Hi there @ALF28

Thank you so much for post and I'm so sorry for any confusion.

pay as you go sims deactivate if they're not used for a chargeable call, text or data transaction at least once every 90 days. As long as you keep a bit of credit on it, and sends a text or makes a call once every 3 months it wont deactivate. 

Thank you

UNUSUAL ACTIVITY- HACKING?- no 2FA- virgin email is insecure from hackers?

I noticed today that there was a small change to my virgin email folders- a named folder-tesco  with email files was moved to become a sub folder of another more recent folder, so I had to create this tesco folder again and copy all the emails back to the new replcement folder I created.

In order for this change to happen, the sub folder would need to be created and files moved into it, so not likely it was a mistake.

As I maintain my folders carefully almost daily, this was an unusual change so it is possible another person has access and moved this folder to get my attention for some reason?

So it remains unexplained, so a hacker may have been in my email unless it is by virgin?

Also recently my filtering behaved unusual with a group of emails (4) were copied to two wrong folders in the last few days.

As the email/account has no 2 facor authentication, it could be a hacker/pranker or somone with privaleges for access?

I am baffled to find this but no way of knowing if it is a mistake by me or meddling by others, I think I would have noticed if I had a sub folder as they are indented  (-) and as I never use them, although it is possible to put a folder in the wrong place, I can not ever rember doing this in the past and the tesco file has been there a long time much longer than the newer folder to which it became a sub folder.

I do not consider this virgin email to be "secure" and now use other emails, there have been some  previous occasions, when changes occur that I do not recognise and I have posted previously regarding emails moving to wrong folders, although this could be due to filter malfunctions which do occur, and filter settings need careful setting up. This is the first time I have had a folder that seemed move to become a sub folder.

I have just changed my virgin password to be on the safe side.

P.S.  my suspicions are backed up without any doubt, as I checked my email settings and the  filter for the tesco folder and the action -filter -was blanc - so the tesco folder was removed (moved to be a sub folder of a different named folder) so I now have called it tesco2, the original tesco folder is now a sub folder.

alf28

Moving virgin email folders-

An email folder can be moved by selecting options-move and select the email folder to move to. I was not aware that the command exisited so not likely I would use the command. As I have not used the tesco email folder for along time, I would not have moved the folder, the last email in my tesco email folder was a spam, a  fake tesco email back in july. I have moved my tesco account to another email a few years back, so this was a redundant folder kept for records. Tesco was hacked along with boots and I had to recover the accounts some time ago.

The time to edit a post is "too short" so I have done this extra post relating to the previous post.

alf28

ANOTHER SUB FOLDER JUST APPEARED now -source of this now known-Thunderbird.

This was an old folder and had been placed as a sub folder in another folder, repeating what happened before.

This was happening via mozilla thunderbird email , which is on my computer but should not have been active as it requires password access and my virgin password changed twice in two days.

So the thunderbird was making changes to my email without me knowing and not logged into thundbird- amazing could be a hacker?

Thunderbird has it's own server so must have been linking to virgin imap server.

Two other emails of mine also show connections to thunderbird (although removed) the servers are still linked to the email smpt, one is a virgin secondary email, the other is one of my alternative emails.

I have saved the folders in thunderbird with printscreen and plan to remove the virign account and remove thunderbird from my two laptops.

I am suprised that this is possible, that virgin can allow changes from thunderbird even though I have it password protected and have not used it for months, so some else may be using my login credentials even though I change them they know the new passswords.

This explains a lot, and perhaps virgin need to explain how this can happen??, 

The thunderbird email folders were out of date, so perhaps the hacker could only change the thunderbird version and then upload those changes to the virigin imap email server even though I was not logged into thunderbird.

It could be the hacker was making changes to my folders and emails and using the account for data theft etc, but I do not use this email much now so should be ok. I am perhaps more concerned that thunderbird links to other emails and the emails connected with my virgin media online account are used for social media and on 25/9/21 two attempts to get into facebook acount and a "gaming profile" set up in  another email  (not linked to virign) which was I have removed.

Possibly a rogue hacker is going through all my emails/links and seem to have all my emails listed in my virgin media account and can get access even if I change my password so they must have access to virgin data/emails  somehow.

Any advice from Virgin forum  on this, or an expert member.

If I remove from from thunderbird my email  -virgin account and remove the software will this solve the situation.?

I will change password on all linked accounts, and have already done some of them.

There should be 2FA available it is standard with many services now.

P.S.  update-I have now removed all thunderbird email accounts and will now delete the software.

alf28

UPDATE -folders-issues.

