CraigsList email scammers suck!!!

[A930Rocket]

I responded to a couple of item listing drill presses and now I've gotten two emails sent from my email account to my daughter and another email account I have.

All I can think is they got my account info through the email I sent?

I've run scans on on my computer and no results

Besides changing my password, is there anything else I can do?

[Zeke]

There have been a lot of hacks. Someone sent email to me from a relative's account regarding things that are not PG13. Needless to say, SHE was pissed.



(Or maybe.... )

[masraum]

99 times out of 100 when you receive an email from someone that you know that's spam/virus/whatever, the email didn't actually get sent from their account. Most of the time, someone that has your email address in their address book got hit by a virus/worm/etc... that mined your address from their address book. The email comes from X, but they put Y as the source email to make it look more friendly. Your account (or family members) probably has not actually been hacked.

I can send an email and make it look to most folks like it's coming from anyone any where (unless you know how to look at the real source).

[stealthn]

Do you mean your address was the return address, or they hacked your email and actually sent it from there? Remeber you should never have preview turned on as you can get breached by just previewing an email.

[stomachmonkey]

Quote:

Originally Posted by masraum

99 times out of 100 when you receive an email from someone that you know that's spam/virus/whatever, the email didn't actually get sent from their account. Most of the time, someone that has your email address in their address book got hit by a virus/worm/etc... that mined your address from their address book. The email comes from X, but they put Y as the source email to make it look more friendly. Your account (or family members) probably has not actually been hacked.

I can send an email and make it look to most folks like it's coming from anyone any where (unless you know how to look at the real source).

Yup,

I used to send myself emails all the time. Always made me chuckle.

[A930Rocket]

Yes, the "from" name is my prefix to my email address. What's unusual is it has two if my email addresses and my daughter. Besides my wife and son, I don't think anyone has our two email addresses on their contact list. She and my son both use Mac books, while my wife and I use windows laptops if that matters.

[stomachmonkey]

Quote:

Originally Posted by A930Rocket

Yes, the "from" name is my prefix to my email address. What's unusual is it has two if my email addresses and my daughter. Besides my wife and son, I don't think anyone has our two email addresses on their contact list. She and my son both use Mac books, while my wife and I use windows laptops if that matters.

I should pull a log from one of my servers for you.

When someone is trying to compromise mail accounts you'll see them hitting it with the entire list of known names in alphabetical order.

So if you use john@, johndoe@, jdoe@, johnd@ etc... they'll get all of your addresses by process of elimination.

[A930Rocket]

I just changed all my passwords, so we will see if that helps.

BTW, it's so dumb that I change it on Outlook, then Bellsouth, then I have to change it at Yahoo...

[billybek]

Most of the students at work will use Gmail or Hotmail while they are attending their classes. It seems like someone had their email account mined as I am getting 5 to 10 spam messages a day now.
The server catches and quarantines them but I still am notified.

[A930Rocket]

So much for changing the password. I got two more this am...

[masraum]

Yeah, like I said, I can send an email from an account and change the "from" field to say anything that I want. That is REALLY easy, childsplay. It's about 1000x easier than hacking someone's account and sending mail from their account. Spammers are more likely to find an email server that has unsecure access that allows folks to send emails without a username and password than they are to "hack" someone's account and send email through that account (although that does happen).

Someone got a hold of a list of emails and will use those addresses even if they don't have any access to the accounts of those emails. Now, there's not much that you can do to fix it I'm afraid.

[masraum]

more reading
E-mail spoofing - Wikipedia, the free encyclopedia

How can you tell if email is spoofed or legit? :: Online Tech Support Help :: Ask Dave Taylor!®

Spam from your friends: spoofed and hacked e-mail

Spam emails to my friends - Microsoft Answers

spam emails spoofing friend's email addresses • mozillaZine Forums

Spoofed/Forged Email

[A930Rocket]

Here's what I have. Another email had another email address of mine.

What does it mean? (I'm computer impaired).

X-Apparently-To: XXX@bellsouth.net via 68.180.196.151; Fri, 16 Sep
2011 01:28:47 -0700
X-YahooFilteredBulk: 64.12.206.42
Received-SPF: pass (domain of aol.com designates 64.12.206.42 as permitted
sender)
X-YMailISG: dTX77Y4WLDt5c8wwqVGqlIvekfKkZfm8T2tsXt8.s7z7kELk
imm4B3VMAAmbM2Sgn2ib5ltdMM.C8x7o1_UoGqGvJUeWDZez_X JaTQL9Eu.x
c6KP3B_FWhFe95nqWm761aD42mExz2o2IyABngI4M.WoM2MWNE M868kEH9mO
aWNogeCBqSSmm6Npm2fI6ajrtzQiGIYOnuOFhDiXXr7jfLTeSh DytmCf9oGA
28yQoZUrZzp7ZmUS1LMTv3BhyUAL_XzVwJTUSYE1WJfQGzP4ha 3zP7jORRaG
lwNWdbQJMOXovcDHBLEBg3e420rsBTddG1bj.lrCA1plbhSWrR z6AljOUAbP
sxGgEYJG2bE5ce6sqLkkvreMkiY6cnr1Kb43pfcz4FSIOWdlqv VlYllHF.8T
faAtVfKkz9VG2bt6ww8Cr1Lg6ItvcPOhcvIlZXGi8XI2G2LTZp qr4UREH4Cu
MHOBRP4.T9VYy9pfnSvafcWT7pxNB9k.8RuNyRiM6hBaS758pQ--
X-Originating-IP: [64.12.206.42]
Authentication-Results: mta1051.sbc.mail.sp1.yahoo.com from=aol.com; domainkeys=neutral (no sig); from=aol.com; dkim=neutral (no sig)
Received: from 207.115.11.34 (EHLO fgateway03.isp.att.net) (207.115.11.34)
by mta1051.sbc.mail.sp1.yahoo.com with SMTP; Fri, 16 Sep 2011 01:28:47 -0700
Received: from imr-ma04.mx.aol.com ([64.12.206.42])
by isp.att.net (frfwmxc04) with ESMTP
id <20110916082847M0400jq0i7e>; Fri, 16 Sep 2011 08:28:47 +0000
X-Originating-IP: [64.12.206.42]
Received: from mtaomg-mb02.r1000.mx.aol.com (mtaomg-mb02.r1000.mx.aol.com
[172.29.41.73])
by imr-ma04.mx.aol.com (8.14.1/8.14.1) with ESMTP id p8G8SKtw030056;
Fri, 16 Sep 2011 04:28:20 -0400
Received: from core-dkc005c.r1000.mail.aol.com (core-dkc005.r1000.mail.aol.com [172.29.178.31])
by mtaomg-mb02.r1000.mx.aol.com (OMAG/Core Interface) with ESMTP id B5378E00008A;
Fri, 16 Sep 2011 04:28:19 -0400 (EDT)
To: _southern_whisper@yahoo.com, 1ink@alwaysreadyink.com,
3049419616@txt.att.net, 8034936627@vzwpix.com,
8433023935@messaging.nextel.com, 8434081110@vtext.com,
8438602010@VTEXT.COM, 9109205104@txt.att.net,
a.cowart.05753@ttc.mailcruiser.com,
A.Place.for.Mom@rightchoiceformom.com, a_southern_whisper@yahoo.com,
XXX@bellsouth.net, abailey944@comcast.net, accounts@wachovia.com,
acfchefbaase@yahoo.com, acfpresident@mtcuisine.com, ackboy@yahoo.com,
acre321@gmail.com, adam-winters@hotmail.com, admin@luciddragon.com,
admin@speedyball.com,
AdvancenoticefromFranchiseGator@trueromancespcl.co m,
aivinnie@hotmail.com, alerts@mta-permissionalerts.com,
alexiscsalazar@yahoo.com, alicet56@googlemail.com, allisonfic@live.com,
always_3xa_lady@yahoo.com, amiconegthwannohxze1979@hotmail.com,
amorph3@att.net, anderson.donnie33@yahoo.com, asap@asap-mail.com,
annscott8638102@yahoo.com, anthony.murray@tursucunuz.com
Content-Transfer-Encoding: quoted-printable
Subject: I am finally became Boss
X-MB-Message-Source: WebUI
X-MB-Message-Type: User
MIME-Version: 1.0


From: nickless00@aol.com
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Mailer: AOL Webmail 34122-MOBILE
Received: from 46.119.71.238 by Webmail-m114.sysops.aol.com (64.12.232.230) with HTTP (WebMailUI); Fri, 16 Sep 2011 04:28:19 -0400
Message-Id: <8CE4261B93E76DB-1534-FF33@Webmail-m114.sysops.aol.com>
X-Originating-IP: [46.119.71.238]
Date: Fri, 16 Sep 2011 04:28:19 -0400 (EDT)
x-aol-global-disposition: G
X-AOL-SCOLL-SCORE: 0:2:225366768:93952408
X-AOL-SCOLL-URL_COUNT: 0
x-aol-sid: 3039ac1d29494e7308a327e6




