Menu
Reply
  • 2
  • 0
  • 0
Matthew5
Joining in
168 Views
Message 1 of 3
Flag for a moderator

Email Hijacking

After telling Virgin Media that my email had been used to send out spoof/spam email in June, the problem is still happening.  I had another 30 mail failure notices arrive in my In Box this morning.

I have followed all the advice, made numerous telephone calls and have now resorted to sending in an official complaint letter.

I have changed my password nine times since June and only access my email via WebMail and the email addresses that some of the spam was sent to were never on my new computer.  Virgin Media have a setting on their email that allows them to save names of people in a hidden contacts list on their server unless you elect not to do so.  I have also now prevented this from happening and further secured all my settings, but the problem still exists. 

Virgin say that it is outside their control, as the issue happens outside of their platform, but since the only place some of my contact information was stored was on their server it must have been hacked into to get hold of the infomration in the first place.

Every time I have complained they tell one lie after another to try and put the blame on me, or my internet security (now proven to be not the case).

It has now come to the point that if nothing happens after my complaint letter I will be leaving Virgin Media for good and never recommending them to anybody.  I will also be looking to report the issues I have had to the Ombudsman.  Virgin's customer service is appalling.

0 Kudos
Reply

Helpful Answers
  • 252
  • 19
  • 114
Wrock
Fibre optic
259 Views
Message 2 of 3
Flag for a moderator
Helpful Answer

Re: Email Hijacking

Hello Matthew,

These cases of email hijacking are outrageous and have significant consequences for those affected.  You are finding that your friends and colleagues are receiving short chatty spam emails containing a link with your Virgin Media email address attached as a false from address, right?

Yes, you will find that all of the email addresses which are now receiving the spam were in your web mail account.  I know of at least 580 cases of this problem with Virgin Media accounts.  Many started in September and October 2015 and the rounds of chronic spam every few weeks at irregular intervals continue now a year later.  This tends to make the affected email address worthless to the account holder since the continuation of the spoofing damages their personal and professional reputation.

As others have found, there has been no sign that a virus or malware is the cause of this problem.  You've search your computer and any mobile devices, and not found any particular problems, right?  Hundreds of other people with this problem have done so in many countries around the world with a wide variety of anti-virus products.  Several other email providers also have ongoing cases of this problem, notably TalkTalk and Yahoo! and Comcast all of whom are known to have had large data breaches, as well as the Liberty Global companies telelnet.be and ziggo.nl, and a number of email providers in several countries.  I'm keeping a list here, http://wardinewrock.blogspot.com/2015/10/domains-spoofed-by.htmlIn every case, it is only a small percentage of the email provider's accounts which are affected, typically less than one percent.

One of the myths surround this problem is that Virgin Media can do nothing about it.  In fact, a responsible and knowledgable email provider will take action to protect you from spoofing by enacting a DMARC p=reject policy in response to a widespread problem like this.  AOL did so when these spammers had hacked into two percent of their accounts in April 2014 and Yahoo! did so just before AOL did.  AOL were able to cut the spam on their system in half as a result since this is a big spam operation which can put a significant load on an email system.  Have you filed a Net Report case with Virgin Media yet using this form and the "email hijacking" category, http://netreport.virginmedia.com/netreport/?  Many others have done so and not received a particular response.  Even if there is no response, it seems important to give Virgin Media security analysts the opportunity to investigate these cases by registering them.  I have details which suggest that there are at least 5,000 affected Virgin Media accounts.

Yes, I think the real-time automated contacts-collection feature in OX App Suite may be playing a role in these cases.  Can you confirm that it is turned on in the web mail account by default?  Does it allow you to quickly export a full list of display names and email addresses found in the account?  These spammers have stolen not only email addresses but also display names.  

There are several common methods by which a spammer could obtain your password.  Virgin Media accounts receive many sophisticated phishing emails from spammers which are specifically designed to fool you into logging into a web site which looks like a Virgin Media web site and entering your Virgin Media user ID and password.  There is a long list of these which Virgin Media staff keep current on the Net Report web page if you scroll down, http://netreport.virginmedia.com/netreport/.  Think about whether you might have responded to one of these in the weeks before the spoofing started.

There are also suggestions that many with this problem might have had very simple passwords that the spammers could guess.  Virgin Media had a cluster of these spoofing cases for hacked accounts as well in 2011.  Published statements at the time suggest that Virgin Media thought that weak passwords played a role.  It is not clear if any particular analysis had been done for those cases in 2011 or if the response was simply an explanation of common methods by which passwords are stolen.

Research shows that about half of British internet users use the same password for multiple web sites.  If you have used your email address and email password as the login on any other web sites, then also be sure to change those passwords and make certain that the passwords differ from your current email password.

You do not need to continue to change your password and security question every time the spammers send a round of the spoofed spam. Instead, focus your energy on moving out of the Virgin Media email account.

