Menu
Reply
  • 66
  • 1
  • 12
fatcontroller
Dialled in
744 Views
Message 1 of 8
Flag for a moderator

Hijacked email account - AGAIN!

I had been in contact with one of the staff team from this forum over the Christmas period about my emails being hacked into, and they very kindly carried out an investigation and found nothing (despite my email account being entirely cleared out).

Roll forward to the new year, and I find that people in my contacts were getting spammed with all sorts of emails with links, but more worryingly one of my colleagues was spammed with an email that showed the very same content of an email that I had sent him that morning! 

The password on the account was changed more than once pre-Christmas, and was changed immediately that my colleague flagged the email he had been sent to me.

I am running ESET anti-virus on my PC, with Malwarebytes as a second line of defence.  Belts and braces, I have fully formatted this PC and reinstalled Windows afresh just this week.  Mobile is running Avast anti-virus and Malwarebytes.

I did reply to the initial trail of PM's between the staff member and I, but have been reprimanded for doing so by the mod team (lovely bit of customer service there, eh?), so what am I to do?  Am I going to be forced to abandon the email address that I have had for almost 20 years?

0 Kudos
Reply
  • 2.29K
  • 84
  • 162
Forum Team
Forum Team
711 Views
Message 2 of 8
Flag for a moderator
Helpful Answer

Re: Hijacked email account - AGAIN!

Hi fatcontroller,

 

Sorry to hear of this. Have you changed your details since this has happened? 

 

Kind regards,

John_GS
Forum Team

Need a helpful hand to show you how to make a payment? Check out our guide - "How to pay my Virgin Media bill"

0 Kudos
Reply
  • 9.76K
  • 1.07K
  • 4.64K
Very Insightful Person
Very Insightful Person
694 Views
Message 3 of 8
Flag for a moderator
Helpful Answer

Re: Hijacked email account - AGAIN!

I have had a look at your past posts on this subject in December last year and the action that the Forum Team took:

https://community.virginmedia.com/t5/Email/Email-gone-All-of-it/m-p/3887739#M166248

The trail ends with a post from Jen_A asking you to reply to a PM. There is no evidence in that thread that you did so, but, course, you may have done so and had it replied to. But Jen_A would usually posted something about how the issue was concluded. And she hasn't. So as far as I can tell from your public posts the trail has gone cold. So we can't see what transpired. That is why the Forum will reprimand users for communicating about things via PM rather than using the public forum. Transparency and tracing are essential part of how this Community works.

Sensibly @John_GS  has asked if you have changed your details. Presumably your password and security questions.  But I think you'll think that this doesn't go far enough at this stage to resolve your issue. So let us see what further advice a member of the Community can offer.

There are several possibilities.

First of all a straight e-mail hijacking. In which case you need to follow the standard advice we give to all who appear to be experiencing this - the most crucial element of which is to check your web mail for any forwarding or filtering rules you didn't create and remove them:

https://www.virginmedia.com/help/virgin-media-mail-my-email-has-been-hacked

In addition you might wish to change your password again as John_GS has suggested.  You must never reuse a previous password or use one that is similar to the one you have just discarded.

Second you are victim of spoofing. In which case there is little you can do until the attack passes:

https://community.virginmedia.com/t5/Email/Email-Spoofing/td-p/2941294

Now we can tell the difference between spoofing and hijacking but it is technically complicated to do so - we'd have to look at the e-mail headers of the e-mail concerned. I don't want to go there yet until we have eliminated or worked on the basics.  But I am asking John_GS to have a look at the e-mail logs for your e-mail address to see if he can detect anything unusual. He'll need your e-mail address. You will be asked for it by PM. Do not send him any PMs until he asks (or you'll get your wrists slapped again!)

You've tackled the obvious issue of a malware infection. But please remember that there have recently been disclosed some massive leaks of of personal data from web sites you may have visited, disclosing all sorts of personal information. And some of your recipients may have had hijacking issues of their own which have lead to the disclosure of your information.

I've given you some more lines of thought to pursue. Let us know how you get on.

 



As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

Use Kudos to say thanks

Mark as Helpful Answer if I've helped



  • 66
  • 1
  • 12
fatcontroller
Dialled in
669 Views
Message 4 of 8
Flag for a moderator

Re: Hijacked email account - AGAIN!

Hello, and thanks to both of you for your replies.