My folders are normal today since I removed  thunderbird form both laptops, having deleted the accounts first, and now just using the virign web-mail only, I think the syncronisation with email clients does not always work as the archive folder would not dispay, they can change folder names like trash become junk etc., and wrong date stamps most of the time.

Also there are restrictions with thunderbird, some things such as new folders may be on thuderbird but not on the virgin server for instance.

One thing that is a nuisance in virgin email is the sub folders do not show unless you click the small symbol left of the folder, so in normal viewing they can be there but sometimes do not show, or suddenly start showing.

I am still not sure why my folders seemed to change recenty, but I have now made a log of all my folders, and there are 82 in use, plus a redundant gmail  which has 7 folders all empty so 89 folders total. 

It is hard to keep track of an old email that has so many folders, but most are just kept for records in case I need to check old emails.

My email is working perfectly and filtering is working well today, so I will monitor for any changes.

I have 40 email filters and will check they are working correctly, mostly to control spam emails by filtering and aslo whitelisting, blacklisting etc.

The imap enables any email client to view emails on the server if the pasword is known, folders can be switched off in imap settings but they no longer display in web mail, so no advantage to switching off imap. 

I use a strong password  so it  is very unlikely anyone could guess that, unless it was leaked, so I hope all is secure and will post if any more strange things happen, but as I got zero replies to my last few posts, I presume it is not easlily answered or to be certain if it is glitches or a hacker had a leaked password and was meddling, but with a changed password that should ensure no illegal access.

It is possible email clients store your virgin password and that could possibly be hacked from a third part email client, thunderbird is free but no longer maintained by mozilla but should be secure?. I do not think my laptops have any trojan which is the other way that passwords can leak, all antivrus scans are always clear.

alf28

Hi ALF28

Thank you for your posts to the Community. 

It definitely seems like you have had quite the experience with your email account and I am glad to hear there has been no more unusual activity since you made the adjustments. 

Our advice to ensure your account is secure is to do exactly what you have done in terms of ensuring your password is strong and only something you would know. We would also recommend regular virus scans on all devices that hold the email account. 

If you notice any further unusual activity following the changes, please do let us know. 

Thanks 

Thanks for the advice.

Since removing my thunderbird email client and my accounts with them, and changing my password I have had no unusual issues and no unusual spam email.

While doing a tidy up of my emails and folders I noticed a few odd spam emails where they appeared to be "from myself with my own  Ip address" in 2019 and 2021 and may have been spoofed or a hacker was sending from my own computer which seems impossible but may have been a forged forwarded email to make it look if I have sent the spam myself, but they knew my ip address to do this.

The problems may have been related to thunderbird which has had a recent update to fix exploits.

MFSA2021-36 Thunderbird: Security Vulnerabilities fixed in Thunderbird 91 (CVE-2021-29981) (rapid7.c...

Mozilla Releases Security Update for Thunderbird | CISA

I have also had a notice from have I been pwned that my virign email is on another hacked list in 2021-

LinkedIn Scraped Data – 125,698,496 breached accounts | IT Security News

Although I have changed my email address with linkedin, the probably have my old one still recorded.

alf28

Update-trojan found in thunderbird folder.

Although my thunderbird email client was removed, some files remained under windows/users/appsdat/roaming/thunderbird and a recent scan showed a trojan in an email folder dating back to june. This trojan which uses html worked via  a browser to provide data to remote connecions and aslo could alter processes on the computer.

The email folder name was  that of a  known past contact, but the email was spoofed (fake) and not from the known contact. and I had a few spoofed emails  dating back to 2018 and earlier from same contact/hacker, some earlier oned deleted.

A my virgin email settings was set for  html to be switched off in virgin mail, it should be safe, but html may have activated in my thunderbird email client to give out passwords and other data like a back door.

Aslo I have noticed it is possible for some emails to bypass html/image blocking and can display images even when images or html is turned off, these are rare but had one recently.

I am checking my computers with safety scans to ensure they are clean, but the trojan was not detected by windows security but found by another antivirus product scan which removed the trojan, but the trojan may have been there at least for 3 months.

The scam email in june 20201 that caused the problem has been deleted out to be safe.

It is best to delete out all spam or move to the spam folder and do not click on it. I think web mail is safer as in the case of thunderbird it stores the email content on the computer hard drive so any dodgy code is on the hard drive.

The trojan was also identified as a "new one" linked to zero day/ransomeware attacks and takeover of applications.

alf28