Before the spoofing started, approximately how long had it been since you changed your email password?  One of the consistent findings for these cases is that a large portion of people with this problem (69 percent of 194 people) had not changed their email password for years.  That may suggest that the passwords in use on the accounts were not particularly strong.

These particular spammers are experts in fraud.  You'll find if you were to follow the links in the spam which is being sent under your name, that it leads to a fraudulent business.  Some are offering for sale miraculous pills for weight loss or memory enhancement or unbelievably fantastic get-rich-quick financial schemes.  Unfortunately, these businesses are surprizingly profitable for the spammers and so they are highly motivated to continue to send the spam.  Because they are experts at fraud, and if your cases is like others, you have not been able to work out how they were able to enter your account and steal a full list of email addresses and display names, I believe that anyone with this particular problem is vulnerable to financial fraud and identity theft.  To protect yourself, I suggest that you open a new free Gmail account and move your email operations there as quickly as is feasible.  Do not set your Virgin Media address as the account-recovery email address.  If you have a mobile device, then turn on two-step verification on the Gmail account in order to reduce the likelihood that someone other than you could log into the account simply by knowing your password.  Set a good long password on the account which does not contain words in any language forwards or backwards.  Virgin Media accounts only allow short passwords.  You'll be able to set a longer and therefore stronger one on a Gmail account.  As soon as you have established the new address, replace your Virgin Media address with the new one for any business or organization with which you have financial dealings.  If someone is able to access your Virgin Media account again, you do not want them to be able to use that account to reset passwords for other services such as online banking or purchases from eBay or Amazon, for example.  I know of one case of this spoofing where financial fraud has occurred, as well as three or four cases in which addresses which were not present in the account at the time when the spoofing began have subsequently started to receive spoofed spam, suggesting more than one round of account access.  Many people with this problem with Virgin Media accounts have found that Virgin Media has locked their accounts and changed the email passwords one or more times because Virgin Media is detecting unauthorized account access.

Indeed, poor customer service in response to these cases has aggravated many!  So much so that a Facebook group about this problem span out of this forum in December 2015 due to frustration with the responses and lack of accurate information provided by Virgin Media staff.   You'll find many others who have filed an assortment of formal and informal complaints there.

Consider your choice of email to be separate from the choice of internet provider.  If the other services from Virgin Media are worth having, then move your email to a better service.  Many who work in IT would recommend that you separate your email provider from your internet provider as a general practice to give you future flexibility.  There are also other current problems with the Virgin Media email system which are significant enough that it is worth moving to a better-run system, chiefly that a significant amount of legitimate email has not been delivered since August 2015.  You can see a summary of the many reports of that problem here,

http://wardinewrock.blogspot.com/2016/05/legitimate-emails-blocked-to-virgin.html

-Wrock

0 Kudos
Reply

All Replies
  • 252
  • 19
  • 114
Wrock
Fibre optic
260 Views
Message 2 of 3
Flag for a moderator
Helpful Answer

Re: Email Hijacking

Hello Matthew,

These cases of email hijacking are outrageous and have significant consequences for those affected.  You are finding that your friends and colleagues are receiving short chatty spam emails containing a link with your Virgin Media email address attached as a false from address, right?

Yes, you will find that all of the email addresses which are now receiving the spam were in your web mail account.  I know of at least 580 cases of this problem with Virgin Media accounts.  Many started in September and October 2015 and the rounds of chronic spam every few weeks at irregular intervals continue now a year later.  This tends to make the affected email address worthless to the account holder since the continuation of the spoofing damages their personal and professional reputation.

As others have found, there has been no sign that a virus or malware is the cause of this problem.  You've search your computer and any mobile devices, and not found any particular problems, right?  Hundreds of other people with this problem have done so in many countries around the world with a wide variety of anti-virus products.  Several other email providers also have ongoing cases of this problem, notably TalkTalk and Yahoo! and Comcast all of whom are known to have had large data breaches, as well as the Liberty Global companies telelnet.be and ziggo.nl, and a number of email providers in several countries.  I'm keeping a list here, http://wardinewrock.blogspot.com/2015/10/domains-spoofed-by.htmlIn every case, it is only a small percentage of the email provider's accounts which are affected, typically less than one percent.

One of the myths surround this problem is that Virgin Media can do nothing about it.  In fact, a responsible and knowledgable email provider will take action to protect you from spoofing by enacting a DMARC p=reject policy in response to a widespread problem like this.  AOL did so when these spammers had hacked into two percent of their accounts in April 2014 and Yahoo! did so just before AOL did.  AOL were able to cut the spam on their system in half as a result since this is a big spam operation which can put a significant load on an email system.  Have you filed a Net Report case with Virgin Media yet using this form and the "email hijacking" category, http://netreport.virginmedia.com/netreport/?  Many others have done so and not received a particular response.  Even if there is no response, it seems important to give Virgin Media security analysts the opportunity to investigate these cases by registering them.  I have details which suggest that there are at least 5,000 affected Virgin Media accounts.

Yes, I think the real-time automated contacts-collection feature in OX App Suite may be playing a role in these cases.  Can you confirm that it is turned on in the web mail account by default?  Does it allow you to quickly export a full list of display names and email addresses found in the account?  These spammers have stolen not only email addresses but also display names.  

There are several common methods by which a spammer could obtain your password.  Virgin Media accounts receive many sophisticated phishing emails from spammers which are specifically designed to fool you into logging into a web site which looks like a Virgin Media web site and entering your Virgin Media user ID and password.  There is a long list of these which Virgin Media staff keep current on the Net Report web page if you scroll down, http://netreport.virginmedia.com/netreport/.  Think about whether you might have responded to one of these in the weeks before the spoofing started.

There are also suggestions that many with this problem might have had very simple passwords that the spammers could guess.  Virgin Media had a cluster of these spoofing cases for hacked accounts as well in 2011.  Published statements at the time suggest that Virgin Media thought that weak passwords played a role.  It is not clear if any particular analysis had been done for those cases in 2011 or if the response was simply an explanation of common methods by which passwords are stolen.

Research shows that about half of British internet users use the same password for multiple web sites.  If you have used your email address and email password as the login on any other web sites, then also be sure to change those passwords and make certain that the passwords differ from your current email password.

You do not need to continue to change your password and security question every time the spammers send a round of the spoofed spam. Instead, focus your energy on moving out of the Virgin Media email account.

Before the spoofing started, approximately how long had it been since you changed your email password?  One of the consistent findings for these cases is that a large portion of people with this problem (69 percent of 194 people) had not changed their email password for years.  That may suggest that the passwords in use on the accounts were not particularly strong.

These particular spammers are experts in fraud.  You'll find if you were to follow the links in the spam which is being sent under your name, that it leads to a fraudulent business.  Some are offering for sale miraculous pills for weight loss or memory enhancement or unbelievably fantastic get-rich-quick financial schemes.  Unfortunately, these businesses are surprizingly profitable for the spammers and so they are highly motivated to continue to send the spam.  Because they are experts at fraud, and if your cases is like others, you have not been able to work out how they were able to enter your account and steal a full list of email addresses and display names, I believe that anyone with this particular problem is vulnerable to financial fraud and identity theft.  To protect yourself, I suggest that you open a new free Gmail account and move your email operations there as quickly as is feasible.  Do not set your Virgin Media address as the account-recovery email address.  If you have a mobile device, then turn on two-step verification on the Gmail account in order to reduce the likelihood that someone other than you could log into the account simply by knowing your password.  Set a good long password on the account which does not contain words in any language forwards or backwards.  Virgin Media accounts only allow short passwords.  You'll be able to set a longer and therefore stronger one on a Gmail account.  As soon as you have established the new address, replace your Virgin Media address with the new one for any business or organization with which you have financial dealings.  If someone is able to access your Virgin Media account again, you do not want them to be able to use that account to reset passwords for other services such as online banking or purchases from eBay or Amazon, for example.  I know of one case of this spoofing where financial fraud has occurred, as well as three or four cases in which addresses which were not present in the account at the time when the spoofing began have subsequently started to receive spoofed spam, suggesting more than one round of account access.  Many people with this problem with Virgin Media accounts have found that Virgin Media has locked their accounts and changed the email passwords one or more times because Virgin Media is detecting unauthorized account access.

Indeed, poor customer service in response to these cases has aggravated many!  So much so that a Facebook group about this problem span out of this forum in December 2015 due to frustration with the responses and lack of accurate information provided by Virgin Media staff.   You'll find many others who have filed an assortment of formal and informal complaints there.

Consider your choice of email to be separate from the choice of internet provider.  If the other services from Virgin Media are worth having, then move your email to a better service.  Many who work in IT would recommend that you separate your email provider from your internet provider as a general practice to give you future flexibility.  There are also other current problems with the Virgin Media email system which are significant enough that it is worth moving to a better-run system, chiefly that a significant amount of legitimate email has not been delivered since August 2015.  You can see a summary of the many reports of that problem here,

http://wardinewrock.blogspot.com/2016/05/legitimate-emails-blocked-to-virgin.html

-Wrock

0 Kudos
Reply
  • 2
  • 0
  • 0
Matthew5
Joining in
117 Views
Message 3 of 3
Flag for a moderator

Re: Email Hijacking

Hello Wrock

Thank you for your response.  I am in the process of changing my email.  My password was complex and contained numbers and letters, but it still happened.  I have sent a number of net reports to virgin regarding the issue, as well as making numerous telephone calls and now a formal written complaint, but still nothing has happened.  A standard letter acknowledging the written complaint has been received, stating that they will contact us wtihin the next two weeks, but I do not hold out much hope of a resolution.

Many thanks again for your reply.

0 Kudos
Reply