ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Spammer Question with Webmail server

(1/4) > >>

wraith808:
My wife has a yahoo account, and every so often, people get spam that looks like it came from her.

It isn't in her outbox, and the headers look like it came from Yahoo servers, but it does include contacts from her contacts list?

Do spammers harvest e-mails/passwords and then use the mail servers directly?  Is that even possible with webmail, and is it a practice that anyone has seen?

I've advised her to change her password, but I was just wondering for general information.

Thanks!

40hz:
The only time I ran into that was when a client had her personal Yahoo account hijacked and was spamming everybody in her (very large) contact list. But whoever did it also changed her password thereby locking her out. And the spam was so ridiculous that it was obviously from somebody else. So it was pretty obvious somebody was playing games with her account. Unfortunately, working with Yahoo to get her access back was a study in patience and aggravation.

Email headers can be spoofed however, so it doesn't automatically follow that the header info reflects the actual origin of the email in question. Email addresses can be harvested as well so that's not anything unusual. But having her header on spam to one of her contacts is somewhat bothersome.

She should definitely change her passwords - and enable two factor authentication if she's in the habit of getting her email in public places - or going through coffee shop and other insecure public routers. She should also do the usual checks for resident malware on all the devices she uses for email.

If it's only occasional, and the frequency of occurrence isn't increasing, I wouldn't be too concerned.

In my client's case, her problems started shortly after she used a machine at one of her own client's offices to access her email via the web. There was something on that machine that likely scooped her credentials, and it was downhill from there for her.

That's about all I can suggest. Luck!

wraith808:
Thanks for the suggestions!

mouser:
I don't have any answers but to a casual receiver, anyone can make email look like it came from anyone else.

wraith808:
I received it, and am not exactly casual :)  I can't decipher the yahoo DKIM, but it looks the same as one that's legitimately from her, and a couple of the keys for the yahoo SMTP server are exactly the same.  Wouldn't that tend to mean in some way it came through their server?  Or can someone legitimately sign the DKIM with someone else's SMTP key?

Navigation

[0] Message Index

[#] Next page

Go to full version