• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

spam email with my password in the to: Field!!

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Anonymity // Privacy // Spam

View previous topic :: View next topic  
Author Message
subby
Just Arrived
Just Arrived


Joined: 16 Feb 2008
Posts: 0


Offline

PostPosted: Sat Feb 16, 2008 12:11 am    Post subject: spam email with my password in the to: Field!! Reply with quote

hi all, this is my first post on these forums. I consider myself to be an advanced techie. however I am stumped with my current situation.

I am getting quite a few spam emails lately with my password (which is not easily guessable) in the to field @ my domain, alongside my actual email address. i.e. lets say my password was "zxcv7890", then this would appear in the email "to" field : subby@mydomain.com; zxcv7890@mydomain.com. The emails always change what content is in them, and who it is from.

Now, I cannot for the life of me think how this is possible...are there any viruses or spyware etc that are sending emails this way? Let me know if I am not making sense with this, and I will try explain further.

thanks in advance!
Back to top
View user's profile Send private message
White Scorpion
Just Arrived
Just Arrived


Joined: 19 Sep 2003
Posts: 5
Location: The Netherlands

Offline

PostPosted: Sun Feb 17, 2008 12:47 pm    Post subject: Reply with quote

A few questions that pop up:

- Is it an online free webservice you are using?
- what happens if you change your password?
- what does the headers imply? Where do the emails originate from?
- Does the TO field contain multiple email addresses / passwords?
- Are you always using the same computer? (Perhaps public terminal?)
Back to top
View user's profile Send private message Send e-mail Visit poster's website
subby
Just Arrived
Just Arrived


Joined: 16 Feb 2008
Posts: 0


Offline

PostPosted: Wed Feb 20, 2008 12:44 am    Post subject: Reply with quote

it is not an "online free" email address, it is from one of the domains I run.

I have just changed my password, will monitor to see whether this starts coming through too (so far emails are still coming in as before, with my old password)

the headers are variable. The "from" field is spoofed, but I get various ip's in the header. The from field tends to be business addresses, not personal type addresses.

the "to" field normally has my main email address, and the cc contains a secondary email I use, then my password @mydomain.com.

I don't access public terminals.

Here is an example header (one I received tonight). Obviously, I have removed my personal info. I replaced my domain with "thedomain.com", my secondary email with "secondaryjoe", my primary email with "joe", and my password with "mypassword". (everything I modified, is in bold)

Return-Path: <joannupsetfield@cafepress.com>
Delivered-To: joe@thedomain.com
Received: (qmail 88685 invoked by uid 89); 19 Feb 2008 21:13:12 +0000
Received: from unknown (HELO winpc) (123.123.123.123)
by mail.thedomain.comwith SMTP; 19 Feb 2008 21:13:12 +0000
Received: from localhost (localhost.localdomain [127.0.0.1])
by host60262564.cafepress.com (8.13.1/8.13.1) with SMTP id 5szxccRz75.818904.Pqk.sOe.3192654129555
for <secondaryjoe@thedomain.com>; Tue, 19 Feb 2008 23:12:25 -0200
Message-ID: <06c701c8733c$37597260$0601a8c0@winpc>
From: "Audrey Pierson" <JoannupsetField@cafepress.com>
To: <secondaryjoe@thedomain.com>
Cc: <joe@thedomain.com>,
<mypassword@thedomain.com>
Subject: Your health
Date: Tue, 19 Feb 2008 23:12:25 -0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_06C3_01C8733C.37597260"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
Back to top
View user's profile Send private message
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Wed Feb 20, 2008 4:16 am    Post subject: Reply with quote

Have you reused the same password on some other place? Some forum, website, etc. If so, I'd strongly suspect that place to be behind this (using their database for spam), or at least related (e.g. having sold their database or having been compromised by attackers).
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Anonymity // Privacy // Spam All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register