Posted: Sat Feb 16, 2008 12:11 am Post subject: spam email with my password in the to: Field!!
hi all, this is my first post on these forums. I consider myself to be an advanced techie. however I am stumped with my current situation.
I am getting quite a few spam emails lately with my password (which is not easily guessable) in the to field @ my domain, alongside my actual email address. i.e. lets say my password was "zxcv7890", then this would appear in the email "to" field : firstname.lastname@example.org; email@example.com. The emails always change what content is in them, and who it is from.
Now, I cannot for the life of me think how this is possible...are there any viruses or spyware etc that are sending emails this way? Let me know if I am not making sense with this, and I will try explain further.
Joined: 19 Sep 2003 Posts: 5 Location: The Netherlands
Posted: Sun Feb 17, 2008 12:47 pm Post subject:
A few questions that pop up:
- Is it an online free webservice you are using?
- what happens if you change your password?
- what does the headers imply? Where do the emails originate from?
- Does the TO field contain multiple email addresses / passwords?
- Are you always using the same computer? (Perhaps public terminal?)
it is not an "online free" email address, it is from one of the domains I run.
I have just changed my password, will monitor to see whether this starts coming through too (so far emails are still coming in as before, with my old password)
the headers are variable. The "from" field is spoofed, but I get various ip's in the header. The from field tends to be business addresses, not personal type addresses.
the "to" field normally has my main email address, and the cc contains a secondary email I use, then my password @mydomain.com.
I don't access public terminals.
Here is an example header (one I received tonight). Obviously, I have removed my personal info. I replaced my domain with "thedomain.com", my secondary email with "secondaryjoe", my primary email with "joe", and my password with "mypassword". (everything I modified, is in bold)
Received: (qmail 88685 invoked by uid 89); 19 Feb 2008 21:13:12 +0000
Received: from unknown (HELO winpc) (126.96.36.199)
by mail.thedomain.comwith SMTP; 19 Feb 2008 21:13:12 +0000
Received: from localhost (localhost.localdomain [127.0.0.1])
by host60262564.cafepress.com (8.13.1/8.13.1) with SMTP id 5szxccRz75.818904.Pqk.sOe.3192654129555
for <firstname.lastname@example.org>; Tue, 19 Feb 2008 23:12:25 -0200
From: "Audrey Pierson" <JoannupsetField@cafepress.com>
Subject: Your health
Date: Tue, 19 Feb 2008 23:12:25 -0200
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
Joined: 21 Sep 2003 Posts: 16777097 Location: Portugal
Posted: Wed Feb 20, 2008 4:16 am Post subject:
Have you reused the same password on some other place? Some forum, website, etc. If so, I'd strongly suspect that place to be behind this (using their database for spam), or at least related (e.g. having sold their database or having been compromised by attackers).
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum