on 20-04-2024 09:59
Last year I received a scam extortion email from my own Ntlworld account demanding bitcoin. The scammers included my virginmedia email account password. So they had obviously got it from a security breach somewhere. I immediately changed my passwords everywhere I could think of including for virginmedia and my ntlworld email. I had a long running battle with them over my facebook and microsoft accounts which I eventually secured.
I thought that would be the end of it but unfortunately yesterday I received another extortion scam email sent from my own email account. I can only assume that the scammers have kept an email client/web email open from the original breach.
I have generated the app password but I can see from my other devices that all my email clients remain logged in and have not asked me to change my password. I need to have my ntlworld account logged out of all and every client and webmail page that is currently connected but I can see no way of doing this.
I also tried to see if Mail Forwading had been setup on my ntlworld account but everytime I hit the button to check this I get the message that Unable to load your auto forward settings Try again later.
Please can somebody from Virginmedia assist in logging out all active connections and turning off any autoforwarding?
Answered! Go to Answer
20-04-2024 14:45 - edited 20-04-2024 14:45
Unless these miscreants included your current password it is likely they are spoofing your email address in these scam emails, read more here Email spoofing - Wikipedia
--
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Select Mark as Helpful Answer or 🖒 Kudos to say thanks
20-04-2024 14:45 - edited 20-04-2024 14:45
Unless these miscreants included your current password it is likely they are spoofing your email address in these scam emails, read more here Email spoofing - Wikipedia
--
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Select Mark as Helpful Answer or 🖒 Kudos to say thanks
on 20-04-2024 17:35
Hey there @WareingR Thanks for reaching out to us on the Virgin Media forums. 👋🏼
I'm so sorry to hear about the issues you are facing with the email and the security of this. 😢
Unfortunately we are not able to log out of any active sessions on the email nor are we able to remove auto forwarding as don't have access to the email setting itself directly.
We can either delete the email or change the password for you.
Let us know what you'd like to do going forward and we can assist on there. 😇
Kind regards,
Ilyas.
on 22-04-2024 09:18
Hi, I don't want to delete the account, I have already changed the password both for MyVirginMedia and for the Email clients.
I would like to check the Mail Forwarding settings for myself but everytime I hit the button for this option I get the message - Unable to load your auto forward settings Try again later.
I see quite a few other messages on the forum from people who cannot check/set this option. If you can fix this issue then I check the Forwarding myself.
on 23-04-2024 01:15
FYI auto-forward rule can also be accessed / managed via ⚙ > E-Mail > Filter Rules
28-04-2024 18:41 - edited 28-04-2024 18:42
There is now a button in the VM account settings to log out of all sessions-
This is better than just logging out normally as it will close all open sessions in all browsers/apps including the current one and will ensure if you have changed your password as well, the account should then be secure.
I have also had the 3 blackmail emails recently, wanting bitcoin payment including one from my own email address which was spoofed. One showed one of my old passwords from 2018, no longer valid.
These type of scam emails are best ignored and are dangerous.
More recent emails claim that a hacker has my data and provides links to click on which include files, and some emails just consist of random words.
It is probably better not to forward such emails to another address, perhaps start to use another free email service such as gmail.com, outlook.com, yahoo.com as your main email address, I have done that.
on 02-05-2024 11:02
SPOOFING-
Usually the VM spam filters will tag any unusual emails that may appear to be from your own email address. The sender is hiding their identity using this method, but often the sender name is random/unknown and may be valid or invalid.
Another variation is where the spam email sender may be from a similar address which could be your VM user name but with a domain such as hotmail.com, outloook.co,. gmail.com in the "from" field.
I sometimes also receive emails where the "to" field has the wrong address, or no address or a variation of my email address.
It seems emails can be made to grab your attention, and may look genuine if they are sent from a recognised user name which may be your own.
There are several situations that can give rise to this , the account password has been hacked/leaked, the email account has expired and then taken over by a hacker, the sender may just be spoofing using your own email address.to look as if you are hacked when in fact that is not the case.
Changing the VM account password and security question as well as the app password is wise if in any doubt, I often do that.
I have had old email accounts hacked in the past, probably because the passwords were not strong enough,and also in some cases email accounts are set up in your user name for unknown purposes, perhaps the hackers hide their true identity by using other people's email address's which could be either hacked or spoofed or even a fake account set up in your name.
So it is wise to check any unusual emails and not click on any links or bitcoin wallet links
My VM email is secure but get lots of strange emails all the time, but as it is a primary email can not be deleted.
on 03-05-2024 09:20
UPDATE- following blackmail emails on 19/12/2023, 10/02/2024, and 15/04/2024
I did have a phone call off VM on 19/4/2024 saying my VM email was hacked and a ticket opened, but I had not contacted VM so that was unusual.
I had recently updated my VM password on 14/4/2024 following problems logging out.
I noticed two verification codes were sent to my contact email on 20/04/2024 at 11.45pm which may have been a hacking attempt, but not sure how anyone would know the outlook email address as it is not widely used, but in addition to that the mobile phone connected to my contact email has had 2 hacking attempts on dates 7/04/2024 and also last night on 2/04/2024.
The hacker did not get into my VM account or my mobile account, but it just goes to show that hackers are actively trying to get into VM accounts and mobile phones, not sure if this activity is linked to the the blackmail emails, but obviously my ntlworld.com email has had some illegal activity going on recently, but this is not new and and have dozens of blackmail emails over a period of 8 years which I ignore and delete them.
So wise to keep a check on email verification notifications from VM and any verifications sent to mobiles that are not expected.
The security seemed good as the hacker failed and has no access to my outlook.com email I use to login to VM.
I will check phone my mobile account also.
03-05-2024 12:00 - edited 03-05-2024 12:04
CORRECTION-solved
The VM verifications had been sent by myself when changing my telephone memorable word, I forgot I had done that but found I had dated the change on 20/4//2024, so explained after all. However the phone password change attempts may not be related to VM but my phone account was secure anyway.
So my record keeping in my diary was able to explain the events, so wise to log any changes made for future reference as easy to forget these events.
The VM security using email verification codes for any changes or recovery seems to be secure and provided the email is secure it should keep hackers out. provided long secure passwords are used.
on 04-05-2024 13:23
Hey there @ALF28 👋🏼
Thanks for confirming everything is now resolved. 🙂
Do reach out to us in future with any other queries and we'll assist where we can.
Kind regards,
Ilyas.