cancel
Showing results for 
Search instead for 
Did you mean: 

NTL Email account comprimised / hacked

WareingR
Tuning in

Last year I received a scam extortion email from my own Ntlworld account demanding bitcoin. The scammers included my virginmedia email account password. So they had obviously got it from a security breach somewhere. I immediately changed my passwords everywhere I could think of including for virginmedia and my ntlworld email. I had a long running battle with them over my facebook and microsoft accounts which I eventually secured.

I thought that would be the end of it but unfortunately yesterday I received another extortion scam email sent from my own email account. I can only assume that the scammers have kept an email client/web email open from the original breach.

I have generated the app password but I can see from my other devices that all my email clients remain logged in and have not asked me to change my password. I need to have my ntlworld account logged out of all and every client and webmail page that is currently connected but I can see no way of doing this.

I also tried to see if Mail Forwading had been setup on my ntlworld account but everytime I hit the button to check this I get the message that Unable to load your auto forward settings Try again later.

Please can somebody from Virginmedia assist in logging out all active connections and turning off any autoforwarding?

1 ACCEPTED SOLUTION

Accepted Solutions

用心棒
Very Insightful Person
Very Insightful Person

Unless these miscreants included your current password it is likely they are spoofing your email address in these scam emails, read more here Email spoofing - Wikipedia

-- 
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Select Mark as Helpful Answer or 🖒 Kudos to say thanks

See where this Helpful Answer was posted

9 REPLIES 9

用心棒
Very Insightful Person
Very Insightful Person

Unless these miscreants included your current password it is likely they are spoofing your email address in these scam emails, read more here Email spoofing - Wikipedia

-- 
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Select Mark as Helpful Answer or 🖒 Kudos to say thanks

Ilyas_Y
Forum Team
Forum Team

Hey there @WareingR Thanks for reaching out to us on the Virgin Media forums. 👋🏼

I'm so sorry to hear about the issues you are facing with the email and the security of this. 😢
Unfortunately we are not able to log out of any active sessions on the email nor are we able to remove auto forwarding as don't have access to the email setting itself directly.

We can either delete the email or change the password for you.
Let us know what you'd like to do going forward and we can assist on there. 😇

Kind regards,
Ilyas. 
 

Ilyas_Y
Forum Team

New around here? Check out the do's and don'ts, in our Community FAQs


Hi, I don't want to delete the account, I have already changed the password both for MyVirginMedia and for the Email clients.

I would like to check the Mail Forwarding settings for myself but everytime I hit the button for this option I get the message - Unable to load your auto forward settings Try again later.

I see quite a few other messages on the forum from people who cannot check/set this option. If you can fix this issue then I check the Forwarding myself.

用心棒
Very Insightful Person
Very Insightful Person

FYI auto-forward rule can also be accessed / managed via ⚙ > E-Mail > Filter Rules
2024-04-23.jpeg

ALF28
Super solver

There is now a button in the VM account settings to log  out of all sessions-

Sign out across all signed in devices

This is better than just logging out normally as it will close all open sessions in all browsers/apps including the current one and will ensure if you have changed your password as well, the account should then be secure.

I have also had the 3 blackmail emails recently, wanting bitcoin payment including one from my own email address which was spoofed. One showed one of my old passwords from 2018, no longer valid.

These type of scam emails are best ignored and are dangerous. 

More recent emails claim that a hacker has my data and provides links to click on which include files, and some emails just consist of random words.

It is probably better not to forward such emails to another  address, perhaps start to use another free email service such as gmail.com, outlook.com, yahoo.com as your main email address, I have done that.

 

SPOOFING-

Usually the VM spam filters will tag any unusual emails that may appear to be from your own email address. The sender is hiding their identity using this method, but often the sender name is random/unknown and may be valid or invalid.

Another variation is where the spam email sender may be from a similar address which could be your VM user name but with  a domain such as hotmail.com, outloook.co,. gmail.com in the "from" field.

I sometimes also receive emails where the "to" field has the wrong address, or no address or a variation of my email address.

It seems emails can be made to grab your attention, and may look genuine if they are sent from a recognised user name which may be your own.

There are several situations that can give rise to this , the account password has been hacked/leaked, the email account has expired and then taken over by a hacker, the sender may just be spoofing using your own email address.to look as if you are hacked when in fact that is not the case.

Changing the VM account password and security question  as well as the app password is wise if in any doubt, I often do that.

I have had old email accounts hacked in the past, probably because the passwords were not strong enough,and also in some cases email accounts are set up in your user name for unknown purposes, perhaps the hackers hide their true identity by using other people's email address's which could be either hacked or spoofed or even a fake account set up in your name.

So it is wise to check any unusual emails and not click on any links or bitcoin  wallet links

My VM email is secure but get lots of strange emails all the time, but as it is a primary email can not be deleted.

 

UPDATE- following blackmail emails on 19/12/2023, 10/02/2024, and 15/04/2024

I did have a phone call off VM on 19/4/2024 saying my VM email was hacked and a ticket opened, but I had not contacted VM so that was unusual.

I had recently updated my VM password on 14/4/2024 following problems logging out.

I noticed two verification codes were sent to my contact email on 20/04/2024 at  11.45pm which may have been a hacking attempt, but not sure how anyone would know the outlook email address as it is not widely used, but in addition to that the mobile phone connected to my contact email has had 2 hacking attempts on dates   7/04/2024 and also last night on 2/04/2024.

The hacker did not get into my VM account or my mobile account, but it just goes to show that hackers are actively trying to get into VM accounts and mobile phones, not sure if this activity is linked to the the blackmail emails, but obviously my ntlworld.com email  has had some illegal activity going on recently, but this is not new and and have dozens of blackmail emails over a period of 8 years which I ignore and delete them.

So wise to keep a check on email verification notifications from VM and any verifications sent to mobiles that are not expected.

The security seemed good as the hacker failed and has no access to my outlook.com email I use to login to VM.

I will check phone my mobile account also.

CORRECTION-solved

The VM verifications had been sent by myself when changing my telephone memorable word, I forgot I had done that but found I had dated the change on 20/4//2024, so explained after all. However the phone password change attempts may not be related to VM but my phone account was secure  anyway.

So my record keeping in my diary was able to explain the events, so wise to log any changes made for future reference as easy to forget these events.

The VM security using email verification codes for any changes or recovery seems to be secure and provided the email is secure it should keep hackers out. provided long secure passwords are used.

Hey there @ALF28 👋🏼

Thanks for confirming everything is now resolved. 🙂
Do reach out to us in future with any other queries and we'll assist where we can.

Kind regards,
Ilyas.

Ilyas_Y
Forum Team

New around here? Check out the do's and don'ts, in our Community FAQs