!!

Guests can now post!

Welcome to Intelligent Answers.  As a guest, you are now able to post a question, subject to getting through our spam-bot filters.  However, if you want to answer any questions, you will need to register.  Thanks for visting!  (BTW - guests cannot post links, and if you post spam, we will block your IP and report you to every spam protection site we can find - we work hard to keep this site spam free for the benefit and enjoyment of our members!)

Author Topic: Email problem.  (Read 1251 times)

Offline antonymous

  • Perpendicular Galileo Galilei
  • Founder
  • Marie Curie
  • *
  • Thank You
  • -Given: 92
  • -Receive: 133
  • Posts: 2016
  • Helpfulness: 168
  • "We're all bankers now!"
    • Antonymous2011 Flickr Page
Email problem.
« on: 08 August, 2010, 11:46:42 AM »
My sister has two email accounts, Google and Hotmail. Most of her contacts are in Google, and she only uses hotmail for purchases but just one of her friends uses hotmail(??)
Yesterday that friend received an email, that appears to be a phishing scam purportedly from my sister.
She mailed back asking what it was about, and then my sister received a delivery delay notice from hotail regarding this exchange- whats going on?  what to do? ???
“Sometimes the questions are complicated and the answers are simple. Sometimes it'svice versa"

Offline siasl

  • Founder member who you can't insult as I'm too ignorant.
  • Administrator
  • Chancellor
  • *****
  • Thank You
  • -Given: 122
  • -Receive: 85
  • Posts: 5306
  • Helpfulness: 129
  • Intelligence is soluble in alcohol <hic>
Re: Email problem.
« Reply #1 on: 09 August, 2010, 09:43:12 AM »
If she clicked "Reply" on the received phishing email, then it may be that the servers have held it up to be examined as a possible phish itself. Alternatively, it may be that your sister's email account is nearing its limits, and so the servers have delayed delivery of the message (unlikely), or there may be a server problem.

Depending on how the original phish was sent, it may be that your sister's hotmail account has been compromised - I know hotmail has had some security failings in the past that have led to accounts being hijacked, but then I assume that she can still get in to her hotmail account so that may not be the case (might be wise to change password, anyway)

Offline antonymous

  • Perpendicular Galileo Galilei
  • Founder
  • Marie Curie
  • *
  • Thank You
  • -Given: 92
  • -Receive: 133
  • Posts: 2016
  • Helpfulness: 168
  • "We're all bankers now!"
    • Antonymous2011 Flickr Page
Re: Email problem.
« Reply #2 on: 09 August, 2010, 10:56:25 AM »
If she clicked "Reply" on the received phishing email, then it may be that the servers have held it up to be examined as a possible phish itself. Alternatively, it may be that your sister's email account is nearing its limits, and so the servers have delayed delivery of the message (unlikely), or there may be a server problem.

Depending on how the original phish was sent, it may be that your sister's hotmail account has been compromised - I know hotmail has had some security failings in the past that have led to accounts being hijacked, but then I assume that she can still get in to her hotmail account so that may not be the case (might be wise to change password, anyway)

Thanks, she is very worried about this incident and a two further occurences since. I've run several different virus scans which have not detected any internal threat. She will change her password and see if it clears the problem. ;)
“Sometimes the questions are complicated and the answers are simple. Sometimes it'svice versa"

Wumpus

  • Guest
Re: Email problem.
« Reply #3 on: 09 August, 2010, 12:31:07 PM »
The phisher will probably have placed a misleading "reply" button or link in the original email.
Email sent using this link could go to wherever the original phisher wanted, or possibly nowhere.

The only way to be sure of a link is to "hover" your mouse over the link/button, you can see where it REALLY goes by looking at the status bar at bottom-left.

The scammer will probably have set alternative text to be displayed (hover over the turquoise IA menu bar items above to see what I mean). 

Most likely is that the phisher has coded alternate text, and the real link points to a particular IP address (rather than a recognisable site).  It will probably also have a unique identifier which can be used to identify the original phishing attempt.

When your sister clicks the link, the site at the IP address gets a request for a file, along with the identifier which it can log.
So your sister has effectively confirmed to the phishing scammer that he is sending to a live email address, and will continue to keep trying different phishing attempts until stopped. 

It sounds like the site is probably set up to look like hotmail, in which case it would also have requested userid and password info. 
By filling these in, she's given the phisher access to her hotmail account - userid and password.

She needs to log on DIRECTLY to the hotmail server (not via any links in emails) and change her password immediately, before the phisher goes in and does it for her, blocking her out of the account.

Unfortunately, the phisher WILL keep sending to her address because he knows it's a live one.
He may also pass on the address to other criminals, for further scam/spam attempts.
The only real defence against this is to set up a new account and abandon the old one.

If the phisher has already accessed the account (possibly automatically/immediately) he may already have downloaded the list of all her contacts, in which case they'll all start getting spam/phishing email too.

Clicking on links within emails from suspect sources is VERY BAD.  Do not do it.

Ain't the internet fun?