Slight feeling you've been hacked

General discussion re sg.

Slight feeling you've been hacked

Postby Skeeve » Mon Mar 07, 2016 9:14 pm

Hi!

I have a slight feeling that you've been hacked. I receive so many spam mails on mail addresses I only used for companies/forums where I trust they didn't gave them away, that I think it can't different.
Skeeve
 
Posts: 38
Joined: Tue Jun 01, 2004 9:46 pm

Re: Slight feeling you've been hacked

Postby Skeeve » Sun Mar 20, 2016 1:59 pm

Okay… Seems no one cares…
Skeeve
 
Posts: 38
Joined: Tue Jun 01, 2004 9:46 pm

Re: Slight feeling you've been hacked

Postby Bunchan » Fri Mar 25, 2016 1:53 pm

I'm also concerned about the spam I have received recently at my Spamgourmet e-mail addresses.

Different spam messages use different Spamgourmet addresses, but the from and to fields in each individual message appear to be the same -- i.e., from me and to me.

Another odd characteristic of the spam I get is that the allowed message count on the Spamgourmet addresses is 0. That is, Spamgourmet should block the spam before it gets to my mail server. I tested one of these Spamgourmet addresses by sending a message to myself at the relevant 0-count address, and Spamgourmet correctly blocked the message. But, somehow, the spammer's messages get through.

I think the addresses that my mail reader shows can be faked (i.e., different from the actual addresses used by the sender), but I don't know how to identify the actual mail routing details. I'm also concerned that if I try to do that, I might accidentally open a dangerous payload/attachment in the message.

During the many years I have used Spamgourmet, I have never seen behavior like this. In the past, spam addressed to any of my Spamgourmet addresses appeared to result from isolated privacy breaches in the businesses I work with and not in Spamgourmet itself. I use a unique Spamgourmet address for each of those businesses. When I get thousands of spam messages addressed to one of those Spamgourmet addresses, it's pretty obvious that the blame for the spam lies with the business and not with Spamgourmet. And, in the past, it was easy to stop the spam by zeroing the allowed message count for the affected addresses.

The recent spam problem has different symptoms that are very worrisome. I think either (1) Spamgourmet has been hacked, or (2) malware has infected my PC and is somehow harvesting and using my Spamgourmet addresses. Is it possible to get any useful advice about correcting this problem?
Bunchan
 
Posts: 3
Joined: Fri Oct 25, 2013 2:51 pm

Re: Slight feeling you've been hacked

Postby Bunchan » Fri Mar 25, 2016 4:55 pm

Update to my previous message:

I'm looking for patterns or any other details that might help clarify what's causing the recent spam issues, so instead of immediately deleting spam that appears to be to/from Spamgourmet, I'm saving it (but being careful not to open it).

This morning, so far, I have received 2 spam e-mails that are associated with 2 different Spamgourmet addresses but appear to have the same content. Both were flagged by Norton AntiSpam, and both contain malware identified as JS.Downloader by Norton.

In the details below, I use "mySGaccount" to refer to my Spamgourmet user name, which is prefixed with unique strings for each business with which I exchange e-mail. I use "aaa" and "bbb" to represent these unique prefixes.

E-mail #1: Appears to be both from and to aaa.mySGaccount@spamgourmet.com. Subject line is "[Norton AntiSpam]FW:Invoice Copy (trusted: spamgourmet.com)".

E-mail #2: Appears to be both from and to bbb.mySGaccount@spamgourmet.com. Subject line is "[Norton AntiSpam]SPAM: FW: Invoice Copy (trusted: spamgourmet.com)".

Looking at my account information on spamgourmet.com, I see that neither of these addresses is in my trusted senders list. And both addresses have had zero allowed messages for a long time.

Now, if I understand how trusted senders work, I think it's possible that a *different* trusted sender (which is not shown in the spam e-mail to/from fields) could be sending the spam to the addresses that are visible when I receive the e-mail (aaa.mySGaccount@spamgourmet.com and bbb.mySGaccount@spamgourmet.com). Is it correct that in a scenario like this, it would not matter that the aaa and bbb addresses are not trusted and have zero allowed messages left? Is this likely to be a correct description of how the recent spam is penetrating Spamgourmet?

I'll probably start deleting as many of my trusted senders as I can. It would be helpful to know how likely this is to solve the problem. I would also like to understand better whether Spamgourmet or my PC has been compromised. For example, if the spam originates from one of my trusted senders, how does that sender know the other Spamgourmet addresses I use?
Bunchan
 
Posts: 3
Joined: Fri Oct 25, 2013 2:51 pm

Re: Slight feeling you've been hacked

Postby End User » Tue Mar 29, 2016 6:47 pm

Bunchan - Please see the posted reply to your post under the Support section of this forum. Hope it helps!
End User
 
Posts: 19
Joined: Sun Jan 13, 2013 8:25 pm


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 24 guests

cron