn and another crashed my computer. So do be careful regarding unrecognised emails. Just don't open them.

[Maggie/915]

That's the problem Keith they were from a family member and a friend of long standing.

Guess the hackers are getting more and more sinister.

Not sure how they can get into someone's account.

I thought the Apple products were safer.

[Vic Patterson]

From my own experience with this type of e-mail just opening the e-mail shouldn't cause your computer to be infected but opening a link in it will, just as your friend and family member did! The open link will go to your contacts list and spread the same e-mail.

[Adam Hogg]

The best way to know if it is a spam email is that is in not personal like a normal email would be:

Hi or Hello Joe Bloggs,

Have you seen this (link) funny youtube video.

Regards,

Bob.

While a spam email will be something like:

Click this (link) to see funny jokes.

Easy way to tell if an email is a virus/hacker or your friend/family member.

[mercuryg]

Maggie,

This is an increasing problem, and one that we can do little about. I had one from my brother's account the other day which, even weirder, featured a link that appeared to be to one of my clients. Generally, if an email only contains a link, you should delete it.

[Maggie/915]

The problem with one e mail was that I was expecting a link from my son and noticed after that the spelling of his name was not quite right.

Damage limitation after I had opened the link, I have deleted and just hope friends and contacts do not get something similar apparently from me.

Dangerous times.

[Symptoms]

It's a myth that Apple products are safer, just about all platforms are at risk. The perception that Apple/Macs didn't get infected was due to the tiny market share these things had years ago so it wasn't worth the time spent attacking them; richer pickings were available on the 96% of all other machines running Microsoft/Windows. The growth in Apple sales has made them a more legitimate target.

Good virus scanning software and a suspicious mind are about as far as you can go in protecting your PC/Mac/device.

[mercuryg]

The increasing popularity of Virtual Private Networks is testament to the lax security offered by even the most secure systems. It may be worth investigating.

[threegee]

Some good advice above, and Symptoms is right about the Apple myth too. Only on an Apple product can the mere act of plugging it into a charger result in the device being seriously compromised.

Chrome OS is probably the safest platform these days, but that's likely because for most people they accept big brother Google's free offers and defaults. It's not entirely without its bloopers though. For someone completely wet behind the ears a Chromebook is easily the safest bet, and way way cheaper than anything Apple. Google do the thinking for you, supply your software for free, and keep everything up-to-date.

Most sensibly configured PCs are hardened these days and it's necessary to resort to trickery to compromise them. Hover your mouse cursor over and links so that the actual URL appears (sometimes in the status bar) if there are subtle differences from a URL shown in the text that's VERY suspicious. The main vulnerability these days is malicious Java scripting on sites you are lured to. Make sure your Java engine is fully up to date.

Any e-mail attachment you don't expect and are in any way unsure of the source of probably carries a payload, and should never ever be opened.

Windows users would probably be best advised to remove any Microsoft e-mail clients and use Thunderbird - though you probably will need some assistance at setting this up properly to filter spam and flag likely malicious stuff. I was surprised quite recently though to discover that most people these days don't even know what an e-mail client is, and assume webmail is proper email!

If you are viewing HTML emails make sure that the display of LINKED graphics is turned off. It's the default these days on any decent e-mail client but Microsoft were very laggy in implementing this on Outlook/Outlook Express. There's not a direct threat here, but it makes it possible for scamsters to detect if you've received and displayed their mail.

If you need to take one thing away from here it's to NEVER publish your e-mail address on a website anywhere so it is publicly readable, and be very picky who you give it to. People still do this all the time! This is both idiotic and completely unnecessary.

[Maggie/915]

Thanks for the advice

[Alan Edgar (Eggy1948)]

Not sure if this still works now as the spammers/hackers just get more sophisticated. To stop them emailing from your address book we used to add in a duff address as the first address they would read as :- Surname = 'aaaaa' ; Christian name = 'aaaaa' ; email address = 'aaaaaa@aaaaa.aa' so the hacking/spammer got an invalid response back and the attempted read of your address book therefore failed.

Then found that if you purchased Microsoft products and in the package was Microsoft Outlook for email you could ignore using your providers email server to login to get your emails.

I have MS Outlook installed (yes I am still in the dark ages) on my Desktop and it links into my provider BTYahoo. Therefore I do not have to connect to BTYahoo to get my emails and I do not have to have my address book in BTYahoo full of friends names and email addresses. All I have in the BTYahoo server address book is:-

aaaaaaa aaaaaaaa aaaaa@aa.aa

<phishing@cahoot.com>;internetsecurity@barclays.co.uk <internetsecurity@barclays.co.uk>;emailscams@lloydstsb.co.uk <emailscams@lloydstsb.co.uk>;security@halifax.co.uk <security@halifax.co.uk>;phishing@hsbc.com <phishing@hsbc.com>;phishing@nationwide.co.uk <phishing@nationwide.co.uk>;phishing@natwest.com <

spoof@paypal.com <spoof@paypal.com>;phishing@hmrc.gsi.gov.uk <phishing@hmrc.gsi.gov.uk>;phishing@santander.co.uk <phishing@santander.co.uk>;stop-spoofing@amazon.com <stop-spoofing@amazon.com>;abuse@bankofamerica.com <abuse@bankofamerica.com>;internetsecurity@barclays.com <internetsecurity@barclays.com>;phish@fb.com <phish@fb.com>;

I find BTYahoo very good at identifying 'phishing' emails and placing then in the dedicated SPAM folder. So when I do connect to BTYahoo I can forward any SPAM emails to the relevant organisation, the SPAMMER was pretending to be from, for their security to check out. I agree with Threegee in that there is no harm in opening these mails just don't click on the links they include.

As for 'cookies' left on your system there is no harm in just deleting them. Sometime the 'usernames' etc. that you may have saved for certain sites will also get deleted but not a great deal of harm done as I am sure we all have brilliant memories and can remember, without having them written down!

I normally use AVG or McAfee to keep my machine tidy but you can use the windows help facility and if you search for 'cookies' you will get:-

Delete your Internet cookies

Follow these steps to delete the cookies stored on your computer. After you delete cookies, websites will no longer remember information you have entered on previous visits (for example, they will no longer have record of your user name or preferences).

Click to open Internet Options.

Click the General tab, and then, under Browsing history, click Delete.

Under Cookies, click Delete cookies, and then click Yes to confirm that you want to delete them.

Click Close, and then click OK.

Hope some of the above makes sense; time for a cup of tea.

Edited June 17, 2013 by Eggy1948

[Brett]

On this not particularly, if you receive an email from a trusted source which appears to be SPAM or not legitimate then advise them to change their email password and select a secure password rather than the generic "Password123" "123456789"

It's amazing the amount of people that have poor quality passwords which they will more than likely use for every account they possess.

Generally the reason you are receiving SPAM emails from trusted sources is that their password has been compromised.

Try the below for secure passwords:

http://www.pctools.com/guides/password/