Menu
Reply
Highlighted
  • 50
  • 0
  • 0
JohnOrrett
On our wavelength
398 Views
Message 1 of 20
Flag for a moderator

Bounces back from my hacked Blueyonder email

Hi, my Instagram was recently hacked by someone from Russia. Don't ask me how, 2 factor authentication, but Instagram allowed my details to be changed from a male with a UK domain to Veronika with a ru domain. Instagram were a total waste of space. Don't ask! I have since deleted the account.

My primary Blueyonder email was on the account. Today I received several mailer-daemon auto replies saying that my message could not be delivered. These were not emails that I had sent. I presume someone is spoofing my account but I am getting the bounce backs.

Is there any way to stop this happening? I don't particularly want to change my primary address and would imagine that they do not have access to my account and therefore contacts, but are bombarding mailing lists with my address.

Many thanks, John

 

0 Kudos
Reply
  • 562
  • 26
  • 36
Forum Team
Forum Team
391 Views
Message 2 of 20
Flag for a moderator

Re: Bounces back from my hacked Blueyonder email

Hello JohnOrrett

 

Thank you for posting your query, sorry to hear of the recent issues with your instagram account and the impact on your emails. Have you tried resetting the password for he email address to see if this resolves the issue?

 

You can log in to My Virgin Media and update their password and security question. When changing the account password, we recommend choosing a 'strong' password to improve the security of their account. Strong passwords are relatively long (more than 6 digits).

 

Let us know if this helps

 

Rob

0 Kudos
Reply
  • 50
  • 0
  • 0
JohnOrrett
On our wavelength
389 Views
Message 3 of 20
Flag for a moderator

Re: Bounces back from my hacked Blueyonder email

Hi Rob, the Instagram password was different to my Blueyonder one. They did not have access to that password anyway, hence contacting Instagram to have it reset as a 'forgotten password'.

I have checked my VM mail settings online, and no forwarding has been set up. I also have a fully paid Malwarebytes subscription, which reports nothing untoward.

I do not believe the emails are originating from my account, but it is being spoofed, but not sure why I am getting the bounce backs rather than the git who hacked me.

 

Thanks, John

 

0 Kudos
Reply
  • 562
  • 26
  • 36
Forum Team
Forum Team
381 Views
Message 4 of 20
Flag for a moderator

Re: Bounces back from my hacked Blueyonder email

It is very strange John, i'll get this ran by our technical support to see if there is a way to check if a duplicate has been set up or is being used.

 

I'll get back to you here as soon as I have an update.

 

Rob

0 Kudos
Reply
  • 50
  • 0
  • 0
JohnOrrett
On our wavelength
321 Views
Message 5 of 20
Flag for a moderator

Re: Bounces back from my hacked Blueyonder email

Hi Rob,

 

Any update please?

0 Kudos
Reply
  • 562
  • 26
  • 36
Forum Team
Forum Team
300 Views
Message 6 of 20
Flag for a moderator

Re: Bounces back from my hacked Blueyonder email

I'm going to send you a Private Message as they have requested further information from you.

 

Rob

0 Kudos
Reply
  • 50
  • 0
  • 0
JohnOrrett
On our wavelength
289 Views
Message 7 of 20
Flag for a moderator

Re: Bounces back from my hacked Blueyonder email

Hi Rob it says I have reached the limit for my number of pm's.
Thanks, John
0 Kudos
Reply
  • 50
  • 0
  • 0
JohnOrrett
On our wavelength
274 Views
Message 8 of 20
Flag for a moderator

Re: Bounces back from my hacked Blueyonder email

Hi all,

This issue has not yet been resolved. Can any gurus help? 

 

0 Kudos
Reply
  • 931
  • 112
  • 624
coenoby
Well-informed
253 Views
Message 9 of 20
Flag for a moderator
Helpful Answer

Re: Bounces back from my hacked Blueyonder email


@JohnOrrett wrote:

Can any gurus help? 


I never claim to be a guru but I can give you the benefit of my experience if you like.Smiley Wink

Your account has either been "spoofed" which means that the spammer has simply been forging your email address in the "from" or "Reply to" fields of the messages.

Or your email account has been compromised which means that the spammers are sending the messages through the VM email servers with your email address as the sender and using your password to authenticate the message. You will not see any evidence of this in your account but if there are a lot of non delivery messages VM should become aware that the account has been compromised and they will lock your account to prevent further spam being sent.

If the messages are simply being spoofed then I am sorry to say that there is nothing that can be done to stop it. Even if you delete the email account it will not stop the spammers using your address in future, the only thing is that you will no longer see the non delivery reports. In my experience they do usually give up after a short while.

If your account has been compromised you can take action to prevent the spammers continuing to use the account. You must follow all the instructions here: https://www.virginmedia.com/help/virgin-media-mail-my-email-has-been-hackedQuestion:

There is a way to tell for certain whether the email address is being spoofed or has been hacked.

You need to view the email headers of one of these returned emails and look for the following text:
X-Originating-IP followed by your public IP address
X-Authenticated-User followed by your email address

Or:

X-SourceIP followed by an IP address beginning 172.xxx.xxx.xxx
X-Authenticated-Sender followed by your email address

If neither of these are present in the email header of the email then your email address is being spoofed.

FYI, to view the email header (also known as "source") for an email, sign into your VM Webmail account:

select one of the returned messages
select (that is the red icon not the black one located top right) and then click on "View source" from pop-up menu. You can then search for the text I highlighted above.

If VM have not locked your account,  I suspect that you are right that your account has just been spoofed rather than hacked. However, I would still go follow the instructions in the link and change your password and security questions just to be safe.

Coenoby

 

*******************************
I am just another Virgin Media customer.
If someone posts a useful reply you can say thanks by clicking on the thumbs up sign in their post.
If someone posts a message that solves your problem it helps everyone if you mark their post as a Helpful Answer
  • 50
  • 0
  • 0
JohnOrrett
On our wavelength
248 Views
Message 10 of 20
Flag for a moderator

Re: Bounces back from my hacked Blueyonder email

Hi Coenoby,

Many thanks for your comprehensive response. Apart from the initial batch of bounce messages, I have not had any since. Looking at the headers, the X-Originating-IP starts [191]. My IPv4 Address is different. X-Authenticated-User is my email address. All of the 'From' entries are different names, with my email address in brackets. Hopefully they have just spoofed my email in that case.

This all started when my Instagram account was hacked; however, this week I received a code from Amazon via 2 factor authoristaion email, so they have obviously tried to access that, and will probably try other sites as well. I have changed the passwords on all, made sure 2 factor authentication is on wherever possible, and removed all bank cards from Amazon, eBay etc to be on the safe side.

Thank you for the benefit of your experience, much appreciated Smiley Wink

John

0 Kudos
Reply