-----Original Message-----
From: nickless00@aol.com [mailto:nickless00@aol.com]
Sent: Friday, September 16, 2011 4:28 AM
To: _southern_whisper@yahoo.com; 1ink@alwaysreadyink.com; 3049419616@txt.att.net; 8034936627@vzwpix.com; 8433023935@messaging.nextel.com; 8434081110@vtext.com; 8438602010@VTEXT.COM; 9109205104@txt.att.net; a.cowart.05753@ttc.mailcruiser.com;
A.Place.for.Mom@rightchoiceformom.com; a_southern_whisper@yahoo.com; XXX@bellsouth.net; abailey944@comcast.net; accounts@wachovia.com; acfchefbaase@yahoo.com; acfpresident@mtcuisine.com; ackboy@yahoo.com; acre321@gmail.com; adam-winters@hotmail.com; admin@luciddragon.com; admin@speedyball.com; AdvancenoticefromFranchiseGator@trueromancespcl.co m;
aivinnie@hotmail.com; alerts@mta-permissionalerts.com; alexiscsalazar@yahoo.com; alicet56@googlemail.com; allisonfic@live.com; always_3xa_lady@yahoo.com; amiconegthwannohxze1979@hotmail.com;
amorph3@att.net; anderson.donnie33@yahoo.com; asap@asap-mail.com; annscott8638102@yahoo.com; anthony.murray@tursucunuz.com
Subject: I am finally became Boss

I used to borrow money from all my friends my mind has been racing this helps me stay a step ahead of everyone else.
Unlimited Broadband | 24Mb High Speed Broadband - TalkTalk
&url=http://364jobs.net/esubmit/bizopp_hw.php
im on my way to the top check out the details You will love me for this!

[A930Rocket]

Good reading Steve. Thanks!

[pwd72s]

Sometimes it can be funny...We got such a spam email from Cindy's cousin Rich. He a Christian Church Preacher in his early 70's. The email was pushing porn videos...I laughed my ass off...

[Revvin 911S]

Its a good idea to set up a separate free email account like gmail yahoo ect just to use for things like craigslist. I have a gmail account that is only used for things like that so that if spam/hacking problems arise none of the email addresses for my friends/family are in the account. The amount of spam replies on craigslist is pretty bad though. I'm selling an Acura on it right now and have been getting several bs replies with people wanting me to click random links ect.

[chococrazy]

Definately looks hacked. The email account nickless00@aol.com is sending from Ukraine
I would email aol to see if they can set a log on block on to your email (probably won't, but worth a shot) for all ip's with
46.119.XX.XXX
Or all out of country IP's

EDIT: What cellphone do you have? Is it setup to receive your email, because more often than that hacked emails that get mined are ghosted or spoofed to show from a cellphone.

Quote:

Results for 46.119.71.238 :

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '46.119.71.0 - 46.119.71.255'

inetnum: 46.119.71.0 - 46.119.71.255
netname: DHCP-FTTB-KRR-46-119-71-GTUA
descr: Golden Telecom
country: UA
org: ORG-SOGT1-RIPE
admin-c: GTUA-RIPE
tech-c: GTUA-RIPE
status: ASSIGNED PA
mnt-by: GTUA-MNT
mnt-lower: GTUA-WO-MNT
mnt-domains: GTUA-ZONE-MNT
mnt-routes: GTUA-RT-MNT
source: RIPE # Filtered

organisation: ORG-SOGT1-RIPE
org-name: Golden Telecom LLC
org-type: LIR
address: Golden Telecom LLC
Natalia Pigorova
15/15/6 V. Khvojki str.
04080 Kiev
UKRAINE
phone: +380 44 490 0000
fax-no: +380 44 490 0048
admin-c: IG855-RIPE
admin-c: NP1533-RIPE
admin-c: KSA2-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: GTUA-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered

role: Golden Telecom Ukraine NOC
address: Golden Telecom
address: 4 Lepse blvr
address: Kiev, 03067, Ukraine
phone: +380 44 4900000
fax-no: +380 44 4900048
remarks: All abuse notifications have to be sent on:
abuse-mailbox: security@svitonline.com
admin-c: KSA2-RIPE
admin-c: NP1533-RIPE
tech-c: KSA2-RIPE
tech-c: AP8772-RIPE
nic-hdl: GTUA-RIPE
mnt-by: GTUA-MNT
source: RIPE # Filtered

% Information related to '46.118.0.0/15AS12530'

route: 46.118.0.0/15
descr: GTU network
origin: AS12530
mnt-by: GTUA-RT-MNT
source: RIPE # Filtered

% Information related to '46.119.64.0/18AS12530'

route: 46.119.64.0/18
descr: KrivoyRog FTTB address space, subnet #1
origin: AS12530
mnt-by: GTUA-RT-MNT
source: RIPE # Filtered

[A930Rocket]

I use an iPhone 3G.

The same day I got the email above, I received an email from Linkedin suggesting people I might know for contacts. Not unusual, but the first name was a guy named xxxx Nickless. A coincidence that the spam email was from Nickless00@aol.com or related some how?