I have changed my details a number of times now, and have checked for any forwarding rules that I did not set up (dead easy, as I have none at all), but I will check again once more.

I did have a feeling that this may have been some sort of data leak from somewhere, but cannot be sure - I did check on one of those websites (have I been pwned or something) and it suggested that there was a leak from a game site called BinWeavils, however this was a site my daughter had signed up to as a wee kid and she is now almost an adult.

Jen_A was very good, and actually called on the phone to get the permissions she needed to run the checks, and after that was done in December the details were changed once more.   We have had other problems such as repeated attempts to change the password on our Amazon account, which I intercepted and changed the email address on the account to my gmail account.

The one that perturbed me was the email that I sent to my work colleague last week - later that day, he had that same email forwarded to him with a spam link above, so I again changed my details - - twice, just for good measure.

I'll go now and check for forwards again, and then I will await a PM.

Cheers

0 Kudos
Reply
  • 1.02K
  • 132
  • 681
coenoby
Knows their stuff
656 Views
Message 5 of 8
Flag for a moderator

Re: Hijacked email account - AGAIN!


@fatcontroller wrote:

The one that perturbed me was the email that I sent to my work colleague last week - later that day, he had that same email forwarded to him with a spam link above, so I again changed my details - - twice, just for good measure.


I know this may sound strange Smiley Surprised  but I wonder whether it could be your work colleague (or maybe another individual who was cc'd on your original email) has had his or her email account hacked.

Hackers often set up rules in the email accounts that they access. In that way copies of all emails sent to that account are automatically forwarded to another email account the hackers control. Of course the owner of hacked account will be oblivious of this unless they happen to notice that a new rule has been set up.

If that is (or was) the case, then your original email to your work colleague would also have been sent to the hackers / spammers account which would explain how they could include it in a spam email to your colleague.

I cannot recall seeing this type of spam before but presumably including a copy of your email in the spam email was an attempt to convince your colleague  that it was actually a genuine email from yourself and encourage him to click on the link.

Might be worth asking your work colleagues to check their email accounts for any rules or auto forwards. Smiley Wink

Coeoby

 

 

*******************************
I am just another Virgin Media customer.
If someone posts a useful reply you can say thanks by clicking on the thumbs up sign in their post.
If someone posts a message that solves your problem it helps everyone if you mark their post as a Helpful Answer
Highlighted
  • 15.16K
  • 510
  • 1.85K
Forum Team (Retired) Jen_A
Forum Team (Retired)
609 Views
Message 6 of 8
Flag for a moderator

Re: Hijacked email account - AGAIN!

Hi fatcontroller,

This is a tricky one as the Spam your contacts are getting could be unrelated to you (unless the emails appeared to be from you?).

I'll happily take a look at the log data, as I did last time, to ensure there has been no untoward activity and have sent you a PM for details/dates.

Regards,


Jen
Forum Team



  • 66
  • 1
  • 12
fatcontroller
Dialled in
542 Views
Message 7 of 8
Flag for a moderator

Re: Hijacked email account - AGAIN!

Hello, and thanks for your PM - as I have been having minor disasters at my end I have not been able to reply until now, and your account will not now accept a PM in return

The emails that are being sent, portraying themselves as coming from my blueyonder account, but in actual fact are coming from various other accounts, and most simply contain a link that usually infers it is a scan of a pdf file.  The worrying part is that they contain subject lines of emails that I have sent in fairly recent history - indeed, my own GMail account was spammed by an email portraying to be from my blueyonder account only last Saturday - and the email had a subject line of an email that I had sent on the 16th February, yet I changed my password (again) when I wrote my original post here.

It seems that no matter what I do about changing my password, my sent mail is being intercepted somehow.  No other email account that I have is affected. I will change my password again, and I am in the process of moving stuff over to my GMail account (not sure I want to trust Virgin's email again!), but what else can I do in the meantime?  I am really reluctant to lose this email address as I have had it for such a long time.

 

0 Kudos
Reply
  • 855
  • 41
  • 87
Forum Team
Forum Team
525 Views
Message 8 of 8
Flag for a moderator

Re: Hijacked email account - AGAIN!

Hello fatcontroller, 

I'm sorry to hear this issue is ongoing. 

I have sent you a private message so we can assist further. 

 

Regards, 

 

Dean C

0 Kudos
Reply